Upgrading to the Expanded Security Provider

Coveo for Sitecore (October 2016) Cloud only

The October 2016 release of Coveo for Sitecore introduces a new security provider: the Expanded Security Provider.

Before this version, Coveo Platform was pulling permissions from your Sitecore instance and therefore needed access to retrieve effective permissions. The new provider sits directly in your Sitecore instance and pushes the permissions model to Coveo Cloud which is now the preferred way to handle securities.

Existing Installations

Users upgrading to this version should have their security provider created in the background and their identities sent seamlessly.

However, the new provider won’t be used until the source gets deleted and recreated.

In the future, Coveo for Sitecore will enforce this new provider. We recommend that you update it as soon as possible.

Follow these steps to start using the new provider:

Planned Downtime Upgrade

While your index is deleted, your search will be down until your new index has been built, which should take the same amount of time as a normal index rebuild. If you want a zero downtime upgrade, see Zero Downtime Upgrade.

If you plan to have a downtime, follow this procedure.

  1. Ensure that all of your Coveo for Sitecore instances are using a version compatible with the Expanded Security Provider.
  2. Delete your sources.
    1. In the Coveo Platform, under Content > Sources, select one of your Sitecore sources.
    2. Select More, and then Delete.
    3. Repeat these steps for all of your Sitecore sources.
  3. Rebuild your index (see Coveo for Sitecore Indexing Guide).
  4. Your new sources should now use the new security provider.

Zero Downtime Upgrade

Follow these steps to ensure a zero downtime upgrade.

  1. Ensure that every Sitecore instance that uses Coveo for Sitecore are up-to-date, on the same version, and compatible with the Expanded Security Provider.
  2. Ensure that the Expanded Security Provider is created by triggering a synchronization of the permissions.

    1. In your Sitecore instance, go to the Control Panel > Coveo Search > Actions.

    2. Select Synchronize Permissions.

      If the pushPermissionsOnRebuild option is set to true for the indexes, it’s also possible to trigger a rebuild to synchronize the permissions.

      This options is available in the Coveo.SearchProvider.config file.

  3. Access the following page:


    This page shows every security provider that can be upgraded. If your security provider isn’t shown, the permissions are most probably not pushed for this security provider. In this case, you should repeat step 2.

  4. When you’re ready, click Upgrade on the previous page. This is to ensure that you’re ready to upgrade, meaning that all of your instances are up-to-date and ready to switch.

    Your indexes are now tagged and ready to upgrade, regardless of whether your Sitecore instance restarts or recycles.

  5. Rebuild each of your indexes that use this security provider.

    Your first attempt to rebuild after you upgrade to the expanded security provider may trigger the following error:

    Failed to obtain resource located at '{organization}/sources?rebuild=false'. "Source with name 'Temporary source for Sitecore Security Provider for {instance name}' already exists.","errorCode":"INVALID_SOURCE_CONFIGURATION"

    If so, relaunch the rebuild. This error is likely to be caused by a slight delay between the upgrade and the availability of the new provider.

  6. On the Coveo Diagnostic Page (Control Panel > Coveo Search > Diagnostic Page), validate that your security provider is now an Expanded Permissions Provider. If not, ensure all your indexes have been rebuilt.

New Installations

New installations of Coveo for Sitecore that use the October 2016 version or a more recent one should already be on the new provider and don’t need to take any additional steps.