Step 2: Authorized Search

We support the ability to add entity-level ACLs into a search experience. This means that in a single search experience, each user can see different results for the same query based on which entities or documents they have access to. We offer two ways of accomplishing this, Yext Authorization and External Authorization. Authorized search is configured at the vertical level, so you can also leverage Yext authorization, External authorization, and no authorization all in the same experience.

1. Yext Authorization

Yext Authorization pulls from user access controls in Yext. For each user, you can designate in Yext which entities they have permissions to view and limit their search results to match their entity level authorization.

Recommended for: Customer managing all their users in Yext. This is also easiest if you are integrating with Pages.

Compatibility: yext auth chart


2. External Authorization

External Authorization integrates permissions from an external source (such as Google Drive or Sharepoint) with the entities in the Yext Platform. An external identity can be passed at query time in your token and linked to entities in Yext Content.

Even if you manage your users in Yext, you can still use External Authorization by associating external identities on your Yext users. Your vertical will be set to respect external permissions, but at query time, a Yext user ID is passed. Yext Search will look up the external identities associated with the Yext user, and respect the external permissions on the entities returned in the search based on the external identity(s) of the Yext searcher.

For some FAQs on External Authorization, see the Appendix .

Recommended for: Users with data sets that already have document-level ACLs pulled in via a Data Connector like Google Drive, Box, Dropbox and Sharepoint. This is also a great option for customers who manage user permissions outside of Yext.

external auth compatibility