Configuring a REGEX Transformation Security Provider
Some kind of rule must allow to transform the member name from its input format to the output format using regular expressions. You must be proficient with regular expressions to configure this type of security provider.
Example: You have a Google Drive source in which account names are user emails (username@mycompany.com), but your users are authenticated with their Active Directory (AD) account (mycompany\username) when they access a Coveo search interface. For users to be granted to see Google Drive documents in search results, document permissions must be associated to their AD account, otherwise, no results will be returned.
As shown in the following diagram, you can accomplish this by configuring your Google Drive source to get permissions from a Google Drive security provider that sends output members to the REGEX Transformation security provider, which finally outputs transformed member names to the Active Directory security provider, so that at the end, the permissions of the Google Drive account are available in the security cache for the equivalent AD account.
Note: You can get familiar with how Coveo components deal with permissions on documents
both at indexing and query time
To configure a REGEX Transformation security provider
-
On the Coveo server, access the Administration Tool (see Opening the Administration Tool).
-
Select Configuration > Security.
-
In the Security page, in the navigation panel on the left, click Security Providers.
-
In the Security Providers page, click Add to create a new security provider.
-
In the Modify Security Provider page:
-
In the Name box, enter a name to identify this security provider.
Example: If you configure the security provider to transform names from the email format to the AD format:
Email to AD REGEX Transform
-
In the Security Provider Type drop-down list, select Coveo Member Name Regex Transformation.
-
In the User Identity drop-down list, leave the selection to (none), because this parameter is not applicable to this type of security provider.
-
In the Security Provider section, select the output security provider to which transformed names will be sent.
Example: When this security provider output name format is AD, select the out-of-the-box Active Directory security provider.
-
In the Match regex (input) box, enter the regular expression to match and select appropriate parts of your input name format.
Example: To match parts of an email address:
([\w-\.]+)@((?:[\w]+\.)+)([a-zA-Z]{2,4})
-
In the Replace regex (output) box, enter the replacement regular expression for your output name format.
Example: To convert the email name to an Active Directory name for the mycompany domain:
mycompany\$1
Important: Fully test your matching and replacement regular expressions to ensure they transform member names as expected for all member name cases.
-
Select the Case sensitive users check box when the account names are case sensitive.
-
CES 7.0.8996+ (June 2017) Select the Only Map Matched Members check box if you wish to map only members whose name matches the regex specified by the Match Regex (Input) parameter.
-
In the Parameters section, in rare cases, Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to resolve or troubleshoot security provider issues.
-
Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.
-
Click Apply Changes.
-
What's Next?
Assign this REGEX Transformation security provider as an output for the appropriate other security provider.