Step 3: Link your Credentials to your Yext Site

  1. Navigate to the Admin Console
  2. Click Add Resource and choose to add an authentication-policy resource under pages
  3. Configure your resource to look like the following: example-authentication-policy.json

    {
      "$id": "example-authentication-policy",
      "$schema": "https://schema.yext.com/config/pages/authentication-policy/v1",
      "name": "example-oidc-policy",
      "authentication": {
        "oidc": {
          "clientId": "abc",
          "clientSecret": "xyz",
          "loginUrl": "https://dev-c1v5zlwj.us.auth0.com/"
        }
      }
    }
    book
    Note
    Depending on your OIDC provider (such as Azure), you may also need to provide a configurationEndpoint in the Yext auth config. This endpoint may be needed for some identity providers where the configuration endpoint cannot be derived from the loginURL. Refer to the Yext auth config schema for more information.
  4. Choose an id of your choice.

  5. Use the name as defined in your auth.json file (or in the config.yaml file if you are on PagesJS 1.0.0 or higher) in Step 1 of this guide.

  6. The clientID and clientSecret can be obtained from your IDP application in the previous part.

  7. Paste the loginUrl from your app. However, you’ll need to add an “https://” to the beginning of the link.

    • See Optional Section below if you would like to add Secure API Tokens here
  8. Apply your resource to the account.

  9. Redeploy your Site.

What if I want to edit my policy?

Authentication policies are immutable, which means they cannot be changed. If you want to make a change you’ll have to make a new policy and re-deploy. While this may be inconvenient in the case where you have made a typo or want to change a password, the benefit is that all deploys (including previous ones) are secured by the policy connected to the deploy at the time and do not run the risk of a changed policy leaking your private site.

At what Site level does the policy apply?

Security is set per deploy. Therefore as long as your deploy is connected to an authentication policy, it will be entirely protected on the staging, preview, and production URLs.

Congratulations! Your site is now linked to your IDP account. You can test it out by navigating to your Site link in a private window (where you are not already logged in) and notice the IDP login page prior to accessing your site.

light bulb
Note
The client secret value becomes hidden upon policy creation. This means that as soon as you apply your resources to the account, only the policy creator and the system will have knowledge of the client secret value. This value is not stored in any repository and will never be visible in the Configuration as Code once the policy is applied and the page is refreshed.
Feedback