Back to Home | Help Center | Log Out
 Help Center
 
Help Center

Home

Crawl and Index

Serving
  Front Ends
    Output Format
    KeyMatch
    Related Queries
    Filters
    Remove URLs
    OneBox Modules
  Query Settings
  OneBox Modules
  Document Preview Module
  Result Biasing
  Dynamic Navigation
  Suggestions
  Access Control
  Head Requestor Deny Rules
  Policy ACLs
  Universal Login
  Universal Login Auth Mechanisms
    Cookie
    HTTP
    Client Certificate
    Kerberos
    SAML
    Connectors
    LDAP
  Universal Login Form Customization
  Flexible Authorization
  Alerts
  Language Bundles

Status and Reports

Connector Administration

Social Connect

Cloud Connect

GSA Unification

GSAn

Administration

More Information

Serving > Universal Login

Use the Serving > Universal Login page to perform the following tasks:

The search appliance keeps logs about Universal Login that you can also download by clicking SecMgr Log.

Configuring Perimeter Security

Perimeter security ensures that the search appliance doesn't serve any results without user authentication

When perimeter security is enabled, the search appliance prompts the user for credentials when he first visits the search page. The search appliance authenticates the user by using the authentication mechanisms that are configured for Universal Login.

If the user is successfully authenticated, the search appliance serves results. If the user is searching for public content only, no authorization is required to view results. If the user is searching for both public and secure content, the search appliance uses the credentials it has gathered to perform authorization on secure documents. The user is not prompted again for credentials.

If the user cannot be authenticated, the search appliance doesn't serve any results.

To configure perimeter security

  1. Click the Enable perimeter security checkbox.
  2. Click Save Perimeter Security Configuration.

Setting Up Credential Groups

A credential group is an administrator-defined set of domains that share a user directory or use duplicated user directories. You might think of a credential group as all the login services that use the same username and password. Credential groups enable the Google Search Appliance to gather user credentials by using the Universal Login Form.

Set up credential groups by performing the following tasks:

  1. Creating Credential Groups
  2. Configuring Credential Groups

Default Credential Group

The Google Search Appliance provides a built-in credential group named Default. You can configure the Default credential group.

Credential Group Name and Display Name

For each credential group that you set up, you can provide a name by using the Credential Group Name box. If you want a different name for the credential group to appear on the Universal Login form, type this name in the Credential Group Display Name box. If you do not provide a Credential Group Display Name, the Credential Group Name appears on the Universal Login Form.

Credential Group Options

For each credential group that you create, you can choose two options:

  • Require a User-name for this credential group?
  • Group is Optional?

The following table describes these options.

Option Description
Require a user-name for this credential group?

This option ensures that the system has a username for an authenticated user. This option is important when your configuration uses cookie-based authentication in combination with an authorization mechanism that requires user-names, such as policy ACLs and SAML.

If a user presents pre-existing cookies that are sufficient for access to configured sample URLs, but no cookie cracker is in use, the search appliance does not know the user's name. In this case, if the box is checked, the credential group is not pre-satisified, even if the sample URL check succeeds, and a Universal Login Form is presented to the user. If a user-name is available, from a different authentication mechanism, a previous Universal Login Form, or a cookie cracker, then the group can be pre-satisfied, and if all credential groups are pre-satisfied, then the Universal Login Form is skipped altogether.
Group is optional? This option controls the behavior of the Universal Login Form.
If this option is checked, the user is not required to type a username and password in the Universal Login Form for this credential group. The user can submit the Universal Login Form and view search results. However, if the user does not login, then search results do not include secure results protected by that credential group.
If this option is not checked, the user is required to type a username and password in the Universal Login Form. The user cannot view any search results until he has supplied his username and password. He will keep being sent back to the Universal Login Form until he provides the correct credentials.

Creating Credential Groups

To create a new credential group:

  1. Click Serving > Universal Login.
  2. In the Credential Group Name box, type a unique name for the new credential group. A credential group name must not be the same as another credential group name or mechanism name.
    Credential group names can be up to 200 characters long and can contain only alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen.
  3. (Optional) Type the name that you want to appear on the Universal Login form in the Credential Group Display Name box. There are no character or format restrictions on the Credential Group Display Name.
  4. Select Require a user-name for this credential group? and Group is optional?, as described in the preceding table.
  5. Click Create New Credential Group.
    The new credential group's name appears in the list of credential groups.

Configuring Credential Groups

After you create a new credential group, you can configure it by adding a credential group rule on the Serving > Universal Login Auth Mechanisms page. This page provides tabs for adding resources in different types of authentication domains to credential groups. For information about a tab, see the help page for that tab.

Editing a Credential Group

To edit a credential group:

  1. Click Serving > Universal Login.
  2. Click the Edit link next to the credential group name you want to edit.
  3. Make changes to the credential group.
  4. Click Save.

Deleting a Credential Group

To delete a credential group:

  1. Click Serving > Universal Login.
  2. Click theĀ Delete link next to the credential group that you want to delete.

Related Task

You can modify the appearance of the Universal Login Form or replace the Universal Login Form with your own fully customized HTML page. For information about these topics, click Help Center > Serving > Universal Login Form Customization.

For More Information

For more information about Universal Login and credential groups, see "Managing Search for Controlled-Access Content," which is linked to the Google Search Appliance help center.

 
© Google Inc.