Manage security identities

The Security Identities (platform-ca | platform-eu | platform-au) page lets you review security identity refreshes and manage when they occur (typically daily).

Your Coveo organization maintains lists of relationships between all the security identities (users and groups) for all indexed systems. See Coveo management of security identities and item permissions for more information. When a user performs a query, Coveo refers to these lists to instantly determine the user’s permissions and return only items the user is allowed to see.

The table also indicates:

  • Type: This refers to the security provider type, which often matches your source connector. It also indicates the number of associated sources.

  • Name: This is the display name of the security identity provider, with the provider ID listed underneath.

  • Status: This indicates the status of the security identity provider, including the progress of the refresh operation, the outcome of the last refresh attempt, the date, and the number of processed identities.

  • Content: This shows the number of identities maintained for this security identity provider and the number of these identities that are in error.

Browse security identities

You can view a list of all security identities managed by a provider on the Browse Security Identities subpage.

Alternatively, when encountering access issues with a specific item or user, you can go to the Content Browser (platform-ca | platform-eu | platform-au) to inspect the security identities at play.

Refresh a security identity provider

Ensure however that the desired security identity is also automatically updated following a manual update. See Configure security identity refresh schedules for more information.

Manually refresh a specific security identity

You can manually refresh a security identity on the Browse Security Identities subpage.

On this subpage, select the desired identity, and then, in the Action bar, click Refresh now. The Activity panel showcases details regarding the update process.

A manual refresh of a specific security identity is useful for when you encounter issues with a specific identity. See Security identity state reference for details. You can also perform a manual refresh to ensure that important security identity changes made in a system are taken into account in your searchable content.

Refresh all security identities

On the Security Identities (platform-ca | platform-eu | platform-au) page, click Refresh now to refresh all security identity providers at once.

This is useful when you know important security identity changes were made in several systems and want to ensure that they’re now taken into account in your searchable content.

Configure security identity refresh schedules

You can configure refresh schedules for a security identity provider. The security identities in this provider are then updated automatically on a regular basis, and may only require a manually triggered refresh when in error.

  1. On the Security Identities (platform-ca | platform-eu | platform-au) page, click the desired security provider, and then in the More menu, select Manage schedules.

  2. In the Edit Provider Schedules panel, select the appropriate recurrence and time of day you want each identity to be refreshed.

  3. Click Save. Changes are effective immediately.

Review additional statistics

On the Security Identities (platform-ca | platform-eu | platform-au) page, click the security identity provider for which you want to view the associated sources, and then click More > View additional statistics in the Action bar.

In the panel that appears, on the left side, you can review statistics regarding the identities associated to this provider. See Security identity state reference for details. On the right-hand side, you can review the name, ID, and type of the sources using to this security identity provider.

Review global statistics

On the Security Identities (platform-ca | platform-eu | platform-au) page, click Global-Stats to view security identity cache statistics.

In the Global Stats: Security Identity Cache panel, on the left side, you can review: the total number of security identity Providers and security Identities in this organization.

On the right-hand side, under Number of Identities by State, you can review how many identities are in each state. See Security identity state reference for more information.

Review the activity regarding security identities

As part of your duties, you may need to review activities related to security identities for investigation or troubleshooting purposes. To do so, in the upper-right corner of the Security Identities (platform-ca | platform-eu | platform-au) page, click clock.

See Review resource activity for details on activities and alternative ways to access this information.

Note

Since disabled security identities aren’t processed, you might notice a difference between the Number of entities processed and the Total number of entities in the activity details. See Security identity state reference for details.

In such case, you must rebuild the sources that use the identity provider. A disabled identity is re-enabled when:

  • An item that contains this identity is included

  • A group is updated and its members contain this identity

Download security identity provider update logs

Should you need more information about an ongoing or completed security provider update operation, you can download logs of the desired activity. Log files provide a detailed account of the update process, including any warning or error that hinders part or all the update operation.

Information in update logs is nonsensitive.

To download an update log

  1. On the Security Identities (platform-ca | platform-eu | platform-au) page, click the desired resource, and then click Activity in the Action bar.

  2. In the Activity panel that opens, click the desired activity, and then click Download Logs in the Action bar. The downloaded file is named after the unique operation ID representing the selected activity.

See Ways to review activity for alternative ways to access this information.

Security identity state reference

Depending on the success of their update, security identities are flagged with one of the following states: Not updated, In error, Out of date, Disabled, and Up to date.

For additional information on an identity that isn’t up to date, go to the Item Properties panel, in the Permissions and Permission Details tabs. See Review item properties for more information.

Edit a security identity provider

You can inspect and edit all security identity provider parameters from the JSON configuration, typically following instructions from the Coveo Support team.

  1. On the Security Identities (platform-ca | platform-eu | platform-au) page, click the security identity provider for which you want to review or change the JSON configuration, and then click More > Edit JSON in the Action bar.

  2. In the Edit a Security Identity Provider JSON Configuration panel:

    1. In the JSON configuration box:

      1. Copy and save the original content somewhere so you can restore the configuration to its original state if your changes lead to issues.

      2. Review or adjust the configuration as needed.

    2. Click Save.

  3. If you made changes, validate they perform as expected.

Required privileges

The following table indicates the privileges required to view or edit elements of the Security Identities (platform-ca | platform-eu | platform-au) page and associated panels. See Manage privileges and Privilege reference for details.

Action Service - Domain Required access level
View security identities

Content - Security identities

Content - Security identity providers

Organization - Activities

Organization - Organization

View
Manage security identities

Organization - Activities

Organization - Organization

View

Content - Security identities

Content - Security identity providers

Edit
Access the Activity Browser and view all organization activities

Organization - Activities

Organization - Organization

View
Download security identity provider update logs

Content - Connectivity diagnostic logs

Organization - Activities

Organization - Organization

View
Important

A member with the View access level on the Activities domain can access the Activity Browser. This member can therefore see all activities taking place in the organization, including those from Coveo Administration Console pages that they can’t access.