Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Data Classifications Create an Indexed Document Match Identifier Create an Indexed Document Match Identifier

Last updated: Aug 07, 2025

Create an Indexed Document Match Identifier

  1. Navigate to Secure > Settings > Data Classification > Indexed Document Matches and click ADD INDEXED DOCUMENT MATCH IDENTIFIER.
  2. Provide a name and description for the Indexed Document Match Identifier.
  3. Select the level of percentage match required for a scanned document to be considered a match against a document included in the IDM:

    • High: 80% or more of the scanned document must match a document indexed for the IDM.

    • Medium: 60% or more of the scanned document must match a document indexed for the IDM.

    • Low: 20% or more of the scanned document must match a document indexed for the IDM.

  4. If you have not already downloaded the DLP indexer, click the download icon to do so.
  5. Click Save.
  6. The Indexed Document Match Identifier now has a status of Data Not Indexed. You can expand the listing to view the details about the IDM Identifier. After you have indexed the IDM Identifier, you will be able to add it to a Data Classification as a custom identifier. Make note of the ID for the Indexed Document Match Identifier; you will need it to run the DLP indexer.

     
    The display page does not display the full IDM Identifier ID; use the Copy icon to copy the ID.
  7. Create an API key and secret for the DLP indexer.

    1. Navigate to Admin > API Keys and click Add.

    2. Provide an API Key Name and Description for the API Key.

    3. Select Policies > DLP Indexer for the scope and choose Read/Write for the permissions. Then click Create Key.

    4. Copy and save the API Key and Secret somewhere safe, as you will need them to run the DLP indexer.

  8. Use the Secure Access DLP indexer to fingerprint your example files.

    Run the indexer in a terminal window with the following command: java -jar <directory-path>\dlp-indexer.jar -i "<directory_paths or file-names separated by commas>" -u <IDM-id> -k <authKey> -s <authSecret>

    where:

    • <directory-path>\dlp-indexer.jar—the relative path to the location of the DLP indexer.

    • <directory_paths or file-names separated by commas>—the relative path to the directory containing your data, or a comma-separated list of files or directories.

    • <IDM_id>—the ID of the IDM Identifier retrievable from Secure Access UI. (See Step 6.)

    • <authKey>—the API Key previously saved at Step 7d.

    • <authSecret>—the API Secret previously saved at Step 7d.

The Indexed Document Match Identifier now has a status of Data Indexed; expand the listing to see details about the indexed files. You can now add the IDM to a Data Classification.

If you change your source file or directories you need to run the indexer on that file or directory again using the same IDM Identifier ID, API Key, and API Secret. This ensures that policies configured to use the IDM are updated to reflect the new data fingerprints. For more information, see Monitor the Indexed Data Set and Re-Index as Needed.

Previous topic Limitations Next topic Monitor the Indexed Data Set and Re-Index as Needed