---
title: Manage security identities
slug: '1905'
canonical_url: https://docs.coveo.com/en/1905/
collection: index-content
source_format: adoc
---
# Manage security identities
The [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page lets you review [security identity](https://docs.coveo.com/en/240/) refreshes and manage when they occur (typically daily).

Your [Coveo organization](https://docs.coveo.com/en/185/) maintains lists of relationships between all the security identities ([users](https://docs.coveo.com/en/250/) and [groups](https://docs.coveo.com/en/202/)) for all indexed systems.
See [Coveo management of security identities and item permissions](https://docs.coveo.com/en/1719/) for more information.
When a user performs a [query](https://docs.coveo.com/en/231/), Coveo refers to these lists to instantly determine the user's [permissions](https://docs.coveo.com/en/223/) and return only [items](https://docs.coveo.com/en/210/) the user is allowed to see.

The [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page shows a list of the [security identity providers](https://docs.coveo.com/en/242/) used by the [sources](https://docs.coveo.com/en/246/) indexing permissions to [replicate the repository's permission system](https://docs.coveo.com/en/1779#same-users-and-groups-as-in-your-content-system).

The table also indicates:

* **Type**: This refers to the security provider type, which often matches your source [connector](https://docs.coveo.com/en/1702/). It also indicates the number of associated sources.

* **Name**: This is the display name of the security identity provider, with the provider ID listed underneath.

* **Status**: This indicates the status of the security identity provider, including the progress of the refresh operation, the outcome of the last refresh attempt, the date, and the number of processed identities.

* **Content**: This shows the number of identities maintained for this security identity provider and the number of these identities that are in [error](https://docs.coveo.com/en/1712#IdentityState).


## Browse security identities

To view a list of all security identities managed by a provider, on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, select the desired security identity provider, and then click **Browse identities** in the Action bar.
See [Browse security identities](https://docs.coveo.com/en/1728/) for details on this list.

Alternatively, when encountering access issues with a specific item or user, you can go to the [**Content Browser**](https://platform.cloud.coveo.com/admin/#/orgid/content/browser/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/browser/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/browser/)) to [inspect the security identities at play](https://docs.coveo.com/en/1712#inspect-the-access-rights-of-a-user).

## Refresh a security identity provider

You can manually [refresh a specific security identity](#manually-refresh-a-specific-security-identity), or [refresh all security identities](#refresh-all-security-identities) at once.

Ensure however that the desired security identity is also automatically updated following a manual update.
See [Configure security identity refresh schedules](#configure-security-identity-refresh-schedules) for more information.

### [[RefreshManual]]Manually refresh a specific security identity

To manually refresh a security identity, select the desired security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, and then click **Browse identities** in the Action bar.
Next, on the **Browse security identities** subpage, select the desired identity, and then, click **Refresh now** in the Action bar.

The [**Activity** panel](https://docs.coveo.com/en/1905#review-the-activity-regarding-security-identities) showcases details regarding the update process.

A manual refresh of a specific security identity is useful when you encounter issues with a specific identity.
See [Security identity state reference](https://docs.coveo.com/en/1905#security-identity-state-reference) for details.
You can also perform a manual refresh to ensure that important security identity changes made in a system are taken into account in your searchable content.

See [Browse security identities](https://docs.coveo.com/en/1728/) for details on this subpage.

### [[RefreshAll]]Refresh all security identities

You can refresh all securities identities at once by clicking **Refresh now** on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page.
On the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click **Refresh now** to refresh all security identity providers at once.

### [[Configure]]Configure security identity refresh schedules

You can configure refresh schedules for a security identity provider on the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page.
The security identities in this provider are then updated automatically on a regular basis, and may only require a manually triggered refresh when in error.
You can configure refresh schedules for a security identity provider.
The security identities in this provider are then updated automatically on a regular basis, and may only require a manually triggered refresh when in error.

## [[Review]]Review additional statistics

On the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click the security identity provider for which you want to view the associated sources, and then click **More** > **View additional statistics** in the Action bar.

In the panel that appears, on the left side, you can review statistics regarding the identities associated to this provider.
See [Security identity state reference](#security-identity-state-reference) for details.
On the right, you can review the name, ID, and type of the sources using this security identity provider.

## Review global statistics

On the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click [chartpie] to view security identity cache statistics.

