Add SSO to integrate with enterprise IDPs using protocols such as SAML & OIDC.

Self Service SSO Configuration

Grant customers freedom to configure SSO access for their accounts β€” complete self service, at your service.

Mapping Active Directory

When configuring your SSO, you can map your Active Directory groups to your Frontegg Roles to make securing your app easier than ever.

When mapping your Active Directory to your Frontegg Roles, you can assign your SSO users a default Frontegg Role. In addition, if you manage your organization's users with Okta, you can easily map Frontegg Roles to Okta Groups

Here's how. In the admin section of the Frontegg dashboard, click on the SSO page. Next, click on Step 3, which should cause a form to appear. The form has an input for selecting a default Frontegg Role to assign to all SSO users. The form also has a button for Add Mapping, which is where you can map Frontegg Roles to Okta Groups.

To assign a default Role to all SSO users, in the input, add a Frontegg Role from your list of predefined Roles. To add a Frontegg Role to your list of predefined Roles, you must have already created that role.

Whichever Roles you include in the input, those Roles will be assigned to all SSO users.

To map your Okta groups to Frontegg Roles, click the Add Mapping button, which should cause a form to appear on your page. At the top of the form, you should see the default Roles that you selected for all SSO users. Remember, those Roles will apply to all SSO users regardless of whatever additional roles you assign to those users below.

To assign additional Frontegg Roles to the SSO users, below the option to select default Roles is a table for mapping Frontegg Roles to Okta Groups.

In that table, in the Group input, enter the Name of the Group from Okta that you want to connect to a Frontegg Role. For instance, in the image below from an Okta account, Managers is an Okta Group Name.

In the corresponding Roles input, add the Frontegg Roles that you want to map to the Okta Group. Remember, to add a Frontegg Role, you must have already created that role in Frontegg.

Click save.

The next time you login to Frontegg using SAML, you will get user Roles and Permissions from Frontegg that apply the default Roles and are mapped to your Okta Groups.

Group to Roles Mapping

When your customers configure their SSO, they can choose to map their SAML identity provider groups to your roles. By mapping SAML identity provider groups to your roles, each SAML group member will be automatically assigned to the matching role. Note that you can map more than one role to each SAML identity provider group.

Read more about creating and using roles in the Frontegg Portal.


Did this page help you?