1. Validate that your environment meets the requirements: 

   • (For SharePoint 2010 and 2013) CES 7.0.6767+ (June 2014)

     OR

     (For SharePoint 2016) CES 7.0.8541+ (September 2016)

     OR

     (For Microsoft OneDrive for Business) CES 7.0.8047+ (December 2015)

     Note: You can check your CES version from the Administration Tool. [more]

   • Your Coveo license includes the Microsoft SharePoint or Microsoft OneDrive for Business connector. [more]

   • Your ADFS setup meets Coveo requirements. [more]

2. Create a user identity with a dedicated Windows account that has access to all the SharePoint content that you want to index. [SharePoint] or [OneDrive for Business]

   Key parameter	Value
   Name	You must name your user identity.
   User	In the domain\username or username@domain.com form.
   Password	The corresponding password.

   1. (Not for OneDrive for Business sources) On your SharePoint farm, install the Coveo web service and optionally the search box, and search interface (see Installing the Coveo Web Service, Search Box, and Search Interface into SharePoint).

3. Ensure that the crawling account of your user identity has appropriate permissions, the crawling account must:

   • Be a member of the SharePoint farm administrators group (see Adding the Crawling Account to the SharePoint Farm Administrators Group)

   • Have the Read permission for the site collection(s) that you want to index (see Adding the SharePoint Website Read Permission).

4. Create a Claims for an on-premises SharePoint security provider. [more]

   Key parameter	Value
   Name	You must name your security provider.
   Security Provider Type	Claims for SharePoint On-premises
   User Identity	When you want to use a Claims-aware Coveo Search, select a user identity of any Windows account that can be used to authenticate to ADFS (see Configuring the Claims-Aware Coveo Search Application). Otherwise, select the user identity you just created.
   SharePoint Web Application Url	The URL of the SharePoint web application using Claims-based authentication in the http://SharePointServer[:port]/ form.
   Web Application supports AD FS Claims Authentication	Selected
   Url of the SharePoint AD FS Server	The URL of the ADFS server which is trusted by SharePoint.
   Trust Identifier for SharePoint	The Relying Party Trust identifier for the SharePoint web application. [more]
   Allow Complex Identities	Selected

   Notes: You can configure the security provider to operate when multiple ADFS servers are used to authenticate users in SharePoint. [more]

5. Create a SharePoint security provider. [more]

   Key parameter	Value
   Name	You must name your security provider.
   Security Provider Type	SharePoint
   User Identity	The user identity you just created.
   Active Directory Security Provider	The default Active Directory security provider.
   Security Provider for SharePoint Users	The Claims for SharePoint On-Premises security provider you just created.
   Security Provider for Domain Groups	(none)
   SharePoint Server Url	The URL of the SharePoint web application where the Coveo SharePoint Web Service is installed in the form http://SharePoint_server:[WebApp_port].
   AuthenticationType	AdfsUnderClaims
   AdfsServerUrl	The URL of the ADFS server for which a Trust is established with SharePoint.
   SharePointTrustIdentifier	The Relying Party Trust identifier for the SharePoint web application, such as urn:federation:MicrosoftOnline. [more]

   Notes: You can configure the security provider to operate when multiple ADFS servers are used to authenticate users in SharePoint. [more]

6. Create a SharePoint or OneDrive for Business source. [SharePoint] or [OneDrive for Business]

   Key parameter	SharePoint	OneDrive for Business
   Name	You must name your source.
   Source Type	SharePoint (x64)	OneDrive for Business
   Addresses	The URL for the SharePoint farm sections that you want to index in the form https://SharePoint_server[:port]/path, where [path] is needed only when you want index a specific site collection, list, etc. [more]	The URL for the SharePoint web application that you want to index in the form https://SharePoint_server:[WebApp_port]. [more]
   Authentication Type	AdfsUnderClaims
   AdfsServerUrl (Hidden parameter)	The URL of the ADFS server for which a trust is established with SharePoint.
   SharePointTrustIdentifier (Hidden parameter)	The Relying Party Trust identifier for the SharePoint ADFS server. [more]
   Authentication	The user identity you created.
   Security Provider	The SharePoint Security provider you just created.

   Notes: You can configure the source to operate when multiple ADFS servers are used to authenticate users in SharePoint. [SharePoint] or [OneDrive for Business]

7. Rebuild the source and validate that documents are indexed.

What's Next?

• (For SharePoint sources only) When you provide a Coveo .NET Front-End search interface residing outside SharePoint and want users to be able to find Claims-secured SharePoint content without having to log in again to SharePoint, configure the search interface to manage single sign-on (see Manually Configuring a .NET Search Interface Claims SSO for an On-Premises SharePoint) .

• CES 7.0.9093+ (September 2017) (For SharePoint on-premises sources only) When you provide a Coveo JavaScript search interface and want to leverage SharePoint claims for content security, install the Coveo Claims Security Module, among other things (see Allowing a JavaScript Search Page to Retrieve SharePoint Claims).