Allowing User Impersonation
Allowing user impersonation means that, when performing a search, your users will only receive results to which they normally have access.
There are three configurations that you need to do to ensure that security is properly configured in your Salesforce organization to allow Coveo to impersonate users.
Grant Coveo Access to All Pre-Authorized Users
In Salesforce, in Setup, search for and select Connected Apps.With Salesforce LightningWith Salesforce Classic
Under Platform Tools, select Apps> Connected Apps > Manage Connected Apps. Under Administer, selectManage Apps >Connected Apps.
Next to the Coveo for Salesforce connected app, select Edit.
Under OAuth policies, change the value of the Permitted Users field to Admin approved users are pre-authorized.
Click the Save button.
From this point, your users will not be able to interact with the Coveo components. You thus need to authorize user profiles or permission sets.
Authorize Specific User Profiles or Permission Sets
In Setup, search for and select Manage Connected Apps.
With Salesforce Lightning With Salesforce Classic Under Administer, select Manage Apps > Connected Apps. Under Apps, select Connected Apps > Manage Connected Apps.
Click the Coveo for Salesforce connected app.
- You can authorize the app by user profiles or permission sets:
- To authorize by user profiles:
- Under Profiles, select Manage Profiles.
Select the profiles that will be interacting with Coveo components.
When configuring for a community, select all profiles that have access to the community.
You should always at least select the System Administrator.
- To authorize by permission set:
- Under Permission Sets, select Manage Permission Sets.
- Select the permission sets that will be interacting with Coveo components.
- To authorize by user profiles:
- Click the Save button.
Your users can now use your Coveo components. However, it would still be possible for them to have access to items they normally would not have access to. For this reason, you should disable automatic identity fallback.
Disable Automatic Identity Fallback
For more information on why this needs to be done, see Understanding How the Coveo for Salesforce Free Edition Uses the JWT Flow.
In Setup, search for and select Installed Packages.
With Salesforce Lightning With Salesforce Classic Under Platform Tools, select Apps > Installed Packages. Under Build, select Installed Packages.
Next to the Coveo package, select Configure.
Click Advanced Configuration.
In the panel that appears, under When the JWT flow is not properly configured, fallback on admin identity, select Disallow.
Click Save Changes.
While you have now enabled security for your Coveo components, you have still not granted your users access to them. For information on how to do that, see Granting Users Access to Your Coveo for Salesforce Search Page and Granting Users Access to Your Coveo Lightning Component.
Your security is now properly configured. You are ready to proceed to Inserting Coveo Components in Salesforce.
If you have already integrated Coveo components in your Salesforce organization and you are just now securing your implementation, you should consider proceeding to Creating a Guest User Profile for Your Community, as your anonymous users currently cannot use your Coveo components.