Workstation Enterprise Search

Last Updated March 27, 2023

Brief Overview

Workstation Enterprise Search enables you to discover applications and resources with a single unified search. It searches across WalkMe content and content within 3rd-party apps that were connected in the Settings Integrations page.

Enterprise search does the following:

  • Provide fast and efficient knowledge discovery, eliminating the need to search across multiple disparate data sources
  • Generate personalized, AI-powered results where users can filter by app and file type
  • Preserve business security and end-user privacy, with zero indexing and respecting access permissions

Get to Know

Filter by app

You can search across all of your integrated apps, or filter the search to specific apps:

  1. Click the dropdown in the search bar
  2. Select the apps you want to filter the search to

Search Shortcuts

There are also quick keyboard shortcuts you can use in order to adjust your apps without changing the search filter.

  • Open search: Press Ctrl/Cmd+F
  • Filter your search to a specific app: Type in:{app name}
    • For example, if you have all of the apps selected in the filter and then type in:servicenow, you will only see results from ServiceNow
    • Remove the shortcut to return to your filter
  • Add an app to your search filter: Type add:{app name}
    • For example, if you filtered your search to a few apps and you want to add ServiceNow without adjusting your filter, type add:servicenow
    • Remove the shortcut to return to your filter
  • Remove an app from your search filter: Type remove:{app name}
    • For example, if you no longer want to see results for ServiceNow, type remove:servicenow
    • Remove the shortcut to return to your filter

Filter by category

When your search results load, there are additional category filters that appear. This lets you further specify your search to the content type.

This comes in handy, for example, if you know you’re looking for a document, but you don’t remember what app it’s from. Simply click the Document button and the search will filter to only documents across all of the apps in your search filter.

The category filter only shows the content type that appeared in the search results. So if none of the results are a document, then the document category won’t be a choice.

Click here for a list of all possible categories...
  • Document
  • Ticket
  • Message
  • Spreadsheet
  • Media
  • Answers
  • ActionBot
  • Resource
  • Code
  • Deals
  • Opportunities
  • Accounts
  • Events
  • Reports
  • Apps
  • Presentations
  • Leads
  • Website

Search results

Your search results will show you the content name and what app it’s from. Clicking on a result will put it in the Recently Viewed widget on your homepage so that you can quickly get back to it.

Sorting search results

The Enterprise Search uses a Sorter Service that sorts the results according to its relevance. How the sorter service performs the sorting-

  1. A user searches for a term in the Workstation app
  2. Search service gets the term and calls for each connected app’s service
  3. Connected app’s service search for this term, each with its own API call and implementation
  4. Search service gets all the search results from all the connected apps
  5. Search service calls the sorter service with the results
  6. Sorter service sorts/orders the results and sends the sorted/ordered results back to the Search service
  7. Search service returns the results back to the Workstation app

The Sorter service uses 8 different scoring methods, including stemming, fuzziness and NLP, in addition to the basic Levenshtein distance. Recently Viewed items get a higher prioritization in search results as well, since they’re most likely to be more relevant to the user during the search process.


Workstation does not index results. Some data is stored on the client side. For example, the data which appears on Recent Search Results or in the Recently Viewed widget.

Rest of the data displayed to the user on the Search flow is brought in real-time from the 3rd-party apps API’s.


The Enterprise Search uses 3rd-party integrations to implement a “federal search”. Searches within Workstation are backed by an NLP engine, and a graph database that supports a great user experience. Workstation Enterprise Search doesn’t index 3rd-party data on an independently searchable database. See below sequence diagram describes the searching algorithm:

  1. Cache layer saves results for a period of five minutes
  2. Each Adopter Service creates a unique identifier for the results which is meaningless without access to the 3rd-party and stores it in the graph database

3rd-Party Access and Refresh Tokens

To activate the Enterprise Search (and the Personalized Workspace widgets), each employee is required to grant Workstation permission to access the 3rd-party. The granting process is using the OAuth2.0 protocol. Each time a new access token is granted to the Workstation, the application will encrypt the access and refresh tokens and store it in a remote database.

The encryption process includes a unique private key (“salt”) that is generated for each individual at the very first bootstrap and stored in the local machine Keychain. The salt is irreplaceable and not restorable – losing it causes the access tokens to be voided. This security measure is being taken to eliminate identity spoofing when accessing high-sensitive data.

See the diagram below to review the salt generation and storage flow.

Accessing 3rd-Party Content

Accessing 3rd-party content requires user consent, and in some cases, mostly on Microsoft products, an organization admin consent. Users grant Workstation the necessary permission by approving an OAuth2.0 consent screen that is being triggered by them from the Workstation application (“Third-party apps”).

The third-party apps are being approved and verified by third-parties products. By the end of the granting process, the third-party apps provide access and refresh tokens that are used by the search engine to establish the requests.

See 3rd-Party Access and Refresh Tokens section above for more information about the storing mechanism.

While searching, the search engine forwards the request, before hitting the Adopter Service, through the Token Injector; a service that injects the relevant tokens to accomplish the request. The local private key is being handed off over the search HTTPS request for runtime decryption.

JWT Protection

When a user initiates a search query – the WalkMe enterprise search starts a search flow that is being protected by a JWT assigned by WalkMe IdP integration, as part of the user signing flow:

The JWT is proxying the user identity and keeping any HTTPS request secured and individual.

All Workstation requests are protected by a JWT validation.

Read more about integration security here.


Was this article helpful?

Thanks for your feedback!

Select account type

< Back

Mobile account login

< Back