Step 2: Authorized Search
We support the ability to add entity-level ACLs into a search experience. This means that in a single search experience, each user can see different results for the same query based on which entities or documents they have access to. We offer two ways of accomplishing this, Yext Authorization and External Authorization. Authorized search is configured at the vertical level, so you can also leverage Yext authorization, External authorization, and no authorization all in the same experience.
1. Yext Authorization
Yext Authorization pulls from user access controls in Yext. For each user, you can designate in Yext which entities they have permissions to view and limit their search results to match their entity level authorization.
Recommended for: Customer managing all their users in Yext. This is also easiest if you are integrating with Pages.
- If your website is hosted on Yext Pages: How to
- If your website is hosted Outside of Yext (NOT RECOMMENDED):
2. External Authorization
External Authorization integrates permissions from an external source (such as Google Drive or Sharepoint) with the entities in the Yext Platform. An external identity can be passed at query time in your token and linked to entities in Yext Content.
Even if you manage your users in Yext, you can still use External Authorization by associating external identities on your Yext users. Your vertical will be set to respect external permissions, but at query time, a Yext user ID is passed. Yext Search will look up the external identities associated with the Yext user, and respect the external permissions on the entities returned in the search based on the external identity(s) of the Yext searcher.
Recommended for: Users with data sets that already have document-level ACLs pulled in via a Data Connector like Google Drive, Box, Dropbox and Sharepoint. This is also a great option for customers who manage user permissions outside of Yext.