---
title: Browse security identities
slug: '1728'
canonical_url: https://docs.coveo.com/en/1728/
collection: index-content
source_format: adoc
---
# Browse security identities
The **Browse security identities** subpage lets you review the [security identities](https://docs.coveo.com/en/240/) managed by a [security identity provider](https://docs.coveo.com/en/242/).

Along with each identity, the subpage displays information relevant for troubleshooting purposes: its [type](https://docs.coveo.com/en/1719/), current [state](https://docs.coveo.com/en/1712#IdentityState), as well as the date and [result](https://docs.coveo.com/en/1712#LastUpdateResult) of its last update.

To access the **Browse security identities** subpage, select the desired security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, and then click **Browse identities** in the Action bar.

Alternatively, when encountering access issues with a specific item or user, you can go to the [**Content Browser**](https://platform.cloud.coveo.com/admin/#/orgid/content/browser/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/browser/)) to [inspect the security identities at play](https://docs.coveo.com/en/1712#inspect-the-access-rights-of-a-user).

For details on how Coveo leverages the security data in [sources](https://docs.coveo.com/en/246/) that [index the repository access permissions](https://docs.coveo.com/en/1779#same-users-and-groups-as-in-your-content-system), see [Management of security identities and item permissions](https://docs.coveo.com/en/1719/).

## Filter identities

When browsing the identities of a security provider, you might need to filter out some identities to find what you're looking for.

For instance, when investigating content access issues where users don't see the content they expect in your search interface, you may want to look at identities refreshed within the last week and for which the process resulted in an error.

On the **Browse security identities** page of your security provider, click the **Filter by** box.

To narrow down your search, choose one of the following modes:

* Filter by name and/or identity type ([user](https://docs.coveo.com/en/250/), [group](https://docs.coveo.com/en/202/), or [virtual group](https://docs.coveo.com/en/252/)).

* Filter by state (that is, whether it's been refreshed recently) and/or by date of last update.

> **Tips**
>
> When searching by name:
> 
> * Select "Name starts with" to get results more quickly, especially if your organization contains a large number of identities.
> 
> * Selecting an identity type can also speed up the search process.

## Browse the relationships of an identity

[security identity relationships](https://docs.coveo.com/en/243/) are crucial when evaluating [effective permissions](https://docs.coveo.com/en/194/), as they allow the [index](https://docs.coveo.com/en/204/) to resolve [granted identities](https://docs.coveo.com/en/201/), [groups](https://docs.coveo.com/en/202/), [virtual groups](https://docs.coveo.com/en/252/), and individual [user](https://docs.coveo.com/en/250/) entities.
When troubleshooting permission issues with an identity, it may be useful to review its parent and child relationships.

To browse the relationships of an identity, first select the desired security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, and then click **Browse identities** in the Action bar.
Next, on the **Browse security identities** subpage, select the desired identity, and then, click **Browse relationships** in the Action bar.

On the identity's subpage, the **Direct parents**, **All parents**, **Direct children**, and **All children** tabs display its relationships.
The "Direct" tabs show the immediate parents and children of the selected identity, while the "All" tabs show all parents and children of the selected identity, direct and indirect.

See [Child/Parent relationship](https://docs.coveo.com/en/1618#childparent-relationship) for details on child/parent relationships between identities.

## [[Search]]Search as an identity

You can impersonate an identity and open the [**Content Browser**](https://platform.cloud.coveo.com/admin/#/orgid/content/browser/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/browser/)) to view the content this identity is allowed to see.
See [Inspect items with the Content Browser](https://docs.coveo.com/en/2053/) for details.
This is especially useful when troubleshooting permission issues.

To search as an identity, first select the desired security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, and then click **Browse identities** in the Action bar.
Next, on the **Browse security identities** subpage, select the desired identity, and then, click **Search as** in the Action bar.

You're then redirected to the [**Content Browser**](https://docs.coveo.com/en/2053/).
At the top of the page, a ribbon indicates the identity you're currently impersonating.

![Impersonating a user in Coveo's Content Browser](https://docs.coveo.com/en/assets/images/index-content/searching-as.png)

Click [x] on the right to stop searching as the selected identity and display the entire organization content.

## Refresh an identity

You can manually [refresh a specific security identity](#manually-refresh-a-specific-security-identity), or [refresh all security identities](#refresh-all-security-identities) at once.

Ensure however that the desired security identity is also automatically updated following a scheduled update.
See [Configure security identity refresh schedules](#configure-security-identity-refresh-schedules) for more information.

### [[RefreshManual]]Manually refresh a specific security identity

To manually refresh a security identity, select the desired security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, and then click **Browse identities** in the Action bar.
Next, on the **Browse security identities** subpage, select the desired identity, and then, click **Refresh now** in the Action bar.

The [**Activity** panel](https://docs.coveo.com/en/1905#review-the-activity-regarding-security-identities) showcases details regarding the update process.

A manual refresh of a specific security identity is useful when you encounter issues with a specific identity.
See [Security identity state reference](https://docs.coveo.com/en/1905#security-identity-state-reference) for details.
You can also perform a manual refresh to ensure that important security identity changes made in a system are taken into account in your searchable content.

### [[RefreshAll]]Refresh all security identities
You can refresh all securities identities at once by clicking **Refresh now** on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page.

### [[Configure]]Configure security identity refresh schedules
You can configure refresh schedules for a security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page.
The security identities in this provider are then updated automatically on a regular basis, and may only require a manually triggered refresh when in error.

## About disabled identities

When a user or group is deleted from the original system, its corresponding security identity in Coveo remains displayed on the **Browse security identities** subpage.
However, its state changes to **Disabled**.

In addition, relationships of the security identity are cleared.

### Cleared relationships

_Clearing [relationships](https://docs.coveo.com/en/1618/)_ means that the [security identity cache](https://docs.coveo.com/en/241/) deletes the links between a security identity that's disabled or in error and its associated parent security identities, child security identities, granted security identities, and aliases.
Users logging in to Coveo therefore don't receive this additional security identity.

In other words, when a security identity  is deleted or when the most recent information regarding this identity is lacking, Coveo doesn't allow access to items via this identity to prevent security holes.

For example, let's say John Smith is a member of the Accountants group, which means there is a relationship between John Smith's user security identity and the Accountants group security identity.
As a result, when logging in to Coveo, John Smith receives the Accountants security identity as an additional identity.
He can therefore access items that the Accountants group is allowed to access.

Later, the Accountants group security identity is deleted in your system and therefore disabled in Coveo.
Since the relationship between John Smith's user security identity and the Accountants group security identity is deleted, he can't access items through the Accountants identity anymore.