Creating a Security Provider for the SharePoint Legacy Connector

Deprecated

A SharePoint source created with the SharePoint Legacy connector needs a SharePoint security provider to resolve permissions found on documents in the unified indexed. These permissions can either be SharePoint groups, users, or domain groups. Of these three types of permissions, only SharePoint groups are actually processed by the SharePoint security provider. Users and domain groups are simply forwarded to other security providers for processing.

The other types of security providers required to process users and domain groups vary according to the SharePoint environment being indexed, more precisely, according to the type of authentication provider (Classic Windows, Claims-Based) used by the Web Application, and the SharePoint server version (2013/2010/2007 on-premises and Online).

For this reason, before going on with the configuration of the SharePoint security provider, if not already done, you must identify the type of your SharePoint environment from which you will be indexing content (see Identifying Your SharePoint Environment).

To modify or configure a SharePoint security provider

1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

2. Select Configuration > Security.

3. In the Security page, in the navigation panel on the left, click Security Providers.

4. In the Security Providers page, click Add.

5. In the Modify Security Provider page:

   

   1. In the Name box, enter a name to identify this security provider.

      Example: SharePoint Security Provider (Classic)

   2. In the Security Provider Type drop-down list, select SharePoint Legacy (x64) (or SharePoint (x86) on a 32-bit Coveo server).

      Notes:

      • CES 7.0.6830+ (July 2014) The SharePoint (x64) type corresponds to the security provider to be used with the second generation SharePoint connector (see Creating a SharePoint Security Provider).

      • CES 7.0.6767– (June 2014) The SharePoint Legacy (x64) security provider type was named SharePoint (x64).

   3. In the User Identity section:

      1. In the drop-down list, select the user identity that you selected or created previously for this connector (see Type of User to Specify for the User Identity).

      2. When needed, click Add, Edit, or Manage user identities respectively to create, modify, or manage user identities.

      Note: The User Identity specified here will be relevant later on in this topic when selecting the value of the Authentication Type parameter.

   4. In the Temporary path box, enter the path for the temporary security provider working folder on the Coveo server. If not specified, a temporary working folder will be created by the security provider.

      Example: C:\temp

   5. In the SharePoint Server Url box, enter the following value according to your SharePoint environment:

      • Classic and Online: leave blank.

      • Claims: URL of the SharePoint Web Application where the Coveo SharePoint Web Service is installed (see Installing the Coveo Web Service, Search Box, and Search Interface into SharePoint).

   6. In the Active Directory Security Provider drop-down list, for all SharePoint environments, select the Active Directory security provider.

   7. CES 7.0.5031+ (March 2013) In the Security Provider for SharePoint Users drop-down list, select the following Security Provider according to your SharePoint environment.

      • Classic: Select the Active Directory security provider.

      • Claims: Select your Claims security provider for an on-premises SharePoint (see Creating a Claims Security Provider for an On-Premises SharePoint).

      • Online:

        • Select your Claims security provider for SharePoint Online (see Creating a Claims Security Provider for SharePoint Online).

          OR

        • CES 7.0.7433+ (February 2015) Select your Claims to Email security provider for SharePoint Online (see Creating a Claims to Email Security Provider for SharePoint Online).

   8. CES 7.0.5031+ (March 2013) In the Security Provider for Domain Groups drop-down list, select the following Security Provider according to your SharePoint environment.

      • Classic: Select the Active Directory security provider.

      • Claims: Select your Claims security provider for an on-premises SharePoint (see Creating a Claims Security Provider for an On-Premises SharePoint).

      • Online: Select your Office 365 security provider (see Creating an Office 365 Security Provider for SharePoint Online).

   9. In the Connection timeout box, consider changing the time interval the connector waits to establish the connection with the SharePoint server. The default value is 30000 mS.

   10. In the Timeout retry box, consider changing the number of times the connector retries to connect with the SharePoint server before throwing an error. The default value is 3 retries.

   11. In the Get changes timeout box, consider changing the time interval the connector waits to get changes from the SharePoint server. The default value is 15000 mS.

   12. CES 7.0.5031+ (March 2013) In the Authentication Type box, enter one of the following types of authentication according to your SharePoint environment:

       • Classic: Enter Default.

       • Claims: If the User Identity specified on this security provider was:

         • A Windows account, enter: WindowsUnderClaims

         • Form authentication credentials, enter: FormsUnderClaims

         • ADFS federated account, enter:  AdfsUnderClaims

       • Online: If the User Identity specified on this security provider was:

         • A native Office 365 user account (ex.: john@acme.onmicrosoft.com), enter: OnlineUnderClaims

         • A single sign-on Office 365 account (ex.: john@acme.com), enter: OnlineFederated

       Note: The Authentication Type specified here is determined by the User Identity parameter that was specified earlier in this topic.

   13. CES 7.0.5556+ (June 2013) The following ADFS related parameters are only required when the Authentication Type is either AdfsUnderClaims or OnlineFederated.

       1. In the Url of the SharePoint AD FS Server box, enter the URL of the ADFS server which is trusted by SharePoint.

       2. In the Trust Identifier for SharePoint box, enter the Relying Party Trust identifier for the SharePoint web application (see Finding the Relying Party Trust Identifier for a SharePoint Web Application).

       The following parameters are required only when multiple ADFS servers are used to authenticate users in SharePoint:

       1. In the Url of the Identity Provider AD FS Server box, enter the URL of the ADFS server which is used as an Identity Provider for the ADFS server trusted by SharePoint.

       2. In the Trust Identifier for the SharePoint AD FS Server box, enter the Relying Party Trust identifier for the SharePoint ADFS server (see Finding the Relying Party Trust Identifier for a SharePoint ADFS server).

       Note: At this point, the proper ADFS endpoint(s) should already have been enabled on the ADFS server(s) during the configuration of the Claims for SharePoint 2010 Online security provider (see ADFS Server Requirements for a Claims Security Provider).

   14. Leave the Allow Complex Identities option cleared as it does not apply to this type of security provider.

   15. In the Parameters section, in rare cases the Coveo Support could instruct you to click Add Parameters to specify other security provider parameter names and values that could help to troubleshoot security provider issues.

6. Click Apply Changes.