Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Connectors > Salesforce Connector > Configuring a Salesforce Security Provider

Configuring a Salesforce Security Provider

A Salesforce source requires a Salesforce security provider to index permissions on Salesforce items so that when end-users search for Salesforce content, in search results, they only see Salesforce items that they have permissions to see.


  • You do not need to perform this procedure when you want to index Knowledge Base articles. It is not possible to index Knowledge Base permissions so no Salesforce security providers is needed.

  • You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time (see Security) .

To configure a Salesforce security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. On the menu, select Configuration > Security.

  3. In the navigation panel on the left, select Security Providers.

  4. In the Security - Security Providers page, click Add.

  5. In the Modify Security Provider page:

    1. In the Name box, enter a name of your choice for your Salesforce security provider.

    2. In the Security Provider Type list, select Salesforce.

      Note: CES 7.0.5639– (July 2013) The Salesforce item corresponds to the source type now identified as Salesforce (Legacy) (see Salesforce Legacy Connector).

    3. In the User Identity list, select the user identity that you created for the Salesforce organization that you want to index (see Creating a Salesforce User Identity).

    4. In the Client Id box, paste the Customer Key value that you obtained earlier (see Getting Salesforce Client_ID and Client_Secret Values).

    5. In the Client Secret box, paste the Customer Secret value that you obtained earlier (see Getting Salesforce Client_ID and Client_Secret Values).

    6. Select the Sandbox check box only when you want to use this security provider with a source for a Salesforce sandbox ( rather than for your Salesforce production environment (

    7. Leave the Use Refresh Token check box cleared unless you want to use the refresh token authentication method. This method is typically used when an application configures the security provider (such as in the Coveo cloud platform).

    8. In the Working Folder box, you can change the default security provider working folder path (C:\tmp) when for example your Coveo server is equipped with a separate hard disk for temporary files (see Coveo Platform Hardware and Software Requirements).

    9. In the Security Cache Refresh Frequency box, consider changing the time interval (in minutes) at which the internal cache of the Salesforce security provider is refreshed. The default value is 60 minutes.

      The Salesforce security provider must refresh its internal cache to maintain the freshness of the Salesforce data used when the security cache is updated (see Refreshing Security Caches).

      Example: The internal cache of the Salesforce security provider contains the user profiles. If the profile of a user changes in Salesforce, the internal cache of the security provider must first be refreshed to make this change available for the next security cache update.

      Consider increasing the Security Cache Refresh Frequency value when you have more than 100,000 users. The rule of thumb is 60 minutes per 100,000 users.

      It is not recommended to reduce the value below 60 minutes to prevent increasing too much the number of API calls made to Salesforce.

    10. In the Email Security Provider list, select the Email, Active Directory, or custom security provider that you created earlier (see Salesforce Connector Deployment Overview).

    11. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

    12. Click Apply Changes.

What's Next?

Create your Salesforce source (see Configuring and Indexing a Salesforce Source).

People who viewed this topic also viewed