Creating a Claims to Email Security Provider for SharePoint Online
This security provider is useful either when you want to convert a claims identity to an email identity, or when you simply did not want to use a claims identity. The only requirement for the claims to email conversion to work is that the email your users enter to log in to SharePoint Online must match the email they use when logging into your Coveo search interface. The Claims to Email for SharePoint Online security provider was specifically designed for cloud environments where the identity is neither Claims nor Active Directory.
Notes:
-
The SharePoint, SharePoint Legacy, and OneDrive for Business (CES 7.0.8047+ (December 2015)) connectors can use the Claims to Email for SharePoint security provider type.
-
You can get familiar with how Coveo components deal with permissions on documents both at indexing and query time
To create a Claims to Email security provider for SharePoint Online
-
On the Coveo server, access the Administration Tool (see Opening the Administration Tool).
-
In the Administration Tool, select Configuration > Security.
-
In the navigation panel on the left, select Security Providers.
-
In the Security Providers page, click Add.
-
In the Modify Security Providers page:
-
In the Name box, enter a descriptive name of your choice for this security provider instance.
-
In the Security Provider Type drop down, select Claims to Email Security Provider for SharePoint Online.
-
In the User Identity drop-down list, select the user identity that you created to crawl your SharePoint Online (see Microsoft SharePoint Connector Deployment Overview or Microsoft OneDrive for Business Connector Deployment Overview).
-
In the Security Provider section:
-
In the drop-down list, select the provider that recognizes your users by their email addresses or active directory accounts (see Configuring an Email Security Provider or Configuring an Active Directory Security Provider).
Notes:
-
Blocked users (admin Office 365, active users, settings, sign-in status) are not expanded to email users.
-
The list of following SharePoint well-known claims are expanded to email users:
-
c:0(.s|true (everyone)
-
c:0-.f|rolemanager|spo-grid-all-users (everyone but external)
-
c:0!.s|forms%3amembership [all federated (sync) and native (cloud) users]
-
-
-
When needed, click Add, Edit, or Manage security providers respectively to create, modify, or manage email or active directory security providers.
-
-
In the Windows Azure Active Directory Module for Windows PowerShell box, ensure that the MSOnline.psd1 file is available at the default location (C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\MSOnline.psd1) on your Coveo Master server following the installation of the Windows Azure AD Module installation (see Installing the Windows Azure AD Module for Windows PowerShell). Change the path if needed.
Notes:
-
Windows PowerShell is used to retrieve Office 365 users and domains.
-
The default value should be the right value, but make sure the referenced module is installed and is located at this path.
-
-
Ensure that the Allow Complex Identities option is selected.
-
Click Save.
-
This security provider must be selected in the Security Provider for SharePoint Users parameter of the SharePoint security provider set on your SharePoint or OneDrive for Business source
-
What's Next?
Create an Office 365 security provider that will use this Claims to Email security provider (see Creating an Office 365 Security Provider for SharePoint Online).