How to map Native Realm Active Directory users to Google Drive users?

From the docs I've been trying to map my Active Directory users to their Google Drive counterparts. The API calls return 200, but when I try to list all identities, the list is empty.

POST< id >/external_identities
Authorization: Bearer < token >
Content-Type: application/json

  "user": "adusername",
  "source_user_id": ""

I have Elasticsearch configured to authenticate against AD.

In enterprise-search.yml, I have set ent_search.auth.es_users.source: elasticsearch-native.

What am I missing?

This is all on version 7.12.

I can log into Enterprise Search with my AD user, as can other users.

Heya David - to confirm: you are looking to map users on Google Drive for the purposes of result-level permission management, correct?

Have you successfully ingested documents in the Google Drive source making sure Document-Level Permission Synchronization was turned on at connection time?

1 Like

Yes, I selected the document level permission option when creating the google drive source.

The google drive source overview says that there are over 5000 documents.

The status says:


Perfect, thanks for confirming -

when I try to list all identities, the list is empty

Using the List API endpoint should return the appropriate mappings as defined, granted the Content Source ID is the same as the one used for setting up the mappings.

Are you able to retrieve individual mappings using the Show Endpoint?

1 Like

Here's what I get, when I GET:

GET< id >/external_identities

  "meta": {
    "page": {
      "current": 1,
      "total_pages": 0,
      "total_results": 0,
      "size": 25
  "results": []

Using the exact same content source id for the POST and GET requests.

You're question about the "Show Endpoint" would be querying for a specific user, right?

Something like:

GET< id >/external_identities/< username >

I tried that with both the AD username and the Google username. Both received 404's in response.

Ah, i was also using the google drive ID for it.

@jerrac can you send us the full curl command you're using (with -v for verbose output), and the full response back, when you attempt to add your external identity? With your token obfuscated, of course.

1 Like

Er, yeah, helps to use https in the post request. Not http...

Now my user mappings are getting added and that status message has gone away.

Thanks for the help!