Configuring the Entitlements Agent

Frontegg Documentation

To work with Entitlements, you must configure the Entitlements Agent. The agent is based on the Docker functionality and, therefore, needs to be installed in advance.
The Agent works with the Entitlements SDK — The SDK is integrated into your server application whilst the Agent
is running on your infrastructure. Together they allow for constant fetching and validation of information regarding your users' access to resources.

📘

Legacy

Earlier versions of Entitlements were based on the old Entitlements SDKs [without the Agent]. The addition of the Agent ensures requests for changes in user entitlements are constantly being sent and updated in the agent's local cache — thus providing up-to-date access control information.

Configuring the agent

To configure the agent, follow the below steps:

Step 1: Pull the Agent

Using the Docker, you will need to pull the Entitlements agent.

docker pull frontegg/entitlements-agent:latest

📘

Docker installation

If you do not have Docker installed as of yet, you can do so via this link.

Step 2: Run the agent as a Docker container

The Agent is configured using your environment variables. To run the agent as the Docker container you will need to include the following fields:

  • FRONTEGG_CLIENT_ID - The value can be found in your portal's Env Settings section under the Client ID field.
  • FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID - Your Client ID from the Frontegg portal.
  • FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET - Your Secret Key from the Frontegg portal.

To generate client credentials, please go to your Frontegg account and click on your name icon at the upper right corner:

Under the administration menu on the dropdown, choose Personal tokens and create a personal token.

Use the Client ID and Secret Keyas FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET in the docker settings.

Optional configuration values include:

  • FRONTEGG_REGION - Your Frontegg's region, possible values are eu, us, au, ca. When this variable is not set, it defaults to eu.
  • POLLING_MIN_DELAY - the minimal delay in seconds between data synchronization calls. Positive integers only. The default value is 30 sec (i.e., POLLING_MIN_DELAY="30").
  • POLLING_MAX_DELAY - the maximal delay in seconds between data synchronization calls. Positive integers only. The default value is 60 sec (i.e., POLLING_MAX_DELAY="60").

Then, use the fields to run the request:

docker run -p 8181:8181 \
   -e FRONTEGG_CLIENT_ID=<YOUR_CLIENT_ID> \
   -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID=<YOUR_PERSONAL_TOKEN_CLIENT_ID> \
   -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET=<YOUR_PERSONAL_TOKEN_SECRET> \
   -e FRONTEGG_REGION=<eu|us|au|ca> \
   frontegg/entitlements-agent

Cloud deployment health checks

If your deployment requires health checking, the Agent exposes a health check endpoint: GET /health.
This endpoint can be enriched with query param: ?bundles=frontegg, which also checks whether
The agent was able to pull the entitlements configuration from Frontegg's servers.

GET /health?bundles=frontegg