Community

Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Connectors > Jive Connector > Configuring a Security Provider

Configuring a Jive Security Provider

The Jive connector can index Jive 6+ permissions to ensure that in search results, users only see Jive content they are allowed to see directly in Jive.

When you choose to index permissions, the connector requires a security provider to resolve Jive user and group permissions and optionally to map them to Active Directory or Email identities.

When you do not want to index permissions, skip this section.

Notes:

To configure a Jive security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. Select Configuration > Security.

  3. In the navigation panel on the left, click Security Providers.

  4. In the Security Providers page, click Add to create a new security provider.

  5. In the Modify Security Provider page:

    1. In the Name box, enter a name to identify this security provider.

      Example: Jive Security Provider

    2. In the Security Provider Type drop-down list, select Jive (x64).

      Note: You should not confuse the Jive security provider with the Jive 5 / SBS / Clearspace security provider that must be used with Jive versions older than Jive 6.0.

    3. In the User Identity section:

      1. In the drop-down list, select the user identity that you selected or created previously.

      2. When needed, click Add, Edit, or Manage user identities respectively to create, modify, or manage user identities.

    4. In the Jive Server URL box, enter your Jive server base address.

      Example: http://acme.community.com

    5. Configure the identity type to which the Jive security provider maps Jive users depending on your CES version:

      • CES 7.0.7711+ (June 2015) In the Security Provider drop-down list, optionally select another security provider to allow the Jive security provider to map Jive accounts to another user type with which people are authenticated when they perform a search:

        • Select (none) when you do not want to map Jive users to another user type.

        • When the Jive LDAP is synchronized with an Active Directory, select the out-of-the-box Active Directory security provider to map Jive users to AD users.

        • When a primary email is defined for all users in Jive and they are authenticated with this email when they perform a search in your CES search interface, select the Email security provider you previously created (see Jive Connector Deployment Overview).

      • CES 7.0.7599– (April 2015)

        1. (Optional) Select the Map Jive Users to Active Directory Users check box when you want Microsoft Windows users to be able to see Jive content in search results without having to log in with their Jive credentials in the search interface.

          Clear this option when you want to allow Jive users to search for Jive secured documents in a non Microsoft Windows environment. In this case, you also need to add the security provider to your Jive search interface to allow users to log in to Jive in the search interface to be able to see Jive secured documents in search results (see Adding Security Providers to a .NET Search Interface).

          Note: When this option is selected, permissions are stored in the index as Active Directory identities rather than as Jive identities.

        2. When you select the Map Jive Users to Active Directory Users check box, in the Security Provider for Jive User Mapping section:

          1. In the drop-down list, select the Active Directory security provider that the Jive security provider will use to map Jive users and groups to Windows users and groups.

          2. When needed, click Add, Edit, or Manage security providers respectively to create, modify, or manage security providers.

    6. (Optional) When you select the Active Directory security provider (CES 7.0.7711+ (June 2015)) or when you select the Map Jive Users to Active Directory Users check box (CES 7.0.7599– (April 2015)) in the previous step, you must also configure the following two parameters that work together to build the Windows identity from the Jive identity (otherwise leave the default values):

      1. In the Regular Expression matching Jive Usernames box, enter a regular expression that matches against Jive usernames. If you leave this box empty, the Windows identity will be a copy of the Jive identity.

        Example: The default value matches an email address and captures the part before the @ character:
        ([\w-\.]+)@((?:[\w]+\.)+)([a-zA-Z]{2,4})

      2. In the Replacement string for Active Directory Usernames box, enter the pattern for Active Directory identities using regular expression group substitutions in the $[n] form.

        The string $1 stands for the first group captured by the regular expression specified in the Regular Expression matching Jive Usernames box, while $2, $3, etc. stand for subsequent groups.

        Example: Your Jive and Windows identities are respectively in the MyName@MyCompany.com and MyCompany\MyName forms.

        Enter $2\$1 in the Replacement string for Active Directory Usernames parameter to build the Windows identities with a regular expression such as ([\w-\.]+)@([\w]+)\.[a-zA-Z]{2,4} in the Regular Expression matching Jive Usernames parameter.

    7. CES 7.0.5556+ (June 2013) Select the Jive Instance Allows Anonymous Access option when you want to map the Jive Everyone user to the Active Directory Everyone user. This check box is cleared by default.

    8. CES 7.0.8388+ (June 2016) Select the Expand All Registered Users System Group option when you want the security provider to treat the All Registered Users group in Jive as a security group that needs to be expanded. This check box is cleared by default, meaning that All Registered Users is considered as a well-known group (containing all users of a Jive space). Consider selecting the option when you assign the group in item permissions.

      Note: Selecting the option can impact the security cache performance if the number of group members increases rapidly.

      When the group contains thousands of users, it is recommended to set the MaxAllowedTimeWithoutProgress hidden parameter to a large value (ex: 600 seconds) [see Hidden Parameter Section]. The default value is 300 seconds.

    9. In the Security Group Cache Expiration Delay box, leave the default value (2 minutes) unless Coveo Support is instructing you to change it. This parameter sets the amount of idle time after which the crawler should flush its cache of security groups.

    10. In the Parameters section, in rare cases the Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to troubleshoot security provider issues.

    11. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

    12. Click Apply Changes.

What's Next?

Configure and index a Jive source (see Configuring and Indexing a Jive Source).

People who viewed this topic also viewed