Product DocsMenu

Configuring a Microsoft Exchange Security Provider

The Coveo connector needs a security provider to be able to get the permissions for each Microsoft Exchange item, and therefore fully support the Microsoft Exchange security model. This means that, in a Coveo search interface, a user searching for Microsoft Exchange content only sees the content to which he has access in Microsoft Exchange.

Note: You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time (see Security) .

To configure a Microsoft Exchange security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. Select Configuration > Security.

  3. In the Security page, in the navigation panel on the left, click Security Providers.

  4. In the Security Providers page, click Add to create a new security provider.

  5. In the Modify Security Provider page:

    1. In the Name box, enter a name to identify this security provider.

      Examples:

      • Microsoft Exchange On-Premises Security Provider

      • Microsoft Exchange Hybrid Security Provider

    2. In the Security Provider Type drop-down list:

      • On a 32-bit server, select Exchange (x86).

      • On a 64-bit server, select Exchange (x64).

    3. In the User Identity section:

      1. In the drop-down list, select the user identity that you created previously for your Exchange On-Premises server or for your Exchange hybrid deployment sources.

        The security provider uses this identity to expand Exchange permissions. Ensure that the user has access to the Active Directory where Exchange users are defined, otherwise the document permissions will not be resolved and users authenticated in a Coveo search interface will not be able to see their emails in search results.

        When no identity is entered, by default the security provider takes the user which runs the CES service (see About the Coveo Admin Service) . A CES service user may not have access to Active Directory when it is the Local System account or a cross-domain user.

        Note: You can select (none) in the User Identity drop-down list in which case the security provider automatically takes the user identity selected on the source to which it is associated. When you do so, ensure the source user identity can resolve security groups.

      2. When needed, click Add, Edit, or Manage user identities respectively to create, modify, or manage user identities.

    4. In the LDAP Search Root box, enter the Lightweight Directory Access Protocol (LDAP) string to specify to the security provider where to start looking in Active Directory. When this parameter is not specified, the security provider looks at the root of Active Directory, which can be extremely large. By specifying a value, you can refine the search (see What Are LDAP Searches?).

      Example: To search only within the organizational unit (OU) companynameOU within the domain corp.companyname.com, enter:
      LDAP://OU=companynameOU, DC=corp, DC=companyname, DC=com

    5. In the Active Directory Security Provider drop-down list:

      1. Select the appropriate security provider that this security provider uses to resolve and expand the groups.

        CES comes with an Active Directory security provider that you can configure to connect to the default domain. When you environment contains more than one domain, you can select an Active Directory security provider that you created for other domains (see Configuring an Active Directory Security Provider).

      2. When an appropriate security provider is missing, click Add, Edit, or Manage security providers respectively to create, modify, or manage security providers.

    6. CES 7.0.6767+ (June 2014) (Optional - For Exchange Online deployment only) In the Exchange Online PowerShell Endpoint box, enter the PowerShell endpoint to retrieve mailboxes from Microsoft Exchange.

      Example: https://outlook.office365.com/powershell-liveid

      Note: CES 7.0.7814+ (August 2015) It is rather recommended to use the Azure AD Graph API to list the Exchange Online mailboxes (see Configuring and Indexing Microsoft Exchange Sources for an Online Deployment).

    7. CES 7.0.7022+ (September 2014) (Optional - For Exchange Online deployment only) In the Exchange Online Security Provider drop-down list, select the security provider used to resolve Exchange Online cloud users.

      Note: CES 7.0.7814+ (August 2015) It is rather recommended to use the Azure AD Graph API to list the Exchange Online mailboxes (see Configuring and Indexing Microsoft Exchange Sources for an Online Deployment).

    8. In the Parameters section, in rare cases the Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to troubleshoot security provider issues.

    9. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

    10. Click Apply Changes.

What's Next?

Configure and index a Microsoft Exchange source: 

People who viewed this topic also viewed