Managing Security Identities

The Security Identities page allows you to review security identity refreshes and manage when they occur (typically daily).

Your Coveo Cloud organization maintains lists of relationships between all the security identities (users and groups) for all indexed systems (see Coveo Cloud V2 Management of Security Identities and Item Permissions). When a user performs a query, Coveo Cloud refers to these lists to instantly determine the user’s permissions and return only items the user is allowed to see.

The Security Identities page shows a list of security identity providers (such as Salesforce or Sitecore) used in your organization when one or more of your sources are configured as Secured (a content security type available for several connectors) (see Available Coveo Cloud V2 Connectors).

The table also indicates:

  • Type - The security provider type, which often matches your source connector, as well as the number of associated sources (see Available Coveo Cloud V2 Connectors).

  • Name - The display name of the security identify provider, and the provider ID underneath.

  • Status - The security identity provider status, i.e., the progress of the refresh operation, or the outcome of the last refresh attempt, the date, and the number of processed identities.

  • Content - The number of identities maintained for this security identity provider and the number of these identities that are in error (see State).

Access the “Security Identities” Page

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage security identities in the target Coveo Cloud organization.

  2. In the main menu on the left, under Content, select Security Identities.

Filter Security Identity Providers

On the Security Identities page, in the right section of the Action bar, type keywords in the Filter box. You can filter security identity providers by type, name, and number of identities.

Refresh a Security Identity Provider

You can launch a list refresh specifically for a given security identity provider. See Refresh All Security Identities and Edit Security Identity Provider Refresh Schedules for other refresh options.

Refreshing a security identity provider is useful when you know important security identity changes were made in a system and want to ensure that they are now taken into account in your searchable content.

Ensure however that the security identities are automatically updated following a scheduled refresh (see Edit Security Identity Provider Refresh Schedules).

  1. On the Security Identities page, in the provider list, optionally filter the security identity providers, and then select the provider for which you want to refresh security identities (see Filter Security Identity Providers).

  2. In the Action bar, click Refresh Now.

    Security identity provider refresh progress information appears while the refresh takes place.

    You can also go to the Activity panel to see more details about the refresh.

Explore Security Identities

You can view a list of all security identities managed by a provider in the Explore Security Identities panel (see Explore Security Identities).

Refresh All Security Identities

On the Security Identities page, click Refresh Now to refresh all security identity providers at once. See also Refresh a Security Identity Provider.

This is useful when you know important security identity changes were made in several systems and want to ensure that they are now taken into account in your searchable content.

Edit Security Identity Provider Refresh Schedules

You can configure refresh schedules for a security identity provider in the Edit Provider Schedules panel (see Edit Security Identity Provider Refresh Schedules).

Review Additional Statistics

  1. On the Security Identities page, in the provider list, optionally filter the security identity providers, and then select the security identity provider for which you want to view the associated sources (see Filter Security Identity Providers).

  2. In the Action bar, select More, and then View additional statistics

In the Additional Statistics: [ProviderType] Security Identity Provider panel, on the left-hand side, you can review statistics regarding the identities associated to this provider (see Security Identity State Reference). On the right-hand side, you can review the name, ID, and type of the sources using to this security identity provider.

Review Global Statistics

On the Security Identities page, click the Global stats icon (Icon-GlobalStats) to view security identity cache statistics.

In the Global Stats: Security Identity Cache panel, on the left-hand side, you can review: the total number of security identity Providers and security Identities in this organization.

On the right-hand side, under Number of Identities by State, you can review how many identities are in each state (see Security Identity State Reference).

Review the Activity Regarding Security Identities

On the Security Identities page, click the Activity icon (ac8-icon-clock) to review the Activity panel (see Review Events Related to Specific Coveo Cloud Administration Console Resources).

  • Since disabled security identities are not processed, you might notice a difference between the Number of entities processed and the Total number of entities in the activity details (see Security Identity State Reference and Expanded activity

    In such case, you must rebuild the sources that use the identity provider (see Refresh, Rescan, or Rebuild Sources). A disabled identity is re-enabled when:

    • An item that contains this identity is included;

    • A group is updated and its members contain this identity.

  • If the Activity icon is grayed and unresponsive, you do not have all of the required privileges to perform this action.

Security Identity State Reference

Depending on the success of their update, security identities are flagged with one of the following states: Not updated, In error, Out of date, Disabled, and Up to date (see State).

For additional information on an identity that is not up to date, go to the Item Properties panel, in the Permissions and Permission Details tabs (see Review Item Properties).

Manage Advanced Security Identity Provider Parameters

You can inspect and edit all security identity provider parameters from the JSON configuration, typically following instructions from the Coveo support team.

  1. On the Security Identities page, in the provider list, optionally filter the security identity providers, and then select the security identity provider for which you want to review or change the JSON configuration (see Filter Security Identity Providers).

  2. In the Action bar, select More, and then Edit JSON.

  3. In the Edit a Security Identity Provider JSON Configuration: [ProviderName] panel:

    1. In the JSON configuration box:

      1. Copy and save the original content somewhere so you can restore the configuration to its original state if your changes lead to issues.

      2. Review or adjust the configuration as needed.

    2. Click Save.

  4. If you made changes, validate they perform as expected.

Review the Activity Regarding Security Identities

  1. If not already done, log in to the Coveo Cloud platform as a member of a group with the required privileges to manage security identities in the target Coveo Cloud organization.

  2. In the main menu on the left, under Content, select Security Identities.

  3. On the Security Identities page, click the Activity icon (ac8-icon-clock).

    If the Activity icon is grayed and unresponsive, you do not have all of the required privileges to perform this action.

  4. Review the Activity panel (see Review Events Related to Specific Coveo Cloud Administration Console Resources).

Since disabled security identities (identities coming from an unknown security identity provider during an identity refresh) are not processed, you might notice a difference between the Number of entities processed and the Total number of entities in the activity details (see Expanded activity).

In such case, you must rebuild the sources that use the identity provider (see Refresh, Rescan, or Rebuild Sources). A disabled identity is re-enabled when:

  • An item that contains this identity is included;

  • A group is updated and its members contain this identity.

Required Privileges

The following table indicates the privileges required to view or edit elements of the Security Identities page and associated panels (see Privilege Management and Privilege Reference).

Action Service - Domain Required access level
View security identities

Content - Security identities

Content - Security identity providers

Organization - Activities

Organization - Organization

View
Manage security identities

Organization - Activities

Organization - Organization

View

Content - Security identities

Content - Security identity providers

Edit