Understanding the Email Security Provider

The Email Security Provider, which is present by default in your Coveo Cloud organization, works differently and serves a different purpose from the other security identity providers.

When a security identity is defined as the alias of a user in the Email Security Provider, this user is automatically added to the Email Security Provider (if not already present).

This means that the Email Security Provider can serve as a central point to establish alias relationships between security identities corresponding to the same person across many secured enterprise systems.

You define an alias relationship between aliceSmith@example.com in the security identity provider of a secured Push source and the aSmith@example.com user in the Email Security Provider:

Request

PUT https://api.cloud.coveo.com/push/v1/organizations/mycoveocloudv2organizationg8tp8wu3/providers/mysecurityidentityproviderc6s1f3e/mappings HTTP/1.1
 
Content-Type: application/json
Authorization: Bearer **********-****-****-****-************

Payload (see Security Identity Models - MappedIdentityBody)

{
  "Identity": {
    "Name": "aliceSmith@example.com",
    "Type": "USER"
    },
    "Mappings": [
      {
        "Name": "aSmith@example.com",
        "Type": "USER",
        "Provider": "Email Security Provider"
      }
    ]
}

Assuming that the security identity provider of the secured Push source cascades to the Email Security Provider, the user aSmith@example.com will be automatically added in the Email Security Provider (if not already present).

Should the security identity providers of other sources in your Coveo Cloud organization also include users which are defined as aliases of the aSmith@example.com user in the Email Security Provider, a person who authenticates as any one of those users would be recognized as the aSmith@example.com user from the Email Security Provider, and be able to access the secured items which this user is allowed to see in each of those sources.

Recommended Articles