Add or Edit a Source
- Amazon S3 Source
- Box (Personal) Source
- Box Business V2 Source
- Box Business Legacy Source
- Confluence Cloud Source
- Confluence Legacy Source
- Confluence Self-Hosted Source
- Database Source
- Dropbox (Personal) Source
- Dropbox Business Source
- Exchange Enterprise Source
- Exchange Online (Personal) Source
- File System Source
- Generic REST API Source
- Gmail for Work Source
- Gmail (Personal) Source
- Google Drive (Personal) Source
- Google Drive for Work Source
- Jira Software Cloud Source
- Jira Software Self-Hosted Source
- Jive Cloud Source
- Jive Server Source
- Lithium Source
- Microsoft Dynamics 365 Source
- OneDrive for Business Source
- Push Source
- RSS Source
- Salesforce Source
- ServiceNow Source
- SharePoint Online Source
- SharePoint Online Legacy Source
- SharePoint Server Source
- Sitecore Source
- Sitemap Source
- Twitter Source
- Web Source
- YouTube Source
- Zendesk Source
Add/Edit SharePoint Online Source
When you have the required privileges, you can include SharePoint Online content and make it searchable. This source can be shared, private, or secured (see Content Security). By default, your SharePoint Online source starts a refresh every hour to retrieve SharePoint Online item changes (addition, modification, or deletion) (see Edit a Source Schedule). A source rescan or rebuild is necessary to capture deleted user profiles.
Following a refresh operation, deleted discussion lists are excluded from your Coveo Cloud V2 SharePoint Online source content, but replies to the original discussion message will only be excluded following the next rescan operation. This is a known issue caused by a limitation of Microsoft SharePoint Online.
Source Features Summary
|SharePoint Online version||N/A|
|Searchable content types||Sites, sub-sites, user profiles, personal websites, lists, list items, list item attachments, document libraries, document sets, documents, web parts, and microblog posts and replies.|
Rescan or rebuild is required to retrieve deleted user profiles.
Azure Application Permissions
A SharePoint Online source uses the OAuth 2.0 authorization protocol. To work with Microsoft APIs (CSOM and REST), Coveo Cloud V2 must authenticate via an Azure Active Directory application. Coveo Cloud V2 obtains “delegated” permissions, i.e., when a user logs in, the Coveo Cloud V2 platform receives an access token referring to this specific user.
When you create a SharePoint Online source, an Azure application is created in your SharePoint Online tenant, and you must grant permissions to this application. The access token is then limited to these permissions, which are necessary to successfully crawl SharePoint Online. For some of these permissions, the
Requires Admin parameter is set to
true. As a result, for a user to authenticate through the Coveo Cloud V2 Azure Active Directory application, they must be a Limited Administrator with the Application administrator and SharePoint administrator directory roles (see SharePoint Online Account With Appropriate Permissions).
The permissions to grant to the application are the following:
|Have full control of all site collections (
Coveo Cloud V2 requires this permission to apply permissions on crawled items. Microsoft does not offer enough granularity for Coveo to use a permission with fewer privileges.
Some API calls require Coveo to have the
Read user profiles (
Coveo Cloud V2 requires this permission mainly to retrieve user profiles and index them as items if you select this option (see User profiles).
|Read directory data (
Coveo Cloud V2 requires this permission to fetch:
|Read all groups (
Coveo Cloud V2 uses this permission to obtain the ID of a group, and then a list of the group members (see Get Group).
DNS Records Configuration for Office 365
Log in to Office 365 admin center with an administrator account.
In the navigation bar on the left, select Domains.
In the Manage domains page:
Under Domain Name, select your corporate domain (not
company.onmicrosoft.com) check box.
Next to the Action column, under the [domain name], click Domain settings.
In the [domain name] page, in the DNS records section, take note of the DNS records.
Configure these DNS records in your DNS host provider (see Create DNS records for Office 365 when you manage your DNS records).
In the [domain name] page, in the DNS records section, click the Troubleshoot domain link to ensure the DNS records were correctly configured.
SharePoint Online Account With Appropriate Permissions
When you want to include SharePoint Online content, you must create a specific SharePoint Online account that has access to the content you want to make searchable and that will be only used for the source. If you allow Coveo to retrieve your content through your personal account, you will need to also change the source Password value each time you change the account password to prevent authentication errors.
Access your Azure Portal with an administrator account.
In Azure, create a limited administrator account that will authorize the Coveo Cloud V2 Azure application via OAuth 2.0.
