Step 3: Link your Okta Credentials to your Yext Site

  1. In Yext, navigate to the admin console
  2. Click Add Resource and choose to add an authentication-policy resources under pages
  3. Configure your resource to look like the following:

    example-authentication-policy.json

    {
      "$id": "example-authentication-policy",
      "$schema": "https://schema.yext.com/config/pages/authentication-policy/v1",
      "name": "example-okta-policy",
      "authentication": {
        "oidc": { 
          "clientId": "abc",  
          "clientSecret": "xyz", 
          "loginUrl": "https://dev-11111.okta.com"
        } 
      }
    }
  4. Choose an ID of your choice.

  5. Use the name as defined in your auth.json file (or in the config.yaml file if you are on PagesJS 1.0.0 or higher) in Step 1 of this guide.

  6. The clientID and clientSecret can be obtained from your Okta application in the previous part.

  7. To find the loginUrl, navigate to your Okta account. In the upper right hand corner, click the arrow to view your profile information. The loginUrl is the url of your Okta account listed (likely example.okta.com). When pasting that into your authentication policy resource, you’ll need to add an “https://” to the beginning of the link. Also make sure that “/” is not appended.

    • See Optional Section below if you would like to add Secure API Tokens here.
  8. Apply your resource to the account.

  9. Redeploy your site.

What if I want to edit my policy?

Authentication policies are immutable, which means they cannot be changed. If you want to make a change you’ll have to make a new policy and re-deploy. While this may be inconvenient in the case where you have made a typo or want to change a password, the benefit is that all deploys (including previous ones) are secured by the policy connected to the deploy at the time and do not run the risk of a changed policy leaking your private site.

At what Site level does the policy apply?

Security is set per deploy. Therefore as long as your deploy is connected to an authentication policy, it will be entirely protected on the staging, preview, and production URLs.

Congratulations! Your site is now linked to your Okta account. You can test it out by navigating to your Site link in a private window (where you are not already logged in) and notice the Okta login page prior to accessing your site.

light bulb
Note
The client secret value becomes hidden upon policy creation. This means that as soon as you apply your resources to the account, only the policy creator and the system will have knowledge of the client secret value. This value is not stored in any repository and will never be visible in the Configuration as Code once the policy is applied and the page is refreshed.