In this paper, we have reviewed the process of designing security for your enterprise search project with the Google Search Appliance. This requires a solid understanding of security in your organization, as well as the related content sources that will be part of the project. You need to invest quality time in analyzing this scenario and modeling authentication and authorization in the search appliance.
Security Best Practices Overview
- Spend time up front to analyze the following:
- Which identity providers you'll have to integrate with for Authentication
- How you'll authorize documents from each content source integrated with the GSA
- When possible, use supported, out of the box components to integrate security on the GSA, such as:
- Google Search Appliance SAML Bridge for Windows
- Google Search Appliance Connector for Active Directory
- Model each identity provider you have to integrate with a credential group
- Classify credential groups per corporate security systems (identity providers) and associate them with content sources.
- Whenever possible, use only one credential group per identity provider.
- Credential groups should be mapped to unique identity mechanisms, not necessarily content sources.
- One set of credentials can be used across many content sources that share the same identity source.
- Use ACLs to security trim documents as this makes authorization faster and creates a better overall search experience.