| Table of Contents |
|---|
Introduction
...
The numbered steps below correspond to the red numbers in the graphic above. Authentication takes place in step 3 and 4 andauthorizationin step 6 and 7
The user opens a browser and enters the URL of the Locator search page in the address box
The Gateway routes the incoming request to the Search UI
The user is prompted for their credentials to authenticate.
The user is authenticated by the Authority service that is synced with one or more external user database, for instance Microsoft Active Directory.
The user enters a query in the search box of the Search UI
The query is expanded with user’s SIDs before it is passed to the Index.
The search result is cleaned for any document to which the user does not have access. This is referred to as security trimming.
The search result is further modified based on rules in the Rule Engine
The Search UI displays the search result with a URI to access the document at the data source
...
The retrieval of user and document SIDs is done by the connectors. Each connector is a specialist so to speak for a particular data source. Not all connectors support can be used with all the four authentication and authorization options above. Since the Authority Service can only be configured to use one of the four methods, it is necessary to find the most optimal method supported by all connectors to be used.
The green and red icon in the table below indicates which of the four authentication methods above that each connector supports. The example in the next section following 3 icons show to which degree each connector supports each of the methods above:
The method can be used (the connector fully supports the method)🟢 The method can be used (the connector uses another method that can be used in parallel with the method)
The method cannot be used
Below the table, there is an example that explains how to use the table to determine which authentication method to use.TABLE TO BE FILLED OUT BY CONNECTOR TEAM.
Connector | Azure AD | Azure AD with AD sync | Active Directory | Active Directory with Azure AD connector | |
|---|---|---|---|---|---|
| 1 | Recommended | 2nd choice | 3rd choice | Option of last resort | |
| 2 | AzureAD |
|
|
|
|
| 3 | Acos Websack [DBC] |
|
|
|
|
| 4 | Confluence |
| 🟢 |
| 🟢 |
| 5 | CorePublish |
|
|
|
|
| 6 | Dropbox Business |
|
|
|
|
| 7 | eDOCS DM [DBC] |
|
|
|
|
| 8 | EloECM |
|
|
|
|
| 9 | Enterprise Vault |
|
|
|
|
| 10 | ePhorte |
|
|
|
|
| 11 | Exchange - On Premises connection |
|
|
|
|
| 12 | Exchange - |
|
|
|
|
| 13 | Exchange - Online (Logon to hosted Exchange via cloud credentials) |
|
|
|
|
| 14 | FileServer |
|
|
|
|
| 15 | Google Workspace |
|
|
|
|
| 16 | Hubspot |
|
|
|
|
| 17 | Jira |
|
|
|
|
| 18 | Maconomy Cloud |
|
|
|
|
| 19 | Mailstore |
|
|
|
|
| 20 | MediaWiki |
|
|
|
|
| 21 | Microsoft Dynamics CRM |
|
|
|
|
| 22 | NetDocuments |
|
|
|
|
| 23 | P360Online |
|
|
|
|
| 24 | Salesforce |
|
|
|
|
| 25 | Sharepoint |
|
|
|
|
| 26 | Simployer aka Infotjenester |
|
|
|
|
| 27 | Slack |
|
|
|
|
| 28 | SuperOffice CRM | ||||
| 29 | SuperOffice CRM Online |
|
|
|
|
| 30 | Teams |
|
|
|
|
| 31 | Web |
|
|
|
|
| 32 | Worksite [DBC] |
|
|
|
|
Authentication Method Selection Example
THIS EXAMPLE IS WRONG DUE TO WRONG TABLE DATA. IT WILL BE CHANGED ONCE THE TABLE HAS BEEN CORRECTED.
The authentication method to use is found by identifying the left most column with only green icons for the set of connectors that one is to use.
...