![]() |
|
Admin Console Help
Home |
Search > Secure Search > Universal Login Auth Mechanisms > ConnectorsUse the Search > Secure Search > Universal Login Auth Mechanisms > Connectors page for configuring a credential group for connectors by adding a credential group rule. Before Starting this TaskBefore adding a rule for a credential group for connectors, complete the tasks listed in the following table.
Adding a Credential Group Rule for ConnectorsYou can add a rule for a registered connector manager that has one connector instance with support for the authentication Service Provider Interface (SPI). You can have only one connector instance per connector manager with this authentication method. When you add a credential group, you must enter a Mechanism Name. The Mechanism Name that you enter will appear in the Authentication ID pull-down menu on the Search > Secure Search > Flexible Authorization page. The Mechanism Name enables you to instruct the authorization mechanism to use a session identity from a specific credential group or instance of an authentication mechanism. A mechanism name must not be the same as another mechanism name or credential group name. Mechanism names are case-insensitive and can be up to 200 characters long, and can contain only alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen. You can specify Timeout. This value indicates the time for making a network connection. The default value is 3 seconds. If the search appliance does not make the network connection in the specified time, it abandons the attempt. Use this field to override the default timeout of 3 seconds. Optionally, you can specify how long the authentication mechanisms's verification of user credentials will be trusted, in seconds, by using the Trust Duration box. Once a successful verification is received from the authentication mechanism, further requests within the specified trust duration re-use the verification results that were previously obtained without contacting the authentication mechanism. After the trust duration expires, the authentication mechanism is contacted again. The user will need to provide his credentials again at this time. Take note that a user might also be prompted to provide credentials again if the Session Idle Time times out. In fact, the user is prompted to provide credentials when the shortest setting (session idle time or trust duration) times out first. For this reason, Google recommends coordinating the two settings. To set Session Idle Time, use the Search > Secure Search > Access Control page. By default, the connector looks up a user's group information and performs authentication. Optionally, you can make the connector lookup group information without performing authentication by using the Perform group lookup only checkbox. To add a credential group rule for a connector manager:
To delete a rule:
For More InformationFor more information about Universal Login and credential groups, see "Managing Search for Controlled-Access Content," which is linked to the Google Search Appliance help center. |
||||||||
© Google Inc. |