About the Email Security Provider
About the Email Security Provider
The Email Security Provider, which is present by default in your Coveo organization, serves as a central point to establish alias relationships between security identities corresponding to the same person across many secured enterprise systems.
A user will typically log in to your search interface by authenticating with an email address. This security identity is then added in the Email Security Provider. You can then establish aliases between identities in your other providers and this identity to ensure that when a user logs in with that email, they see all content that they have access to, regardless of the system from which each item originated.
You define an alias relationship between aliceSmith@example.com in the security identity provider of a secured Push source and the aSmith@example.com user in the Email Security Provider:
Request
PUT https://api.cloud.coveo.com/push/v1/organizations/mycoveocloudv2organizationg8tp8wu3/providers/mysecurityidentityproviderc6s1f3e/mappings HTTP/1.1
Content-Type: application/json
Authorization: Bearer **********-****-****-****-************Payload
See Security Identity Models for details on the objects expected in the payload of a security identity mapping request.
{
"Identity": {
"Name": "aliceSmith@example.com",
"Type": "USER"
},
"Mappings": [
{
"Name": "aSmith@example.com",
"Type": "USER",
"Provider": "Email Security Provider"
}
]
}Assuming that the security identity provider of the secured Push source cascades to the Email Security Provider, the user aSmith@example.com will be automatically added in the Email Security Provider.
Should the security identity providers of other sources in your Coveo organization also include users which are defined as aliases of the aSmith@example.com user in the Email Security Provider, a person who authenticates as any one of those users would be recognized as the aSmith@example.com user from the Email Security Provider, and be able to access the secured items which this user is allowed to see in each of those sources.
Granted identities
A granted identity is a type of security identity that’s automatically given to certain authenticated users by a security identity provider. A granted identity can be associated with multiple security identities to secure content.
The Email Security Provider automatically grants the following additional identities to each security identity it contains:
| Granted identity | Granted to |
|---|---|
All identities in the Email Security Provider |
|
All identities with an email address in the |
|
All identities with an email address in any subdomain of the |
*@*
The *@* identity is granted to all Email Security Provider security identities.
Therefore, if you use this identity to secure your content, every user that has an Email Security Provider security identity will have access to this content.
Public sources typically index content secured with *@*.
*@domain.com
The *@domain.com identity is granted to all Email Security Provider security identities from the same domain.
For example, identities jsmith@example.com and mwilson@example.com are both granted the *@example.com identity.
*@*.domain.com
The *@*.domain.com identity is granted to Email Security Provider security identities from any sub-domain of domain.com.
For example, identities jsmith@subdomain.example.com, jbloggs@subdomain2.example.com, and mwilson@subsubdomain.subdomain.example.com are all granted the *@*.example.com identity.
However, only mwilson@subsubdomain.subdomain.example.com is granted the *@*.subdomain.example.com identity.
Examples
| User’s identity | Identities granted |
|---|---|
|
|
|
|
|
|
Very useful
Not really
Very useful
Not really