CPA 2.0

Last Updated: April 28, 2026

This topic provides an overview of the capabilities and supported devices for the latest version of the Vasion Control Panel Application (CPA).

Universal Requirements

Each multifunction printer (MFP) manufacturer has specific requirements for successful CPA 2.0 installation. The following are universal requirements for all manufacturers:

Have admin login access to the printer. Installing the app is equivalent to changing the MFP settings, which requires login verification.
The printer must have the latest firmware version.
Turn on the Printer Apps service on the Service Client, and confirm that the PrinterLogicServicePrinterApp.exe service is running.
Confirm that the HTTPS certificate matches the Service Client device hostname or IP address. For more details refer to Service Client Setup.
For Windows Service Clients, ensure that Visual C++ Redistributable for Visual Studio 2015 or later is installed.

You must install both the x86 and x64 redistributable packages. You can download these packages from the Windows Download Center.
Turn on Simple Network Management Protocol (SNMP) status monitoring. For more details refer to SNMP Status Monitoring.
All devices, including the Service Client, printers, etc., must be able to reach the Domain Name System (DNS) server and resolve names.
If using Pull Print, create a pull printer.
If using Direct Secure Release, configure secure release printers.
Configure Lightweight Directory Access Protocol (LDAP) domain or identity provider (IdP) authentication. The CPA requires an IdP service. For more details refer to LDAP Domain and Identity Providers (IdPs).
- Environments using an IdP must have email addresses assigned to users in the IdP, or the CPA login fails.

Certificate Requirements

If you are using self-signed certificates, ensure that the root Certificate Authority (CA) is installed on the printer. Some manufacturers have additional certificate requirements.

Transport Layer Security (TLS) Settings

Vasion improves its services frequently to maintain and increase security levels around features, including additional TLS settings to promote CPA installation and communication using a higher TLS version and JSON Web Token (JWT) authorization. Turning on higher security forces reinstallation of the CPA on all devices using TLS 1.2. Not all printer models support higher TLS versions, which affects installation. Monitor reinstallation from the printer's Apps tab or the CPA Manager.

Do the following to install the CPA using higher security:

Go to Tools Settings General, and scroll down to the Control Panel Application section.
In the Security Settings section, select Enable higher security.
Select Enable in the modal.

Turning on this setting reinstalls all CPAs on all printers.
Select Save in the upper-right corner.

The CPA attempts reinstallation using TLS 1.2.

Allow Lower Security TLS During Installation

Do the following if the reinstallation fails with the higher security setting turned on:

Confirm that the printer supports TLS 1.2.
If the printer supports only TLS 1.0 and you accept the security risk, select the Allow lower-security TLS during installation option before reinstalling.

This setting allows only TLS 1.0 during the CPA installation process. After installation, all CPA processes and communication use secure channels and ports.

Apps Tab

Follow these steps:

On the printer object's Apps tab, locate the Legacy Installation Option for Older Printers section.
Select the checkbox for Allow lower-security TLS during installation.
Select Save to restart the CPA installation allowing TLS 1.0.

CPA Manager

Follow these steps:

On the Service Client's Printer Apps tab, confirm that the error appears in the Status column.
Select the checkboxes for the affected printers.

When you add multiple printers, they must all be from the same manufacturer.
Select the Actions dropdown menu, and then select Modify.
Select the checkbox for Allow lower-security TLS during installation.
Select Save to restart the CPA installation allowing TLS 1.0.

TLS and Simplified Scanning

This option adjusts the installation and general communication between all printers and the Service Client to allow TLS 1.0. Simplified Scanning features might not function on devices that do not support TLS 1.2 or later. Turning on this option is not recommended and is meant for only customers with legacy equipment that does not function with a later version. By turning on this setting, you accept the risk of an insecure method of network traffic.

Follow these steps:

On the Service Client's Printer Apps tab, confirm that the error appears in the Status column.
In the TLS Settings section above the Printers list, select Allow lower TLS security settings for printer apps.
Select Save in the upper-right corner.

