Community

Product DocsMenu

Configuring an Active Directory Security Provider

You must use an Active Directory (AD) security provider when you create a source to index the content of an Active Directory domain (see Configuring and Indexing an Active Directory Source). Other security providers may need to use an Active Directory security provider to expand, map, or resolve users or groups defined in Active Directory.

Coveo Enterprise Search (CES) comes with a default Active Directory security provider to which no user identity is assigned. In this case, the Active Directory security provider takes the CES service account as the user to access AD. When CES is in the same domain as AD, you can use the default Active Directory security provider as is. No configuration is needed.

You may need to create another Active Directory security provider only when CES and AD are in different and untrusted domains. In this case, you only need to assign a user identity containing any user that has access to the other domain to be able to use the security provider to expand, map, or resolve users or groups defined in Active Directory of this domain.

Note: You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time (see Security) .

To create or modify an Active Directory security provider

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. Select Configuration > Security.

  3. In the navigation panel on the left, select Security Providers.

  4. In the Security Providers page:

    • Click Add to create a new security provider.

      OR

    • Click an existing Active Directory security provider to modify it.

  5. In the Modify Security Provider page:

    1. In the Name box, enter a name to identify this security provider.

    2. In the Security Provider Type drop-down list:

      1. On a 32-bit server, select Active Directory (x86).

      2. On a 64-bit server, select Active Directory (x64).

    3. In the User Identity section:

      1. In the drop-down list, select a user identity containing an account that has access to the desired domain.

        Example: When the user identity contains the domainA\OneUsername account, the security provider connects to Domain A Active Directory.

        Note: When User Identity is set to (none), the security provider takes the CES service account by default.

      2. When needed, click Add, Edit, or Manage user identities respectively to create, modify, or manage user identities.

    4. CES 7.0.7338+ (January 2015) In the Email Provider section:

      1. In the drop-down list, select the email provider that recognizes your users by their email addresses (see Configuring an Email Security Provider) .

        Note: When you do not want to map Active Directory (AD) users to their email, select (none).

      2. When needed, click Add, Edit, or Manage security providers respectively to create, modify, or manage email security providers.

    5. In the Parameters section, in rare cases the Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to troubleshoot security provider issues.

    6. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

    7. Click Save or Apply Changes, depending whether you are creating or modifying a security provider.

What's Next?

When you are creating or modifying the security provider:

People who viewed this topic also viewed