About the Email Security Provider

In this article

The Email Security Provider, which is present by default in your Coveo organization, serves as a central point to establish alias relationships between security identities corresponding to the same person across many secured enterprise systems.

A user will typically log in to your search interface by authenticating with an email address. This security identity is then added in the Email Security Provider (if not already present). You can then establish aliases between identities in your other providers and this identity to ensure that when a user logs in with that email, they see all content that they have access to, regardless of the system from which each item originated.

You define an alias relationship between aliceSmith@example.com in the security identity provider of a secured Push source and the aSmith@example.com user in the Email Security Provider:

Request

PUT https://api.cloud.coveo.com/push/v1/organizations/mycoveocloudv2organizationg8tp8wu3/providers/mysecurityidentityproviderc6s1f3e/mappings HTTP/1.1
 
Content-Type: application/json
Authorization: Bearer **********-****-****-****-************

Payload (see Security Identity Models - MappedIdentityBody)

{
  "Identity": {
    "Name": "aliceSmith@example.com",
    "Type": "USER"
    },
    "Mappings": [
      {
        "Name": "aSmith@example.com",
        "Type": "USER",
        "Provider": "Email Security Provider"
      }
    ]
}

Assuming that the security identity provider of the secured Push source cascades to the Email Security Provider, the user aSmith@example.com will be automatically added in the Email Security Provider (if not already present).

Should the security identity providers of other sources in your Coveo organization also include users which are defined as aliases of the aSmith@example.com user in the Email Security Provider, a person who authenticates as any one of those users would be recognized as the aSmith@example.com user from the Email Security Provider, and be able to access the secured items which this user is allowed to see in each of those sources.