Credential groups – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Google Search Appliance: Managing Search for Controlled-Access Content

16

The following diagram presents an overview of what happens when a user searches for protected
content.

The numbers in the diagram refer to the following steps in the process:

1.

The user performs a search against content in one or more protected resources.

2.

The search appliance prompts he user once for all protected resources by using a single login page,
the Universal Login Form.

3.

The user enters one or more usernames and passwords for the protected resources on the
Universal Login Form and submits it.

The user is granted (or denied) access to the resources based on the credentials.

4.

The search appliance returns search results, with denied resources filtered out.

Credential Groups

A credential group represents the set of authentication mechanisms that share a username and
password. Credential groups enable the search appliance to gather user credentials by using the
Universal Login Form.

For example, suppose the ABC company has the following basic authentication-based and forms
authentication-based Single Sign-On (SSO) systems:

•

www.abcreports.com uses forms authentication. This domain hosts business reports that are
available for purchase.

•

documentation.abc.int uses forms authentication. This domain hosts design documents for use
by internal employees.

•

events.abc.int uses HTTP Basic authentication. This domain contains information about internal
company events

•

announce.abc.int uses forms authentication. This domain contains announcements for
employees.

•

directory.abc.int uses forms authentication. This domain provides phone and office location
information about employees.