Step 4: Configure Your Search Experience

Next, you’ll need to make sure that Search can accept the token you have configured in your authentication policy.

Jambo and Sites With a Subdomain

You’ll need to make the following changes to your repo:

light bulb
Note
Make sure you are on version 1.27 of the Theme or later.
  1. In your global_config.json, set useJWT and initializeManually to true.
  2. Fork the on-document-load.js script by clicking Tools > Jambo Commands > Override Theme > script > on-document-load.js > Submit.
  3. Now, in your forked on-document-load.js, add the call for the runtime config with the tokenHeader attribute, and pass the visitor if you are using visitor level analytics. You can copy and paste the following code:

    const token = window.YEXT_TOKENS.SITE_SEARCH.token;
    const visitor = window.YEXT_AUTH.visitor;
    AnswersExperience.init({visitor: visitor, 
    tokenHeader:token});

Any page where you add a search bar will have the same YEXT_TOKENS and YEXT_AUTH variables in the window. When you add the search bar:

  1. Replace apiKey with token, which can be found on the window.
  2. Add visitor attribute (OPT_IN), which can be found on the window.

The search bar initialization will look something like this:

ANSWERS.init({
token: window.YEXT_TOKENS.SITE_SEARCH.token,
visitor: window.YEXT_AUTH.visitor, 
//etc

ANSWERS.addComponent(searchbar, { .. });

});
light bulb
Note
“SITE_SEARCH” in the on_document_load partial and search bar initialization should be replaced with your token name as configured in your authentication policy resource.

Add Authorization to your Search Config

Finally, you’ll need to configure the verticals in your Search experience that you would like to use Authorized search. If using Yext Auth, you need to set the type to yext in the JSON config. You can do this by navigating to your Search experience, clicking Edit in Json on the left, and adding in this snippet of code for the vertical you intend to protect with Yext Auth permissions. Note that this is done on the vertical level.

{
  "verticals": {
    "googleDrive": {
      "entityTypes": ["googleDriveDocument"],
      "authorization": {
            "type": "yext"
        }
      },

If you are interested in using External Authorization as well, see the Optional ‘External Authorization on Yext Users for Search’ step of this guide.

light bulb
Note
Currently, Query Suggest and Spellcheck are not compatible with Authorized Search. This means that entities that may not surface as a Search result do still exist as part of Query Suggest and Spellcheck. We therefore recommend turning off those two features in order to make sure your experience is as secure as possible.