Edit a Group

Administrators can edit groups (security identity) (see Built-In Groups).

As an administrator, once you created a group, you must add members (security identity group) to your group. You typically need to invite only a few people per group, those who should be entitled to perform Coveo Cloud organization management tasks associated with the group.

On the Groups page, grayed-out groups are groups for which you only have the View access level (see Understanding the Custom Access Level). You cannot edit these groups, but you can click View in the Action bar to review their configuration.

Configuration Tab

The Configuration tab shows the group name.

Access the “Configuration” Tab

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage groups in the target Coveo Cloud organization.

  2. In the main menu on the left, under Organization, select Groups.

  3. On the Groups page, click the group of which you want to manage the privileges, and then in the Action bar, click Edit.

Rename a Group

Use role names for group names such as Search Content Managers, Analytics Managers, and Relevance Analysts.

In the Privileges tab, in the Group name box, change the original group name, and then click Save (see Access the “Privileges” Tab).

Members Tab

The Members tab is used to review and manage group members. The member list shows the following information:

  • The Email / Username column shows the member’s email address or username
  • The Name column indicates the member’s full name, if available
  • The Provider column shows the OpenID domain to which the member belongs, such as Google or Office 365
  • For invited members only, the time before the invitation expires
  • A badge indicating the member status (e.g., Member, Invited)

Access the “Members” Tab

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage groups in the target Coveo Cloud organization.

  2. In the main menu on the left, under Organization, select Groups.

  3. On the Groups page, click the group of which you want to manage the privileges, and then in the Action bar, click Edit.

  4. In the Edit a Group panel, click the Members tab.

Add Members Belonging to an Identity Set to a Group

You can add several members at once to a group by linking an identity set to the group.

  1. Log in to the Coveo Cloud platform with a user that is contained in the same OpenID domain as the users you want to add.

    Select Log in with Salesforce, when you want to add members from a Salesforce group.

    Similarly, if you want to add users retrieved from a single sign-on (SSO) identity provider, log in using the SSO (see Logging in Using Single Sign-On).

  2. On the Groups page, double-click the group to which you want to add the identity set.

  3. In the Edit a Group panel, in the Members tab, under Include the following identities, click Link to identity set (see Access the “Members” Tab).

  4. In the Identity set drop-down menu, select the available OpenID domain, Salesforce profile, or single sign-on (SSO) provider group that contains the users that you want to add to the group.

    • Supported OpenID domains are Google, Salesforce, and Office 365.

    • The SSO provider groups displayed in the Identity set menu are the groups provided in the user.groups attribute of the identity provider assertion. Thus, only SSO provider groups in which your account is included are available; as an administrator, you may therefore want to be a member of all groups. This limitation does not apply when configuring this feature via API calls rather than with the Coveo Console (see SAML Authentication API documentation).

    • SSO provider groups are available in the drop-down menu only once you have:

  5. Click Link to identity set.

    Added members are automatically granted the group privileges.

  6. Click Save.

    Although the users in the identity sets you import in your organization can access Coveo Cloud, they do not appear on the organization member list (see Adding and Managing Members).

Add Specific Members to a Group

You can individually invite people to a group, which is useful when a group should contain only a few users.

  1. Access the “Members” tab.

  2. In the Members tab, under Additional members, click Invite member.

  3. In the Provider drop-down menu:

    • Select the OpenID domain (Google, Salesforce, or Office 365) in which the desired user is defined.

    • Select Single sign-on if the desired user is defined within a SSO identity provider.

    • Select Any listed to let the user choose the supported provider of their choice when they will log in to your organization for the first time.

  4. (When you select Google, Salesforce, or Office 365) In the Username box, enter the user account name for the Provider you select above for the user that you want to add in the group.

  5. (When you select Single sign-on) In the Username box, enter the SSO NameID value that Coveo Cloud should expect from the SSO provider for this user.

  6. (When you select Any listed) In the Email box, enter an email address linked to a valid account in one of the available providers.

    The user will receive an email notification, inviting them to join your Coveo Cloud organization (see Join a Coveo Cloud Organization).

  7. (When you select Google, Salesforce, Office 365, or Single sign-on) When you want the user to receive an email notification:

    1. Enable the Send an email notification toggle button.

    2. For Salesforce and Office 365, since the Username is not necessarily an email address, in the Email box appearing below the toggle, you must enter the user email address to which you want to send the notification.

