Use External Authorization on Yext Users for Search (Optional) | Yext Hitchhikers Platform
Overview
External Authorization with Yext Auth is a way to integrate permissions from an external source (such as Google Drive or Sharepoint) with the Yext Platform. An external identity (or as many as you wish) can be assigned to a Yext User, which links an external permission to a user while still using Yext Auth.
Set up External Authorization
To set this up, you’ll need to do the following:
- Change your Search config on the vertical you want to use external authorization to set
type
toexternal
. Add external identities to your users. Currently, this can only be done via the API, so you can make a call that looks like the following. Basically, you’ll need to include the source of your permission + the identity.
- To update users: PUT https://api.yextapis.com/v2/accounts/me/users/{userID}?v=20161012&api_key={api_key}
Use the following format for the request body:
{ "id": "replace_with_external_yext_id", "firstName": "myFirstName", "lastName": "myLastName", "username": "myUserName", "emailAddress": "myEmail@yext.com", "externalIdentities": [ { "source":"google-drive", "identities": ["exampleIdentity@gmail.com", "yext.com"] } ] }
To create users ( more info here ) you can do the same request_body as above but with acl attributes added, and instead send a POST request.
Update Entities to include Authorization Fields
You’ll need to make sure all of your entities that you want to include in your permissioned search experience have the correct permissions associated with them. You must populate the field External Authorization Source, and then can populate the External Authorized Identities field and External Blocked Identities filed with your identities associated with the Yext users.
Entities can have both external identities as well as Yext permissioning system attached to it, and Search will know which system to respect based on the Search config by Vertical. The idea of allowed identities is to list any users or user groups that will have access to the entity. A blocked identity is useful if you want to add a user group to externalAuthorizedIdentities
, with the exception of a single person, which you can subsequently add as an externalblockedIdentity
to override it.