In the **Global stats: security identity cache** panel, on the left side, you can review: the total number of security identity **Providers** and security **Identities** in this organization.

On the right, under **Number of Identities by State**, you can review how many identities are in each state.
See [Security identity state reference](#security-identity-state-reference) for more information.

## [[Activity]]Review the activity regarding security identities














As part of your duties, you may need to review [activities](https://docs.coveo.com/en/173/) related to security identities for investigation or troubleshooting purposes.
To do so, in the upper-right corner of the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click [clock].

> **Note**
>
> Since disabled security identities aren't processed, you might notice a difference between the **Number of entities processed** and the **Total number of entities** in the activity details.
> See [Security identity state reference](#security-identity-state-reference) for details.
> 
> In such case, [rebuild](https://docs.coveo.com/en/3390#refresh-rescan-or-rebuild-sources) the sources that use the identity provider.
> A disabled identity is re-enabled when:
> 
> * An item that contains this identity is included
> 
> * A group is updated and its members contain this identity

## Download security identity provider update logs





Should you need more information about an ongoing or completed [security provider update operation](https://docs.coveo.com/en/1905#refresh-a-security-identity-provider), you can download logs of the desired [activity](https://docs.coveo.com/en/173/).
Log files provide a detailed account of the update process, including any warning or error that hinders part or all the update operation.

Information in update logs is nonsensitive.
{example}


To download an update log

. On the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click the desired resource, and then click **Activity** in the Action bar.

. In the **Activity** panel that opens, click the desired activity, and then click **Download logs** in the Action bar.
The downloaded file is named after the unique operation ID representing the selected activity.



See [Ways to review activity](https://docs.coveo.com/en/1969#ways-to-review-activity) for alternative ways to access this information.

## [[security]]Security identity state reference

Depending on the success of their update, security identities are flagged with one of the following [states](https://docs.coveo.com/en/1712#IdentityState): **Not updated**, **In error**, **Out of date**, **Disabled**, and **Up to date**.

For additional information on an identity that isn't up to date, go to the **Item Properties** panel, in the **Permissions** and **Permission Details** tabs.
See [Review item properties](https://docs.coveo.com/en/1712#permissions-tab) for more information.

## Edit a security identity provider

You can inspect and edit all security identity provider parameters from the JSON configuration, typically following instructions from the Coveo Support team.

. On the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page, click the security identity provider for which you want to review or change the JSON configuration, and then click **More** > **Edit JSON** in the Action bar.

. In the **Edit a security identity provider JSON configuration** panel:

.. Copy and save the original content somewhere so you can restore the configuration to its original state if your changes lead to issues.

.. Review or adjust the configuration as needed.

.. Click **Save**.

. If you made changes, validate they perform as expected.

## Required privileges

The following table indicates the privileges required to view or edit elements of the [**Security Identities**](https://platform.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) ([platform-ca](https://platform-ca.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-eu](https://platform-eu.cloud.coveo.com/admin/#/orgid/content/permissions/providers/) | [platform-au](https://platform-au.cloud.coveo.com/admin/#/orgid/content/permissions/providers/)) page and associated panels.
See [Manage privileges](https://docs.coveo.com/en/3151/) and [Privilege reference](https://docs.coveo.com/en/1707/) for details.

> **Important**
>
> A member with the **View** access level on the **Activities** domain can access the [Activity Browser](https://docs.coveo.com/en/1969/).
> This member can therefore see all activities taking place in the organization, including those from Coveo Administration Console pages that they can't access.

[cols="~,~,~",options="header"]
|===
|Action |Service - Domain |Required access level

.4+|View security identities
|Content - Security identities
|View

|Content - Security identity providers
|View

|Organization - Activities
|View

|Organization - Organization
|View

.4+|Manage security identities
|Organization - Activities
|View

|Organization - Organization
|View

|Content - Security identities
|Edit

|Content - Security identity providers
|Edit

.2+|[Access the Activity Browser and view all organization activities](https://docs.coveo.com/en/1969/)
|Organization - Activities
|View

|Organization - Organization
|View

.3+|[Download security identity provider update logs](#download-security-identity-provider-update-logs)
|Content - Connectivity diagnostic logs
|View

|Organization - Activities
|View

|Organization - Organization
|View
|===