  8. Click Invite Member.

    The user appears in the Additional Members list with the Invited tag. The user must log in once to platform.cloud.coveo.com/login and authorize Coveo Cloud to use his or her account to become a group and organization member (see Join a Coveo Cloud Organization). The invitation expires after 14 days if the user does not log in.

  9. Click Save.

Delete Members from a Group

  1. Access the “Members” tab.

  2. In the Members tab, click the member you want to remove from the group.

  3. In the Action bar, click Delete.

  4. Next to the Are you sure? confirmation prompt, click Delete.

Privileges Tab

The Privileges tab lists privileges granted to the members of the selected group (see Navigating the Privileges Tab). You can edit this list to grant or revoke privileges.

Access the “Privileges” Tab

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage groups in the target Coveo Cloud organization.

  2. In the main menu on the left, under Organization, select Groups.

  3. On the Groups page, click the group you want to manage, and then in the Action bar, click Edit.

  4. In the Edit a Group panel, click the Privileges tab.

Review Granted Privileges for Group Members

Grant only the minimal privileges required for members of a group to perform their Coveo Cloud organization tasks (see Determine the Privileges to Grant).

  1. Access the “Privileges” tab.

  2. In the Privileges tab, in the menu on the left, select a service.

  3. Review and edit the Access Level for each privilege in the service.

    To quickly and broadly grant privileges, you can use the Preset drop-down menu in the panel Action bar. Your selection applies to all services. Your options are:

    • Full access, which allows grantees to edit all resources. Full access is typically granted to administrators.

    • View all, which allows grantees to see all resources in the administration console but forbids to edit them or create new ones.

    • Minimal access, which only grants the group the View access level for the Organization domain, so that users can log in to the Coveo Cloud administration console (see Organization Domain and Logging in to Coveo Cloud V2). You must then select an access level for the desired domains to allow grantees to access the corresponding resources.

    • Five templates corresponding to the default privileges of the built-in groups (see Built-In Groups).

    • The minimal access level required to allow members of a group to access any Coveo Cloud administration console page is the View access level on the Organization domain in the Organization service.

    • When you edit the privileges of a group, your options may vary. For each domain, the access levels you can grant depend on the access level you have yourself, as well as the level that was last saved (see Confirm Your Options).

    • Depending on the privilege, the View and Edit access levels may not be applicable, i.e., users can only be Allowed or not to access the resource.

    • If you do not have all the privileges in the preset you select, the missing privileges cannot be applied to the group. To fully apply a preset, your user must have the same or a higher access level for each domain, as the access levels you can grant depend on the access level you have yourself (see About the Preset Menu).

    When granting a custom access level configuration, you can save time by selecting the preset configuration closest to the access level set you want to grant, and then editing the desired privileges. The Preset drop-down menu then indicates: Custom.

    • You want the members of a group to only be able to edit sources and fields. You therefore select the Minimal access preset configuration, select the Content services in the menu on the left, and then select the Edit access level for Sources and Fields.

    • You want the members of a group to be able to edit resources of the Usage Analytics, Machine Learning, and Search services and view the resources of other services. You therefore select the Full access preset configuration and then, for the domains of the Content and Organization services, change the access levels from Edit to View.

  4. When done editing, click Save.

Access Tab

The Access tab allows you to determine whether each group in your organization can view or edit the selected group (see Understanding Resource Access).

Access the “Access” Tab

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage groups in the target Coveo Cloud organization.

  2. In the main menu on the left, under Organization, select Groups.

  3. On the Groups page, click the group you want to manage, and then in the Action bar, click Edit.

  4. In the Edit a Group panel, click the Access tab.

Grant Access Rights

In the Access tab, use the Access level drop-down menus to determine whether each group or API key allowed to view groups should also be allowed to edit the current group configuration.

Groups for which there is no drop-down menu in the Access Level column are either groups that can edit all groups created in the organization or groups that are not allowed to see groups at all (see Groups Domain). Since these groups’ access level is already determined, you have no decision to make regarding them in the Access tab.

If you remove the Edit access level from all the groups of which you are a member, you will not be able to edit your group once it is saved. Only administrators and members of other groups that have the Edit access level on this group will be able to do so. To keep your ability to edit this group, set the Access level to Edit for at least one of the groups of which you are a member.