Configuring a Google Drive for Work Security Provider
Note: You can get familiar with how Coveo components deal with permissions on documents
both at indexing and query time
To configure a Google Drive for Work security provider
-
On the Coveo server, access the Administration Tool (see Opening the Administration Tool).
-
Select Configuration > Security.
-
In the navigation panel on the left, click Security Providers.
-
In the Security Providers page, click Add to create a new security provider.
-
In the Modify Security Provider page:
-
Configure the following required parameters:
-
Name
-
Choose a meaningful name to identify the security provider.
Example: Google Drive for Work Security Provider
-
Security Provider Type
-
In the drop-down list, select Google Apps (x64).
-
User Identity
-
In the drop-down list:
-
CES 7.0.7433+ (February 2015) Select (none).
-
CES 7.0.7338– (January 2015) Select the user identity that you selected or created previously (see Google Drive for Work Connector Deployment Overview).
-
-
Activate domain-wide mode
-
You must select this option when you plan to use this security provider with a Google Drive (Google Apps) source type.
-
Security Provider
-
Select the security provider that you selected or created to allow this security provider to resolve and expand the groups (see Google Drive for Work Connector Deployment Overview).
-
Enter the domain that you want to index. When your Google Apps account contains more than one domain, you can enter a semicolon-separated list of domains to index. The security provider will resolve and expand groups for the specified domain(s).
Examples:
-
One domain: mysubdomain.mycompany.com
-
Multiple domains: myfirstdomain.com;myseconddomain.com
Important: The domain(s) specified in this list must match the one(s) specified in the source Domain(s) list (see Configuring and Indexing a Google Drive for Work Source).
-
-
-
CES 7.0.7433+ (February 2015) Configure the following required parameters:
Enter the service account Email address previously obtained (see Authorizing the Coveo Connector to Access Your Google Drive).
Example: 12345678901@developer.gserviceaccount.com
Note: CES 7.0.7599+ (April 2015) This parameter is no longer required and can be left empty when you use the CertificateFileData hidden parameter (see CertificateFileData).
Enter the path on the Coveo Master server where you saved the previously obtained service account's PCKS12 private key file (see Authorizing the Coveo Connector to Access Your Google Drive).
Example: D:\CES7\Config\1234ab8e315e67a89e02f16ea38bd44d609471ff-privatekey.p12
Enter the domain admin account email used to obtain the list of users in the domain.
Example: admin@domain.com
-
CES 7.0.7599+ (April 2015) (Optional) Click Add Parameter and then use the following hidden parameter when you let the Certificate File Path parameter box empty:
-
The service account's PKCS12 private key file data encoded in Base64. The default value is null.
Notes:
-
You need to open the certificate in a text editor and use an encoding application such as Motobit to convert the certificate content to the Base64 format.
-
This parameter is only used when the Certificate File Path parameter box is empty (see Certificate File Path).
-
-
Leave the Allow Complex Identities cleared as it does not apply to this type of security provider.
-
Click Apply Changes.
-
What's Next?
Create and index a source (see Configuring and Indexing a Google Drive for Work Source).