Summary, Security best practices overview – Google Search Appliance Security User Manual

39

Summary

In this paper, we have reviewed the process of designing security for your enterprise search project with
the Google Search Appliance. This requires a solid understanding of security in your organization, as well
as the related content sources that will be part of the project. You need to invest quality time in analyzing
this scenario and modeling authentication and authorization in the search appliance.

Security Best Practices Overview

●

Spend time up front to analyze the following:

○

Which identity providers you’ll have to integrate with for Authentication

○

How you’ll authorize documents from each content source integrated with the GSA

●

When possible, use supported, out of the box components to integrate security on the GSA,
such as:

○

Kerberos

○

Google Search Appliance SAML Bridge for Windows

○

LDAP

○

Google Search Appliance Connector for Active Directory

●

Model each identity provider you have to integrate with a credential group

●

Classify credential groups per corporate security systems (identity providers) and associate them
with content sources.

○

Whenever possible, use only one credential group per identity provider.

○

Credential groups should be mapped to unique identity mechanisms, not necessarily
content sources.

○

One set of credentials can be used across many content sources that share the same
identity source.

●

Use ACLs to security trim documents as this makes authorization faster and creates a better
overall search experience.