External Authorization FAQs | Yext Hitchhikers Platform

When should I use Yext Auth?

Yext Auth is the best solution when the content is created in Yext Content directly or the permissions can easily be represented via Yext User roles and scopes. Yext Auth is a simpler system and when in doubt is a better approach. This is available only if you are using Yext Auth to log users into the experience.

When should I use External Authorization?

External Authorization is great when the content is not created in Yext Content and you want to duplicate a complex permissioning scheme that exists in an external system. For example, if you want to replicate the permissions system of Dropbox or Box or Google Drive, External Permissions is a good system. External Authorization can be used with Yext users, but it is also a great option for customers who are not storing their users as Yext Users.

Why is External Authorization advantageous?

Not all external authorization systems are compatible with Yext user permissions. For example in Google Drive “A permission grants a user, group, domain or the world access to a file or a folder hierarchy”. Yext does not have the concept of a domain. As another example, inside of Sharepoint you can share a file with a group and then explicitly revoke access to a subset of users.

Why would I add external identities to my Yext users?

You could add your Google Drive identity (such as your g-mail) to your Yext User. Then for each API call you can rely on the Yext IDP for authentication, but Search will look up the Yext user’s external identities and use the external permissions associated with your entities to determine what can be surfaced.

Can I block a certain user in a user group from viewing an entity in an External Authorized Search experience?

Yes, we support the concept of a blocked list. This means that you can allow an entire group of users except a subset to have permission to view an entity in Search.

Can a user have multiple external identities?

Yes, a user can have as many external identities as they want. When checking the permissions on the entity to see if it should be surfaced, Search will make sure that at least one of the user’s identities matches that of the entity.

Do we support multiple external sources on a given entity?

No, each entity can only obey the permissions of one external source. This means that you can only associate Google Drive or Salesforce permissions, for example, on an entity. That way, the authorization on an entity must exactly match at least one of the identities passed at query time.

Can an entity have Yext Auth permissions as well as external permissions?

Yes, entities can be part of the Yext Auth scheme as well as the external authorization scheme. However, based on your Search config, only one of the permissioning schemes will be adhered to.

Feedback