Installation and general communication between printers and the Service Client tries using TLS 1.2 first but then allows TLS 1.0 if communication fails with the higher version.

Service Log Level Section

The Service Log Level section on the Printer Apps tab changes which information is recorded in the printer apps logs. This feature requires Printer Apps version 25.4.4 or later. Use the dropdown menu to adjust logging as needed when troubleshooting your environment.

Choose from the following options:

Info: Default mode that shows information-level logging for running services, including errors and warnings.
Debug: Shows all messages, including info, debug, error, and warning messages.
Warning: Shows errors and warnings.
Error: Shows only errors.

Do the following to adjust the logging level:

Go to the Printer Apps tab of the Service Client that is running the Printer Apps service.
In the Service Log Level section, select the desired option.
Select Save in the upper-right corner.
Allow 1 minute for the change to take effect.

When you finish troubleshooting, change the log level to the recommended Error option, and save the change.

Supported Manufacturers, Devices, and Ports

Below is a table of supported manufacturers and devices. Select the manufacturer links for additional requirements, lists of communication ports, and setup instructions. For a list of supported devices, refer to Supported Printers for Printer Apps.

CPA Supported Manufacturers
Manufacturer	Authentication Methods	Multifunction Printers (MFPs)	Badge Readers	Features	Install & Uninstall Ports
Canon CPA 2.0	Badge. Manual login (non-single sign-on (SSO)). PIN. SSO.	Generation 3 models (imageRunner Advance). Latest DX models.	Elatec TWN4.** rf IDEAS.*	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 8000 and 8443.
Epson CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	Most Epson WF, PX, LP, and LX models. Refer to Supported Printers for Printer Apps.	Elatec TWN4. rf IDEAS. Omnikey.**	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 443.
Fujifilm CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	Apeos. ApeosPrint. Revoria Press. ApeosPro.	Fujifilm ICCR-B.**	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 58501.
Fuji Xerox CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	ApeosPort. ApeosPort-V. ApeosPort-VI. ApeosPort-VII.	Fuji Xerox IC.**	Copy / Scan Tracking. QR Code Display. Secure Release Print.	TCP 58501.
HP CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	FutureSmart 4 and 5 devices with a touch screen control panel that is at least 4.3 inches wide.	Elatec TWN4. rf IDEAS. HP Universal Proximity Card X3D03A.**	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	SOAP 7627.
Konica Minolta CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	Virtual Appliance is bEST certified. Refer to Supported Printers for Printer Apps.	Elatec TWN4. rf IDEAS. Omnikey. YSoft MFX. AU-205H.**	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 50003.
Kyocera CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	ECOSYS. TASKalfa. FS Series.	Elatec TWN4. rf IDEAS. Omnikey.** A Card Authentication Kit (CAK) license.	Copy / Scan Tracking. Secure Release Print. Simplified Scanning.	TCP 8083, 9090, and 9091.
Lexmark CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	All devices that support eSF6.0 or later.	Elatec TWN4. rf IDEAS.	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 443.
Ricoh CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	IM Series and MP series with a minimum of Smart Operating Panel 2.0 or later.	Elatec TWN3 and TWN4. rf IDEAS. HID Omnikey 5427 and 5428. Inepro.	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 443 and 51443 (hybrid).
Sharp CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	Essential Series. Advanced Series. Pro Series.	Elatec TWN4. rf IDEAS.	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 80, 443, 10080, and 10443.
Toshiba CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	Most e-STUDIO series devices. Refer to Supported Printers for Printer Apps.	Elatec TWN4. rf IDEAS. Omnikey.**	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 10443, 49629, and 49630.
Xerox CPA 2.0	Badge. Manual login (non-SSO). PIN. SSO.	AltaLink family. Versalink family. Workcentre family.	Elatec TWN4. rf IDEAS.	Copy / Scan Tracking. QR Code Display. Secure Release Print. Simplified Scanning.	TCP 443.

*If you use a USB badge reader to release print jobs, some Canon models require you to turn on the Use MEAP Driver for USB Input Device option in the USB Settings section.

**You must configure badge readers as keystroke readers and include a carriage return value at the end.