Product DocsMenu

Configuring a Google Drive for Work Security Provider

The Coveo Google Drive for Work connector fully supports the Google security model. When you want users searching for Google Drive content in a Coveo search interface to only see the content to which they have access in Google Drive, the connector needs a security provider to be able to index the permissions for each indexed Google Drive item.

Note: You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time (see Security) .

To configure a Google Drive for Work security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. Select Configuration > Security.

  3. In the navigation panel on the left, click Security Providers.

  4. In the Security Providers page, click Add to create a new security provider.

  5. In the Modify Security Provider page:

    1. Configure the following required parameters:


      Choose a meaningful name to identify the security provider.

      Example: Google Drive for Work Security Provider

      Security Provider Type

      In the drop-down list, select Google Apps (x64).

      User Identity

      In the drop-down list:

      Activate domain-wide mode

      You must select this option when you plan to use this security provider with a Google Drive (Google Apps) source type.

      Security Provider

      Select the security provider that you selected or created to allow this security provider to resolve and expand the groups (see Google Drive for Work Connector Deployment Overview).

      [Domain-wide mode] Managed domains

      Enter the domain that you want to index. When your Google Apps account contains more than one domain, you can enter a semicolon-separated list of domains to index. The security provider will resolve and expand groups for the specified domain(s).


      • One domain:

      • Multiple domains:;

      Important: The domain(s) specified in this list must match the one(s) specified in the source Domain(s) list (see Configuring and Indexing a Google Drive for Work Source).

    2. CES 7.0.7433+ (February 2015) Configure the following required parameters:

      Service Account Email Source

      Enter the service account Email address previously obtained (see Authorizing the Coveo Connector to Access Your Google Drive).


      Certificate File Path Source

      Note: CES 7.0.7599+ (April 2015) This parameter is no longer required and can be left empty when you use the CertificateFileData hidden parameter (see CertificateFileData).

      Enter the path on the Coveo Master server where you saved the previously obtained service account's PCKS12 private key file (see Authorizing the Coveo Connector to Access Your Google Drive).

      Example: D:\CES7\Config\1234ab8e315e67a89e02f16ea38bd44d609471ff-privatekey.p12

      Domain Administrator Email Source

      Enter the domain admin account email used to obtain the list of users in the domain.


    3. CES 7.0.7599+ (April 2015) (Optional) Click Add Parameter and then use the following hidden parameter when you let the Certificate File Path parameter box empty:


      The service account's PKCS12 private key file data encoded in Base64. The default value is null.


      • You need to open the certificate in a text editor and use an encoding application such as Motobit to convert the certificate content to the Base64 format.

      • This parameter is only used when the Certificate File Path parameter box is empty (see Certificate File Path).

    4. Leave the Allow Complex Identities cleared as it does not apply to this type of security provider.

    5. Click Apply Changes.

What's Next?

Create and index a source (see Configuring and Indexing a Google Drive for Work Source).

People who viewed this topic also viewed