In the menu on the left, click Azure Active Directory.
In the [Directory Name] - Overview blade that appears, in the navigation menu, click Users.
In the Users - All users blade that appears, click New user.
In the User blade, enter a Name and a User name for the account, and then click Directory role.
In the Directory role blade, select the Limited administrator directory role.
In the list of administrative roles that appears underneath, select the Application administrator and the SharePoint administrator roles, and then click OK (see Administrator role permissions in Azure Active Directory).
Back in the User blade, click Create.
Access your SharePoint Online tenant with an administrator account, and then grant appropriate SharePoint Online permissions to the account you previously created to ensure it has access to all the content that you want to include.
The following table presents the minimal required permissions that the account must have to perform the specified action.
Action to Perform Minimal Required Permission Content and security indexing, incremental refresh, and site collection discovery
Administrator permission for all SharePoint Online site collections, including the root site collection (see Granting the Site Collection Administrator Permission in SharePoint Online).
Personal site and user profile
Owner of all personal site collections (see Adding the Personal Sites Collections Owner Permissions for SharePoint Online).
Add or Edit a SharePoint Online Source
Ensure your SharePoint Online instance meets the source requirements (see Requirements).
If not already in the Add/Edit a SharePoint Online Source panel, go to the panel:
To add a source:
In the main menu, under Content, select Sources > Add source button > SharePoint > SharePoint Online.
In the Sign in to SharePoint Online window that appears, enter your SharePoint Online tenant name, and then click Sign In.
You can also enter your full SharePoint Online tenant address.
Enter the Email and Password of the limited administrator account that you created earlier and that has access to the desired SharePoint Online content, and then click Sign in (see SharePoint Online Account With Appropriate Permissions).
Starting March 25, 2019, when you create two SharePoint Online sources retrieving content the same tenant, they share their security providers, which increases the speed of the security identities refresh operation (see Refresh a Security Identity Provider). You must however use the same limited administrator credentials for both sources.
Click Accept to grant the required permissions to the Coveo Cloud V2 application.
To edit a source, in the main menu, under Content, select Sources, and then double-click the desired source row.
In the Configuration tab, enter appropriate values for available parameters:
A descriptive name for your source under 255 characters (not already in use for another source in this organization).
Select who can see items from this source in a search interface that includes this source in its scope (see Content Security):
Private: Only you, when you are authenticated to the search interface with the identity with which you create the source (see SharePoint Online Account With Appropriate Permissions).
Secured: Only users authenticated in the search interface will see the source items for which they have read permission.
In the Content to Include section, select the content to make searchable. Your options are:
All site collections
All site collections that the source account is allowed to access will be searchable (see SharePoint Online Account With Appropriate Permissions).
If you choose to make only certain items searchable, in the URL box, enter URLs corresponding to the desired site collection, lists, websites, and subwebsites. Each URL must include the protocol and tenant name.
For a specific site collection:
For a specific website:
For a specific list:
A specific folder in a list is not supported.
If you select this option, see Additional content.
Under Additional content, specify which content you want to make searchable. Your options are:
Select to include SharePoint Online user profiles.
To prevent performance issues, it is recommended to create a separate source for user profiles only.
Select to include SharePoint Online personal sites.
To prevent performance issues, it is recommended to create a separate source for personal sites only.
Select to include list folders and document sets.
- In the Access tab, determine whether each group and API key can view or edit the source configuration (see Understanding Resource Access):
- In the Access Level column, select View or Edit for each available group.
- On the left-hand side of the tab, if available, click Groups or API Keys to switch lists.
If you remove the Edit access level from all the groups of which you are a member, you will not be able to edit the source again after saving. Only administrators and members of other groups that have Edit access on this resource will be able to do so. To keep your ability to edit this resource, you must grant the Edit access level to at least one of your groups.
Optionally, consider editing or adding mappings (see Manage Source Mappings).
You can only manage mapping rules once you build the source (see Add or Edit a Source).
Complete your source addition or edition:
Click Add Source/Save when you want to save your source configuration changes without starting a build/rebuild, such as when you know you want to do other changes soon.
In the Sources page, you must click Start initial build or Start required rebuild in the source Status column to add the source content or make your changes effective, respectively.
Click Add and Build Source/Save and Rebuild Source when you are done editing the source and want to make changes effective.
Once the source is built or rebuilt, you can review its content in the Content Browser (see Inspect Items With the Content Browser).
Review the default refresh schedule in which a source refresh starts every hour (see Edit a Source Schedule).