Skip to content
TK Portal Documentation
Assigning Search Policies

Assigning Search policies🔗

Custom Claims for Search policies🔗

The previous sections covered the topic of creating and updating Search policies. In this section, the next step is described: assigning Search policies to users in order for them to access the corresponding candidate/job documents.

Search policies can be assigned to users by sending them as part of SAML/OIDC claims when the user gets authenticated. That gives the power to the integrating application to control the access options of each user by assigning the right Search policies when SSO is used and users are created on the fly.

It is of utmost importance to assign the users with the correct Search policies to avoid having users accessing documents to which they should not have access.

Using the example from the previous section, a user that gets assigned the "policy1" when logging in, will be able to see all documents that have been indexed with the access role "tenant1".


Search! will not be accessible (an error will be thrown) until at least one Search policies has been created and assigned to the user that is logging in. By the time the SSO authentication with the integrating application has been implemented the customer or integrating party should already have created the Search policies and assigned them to users. Failing to do so will restrict the users from getting access to Search!. This creates a secure and robust integration which requires an access schema to be in place before allowing any users to access data.

SSO claims for Search policies🔗

In case of using SAML-based SSO, it is possible to send the current Search policies for a user in a custom SAML claim.

If the user does not exist in the TK Portal database yet (e.g. when the user authenticates for the first time), the user is created with the Search policies that were passed in the claims.

On every subsequent SSO request, the Search policies passed as claims will overwrite the Search policies that have been previously set for the user. It is recommended to always provide the correct Search policy as part of the custom claims in the SSO requests.

For SAML, the claim is and should be a comma-separated list of Search policy names previously created using the API. Consult Authentication with SAML for more information.

For OIDC, refer to Authentication with OIDC.