To work with Entitlements, you must configure the Entitlements Agent. The agent is based on the Docker functionality and, therefore, needs to be installed in advance.
The Agent works with the Entitlements SDK — The SDK is integrated into your server application whilst the Agent
is running on your infrastructure. Together they allow for constant fetching and validation of information regarding your users' access to resources.
Legacy
Earlier versions of Entitlements were based on the old Entitlements SDKs [without the Agent]. The addition of the Agent ensures requests for changes in user entitlements are constantly being sent and updated in the agent's local cache — thus providing up-to-date access control information.
Configuring the agent
To configure the agent, follow the below steps:
Step 1: Pull the Agent
Using the Docker, you will need to pull the Entitlements agent.
docker pull frontegg/entitlements-agent:latest
Docker installation
If you do not have Docker installed as of yet, you can do so via this link.
Step 2: Run the agent as a Docker container
The Agent is configured using your environment variables. To run the agent as the Docker container you will need to include the following fields:
FRONTEGG_CLIENT_ID
- The value can be found in your portal's Env Settings section under the Client ID field.
FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID
- Your Client ID from the Frontegg portal.FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET
- Your Secret Key from the Frontegg portal.
To generate client credentials, please go to your Frontegg account and click on your name icon at the upper right corner:
Under the administration menu on the dropdown, choose Personal tokens and create a personal token.
Use the Client ID
and Secret Key
as FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID
and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET
in the docker settings.
Optional configuration values include:
FRONTEGG_REGION
- Your Frontegg's region, possible values areeu
,us
,au
,ca
. When this variable is not set, it defaults toeu
.POLLING_MIN_DELAY
- the minimal delay in seconds between data synchronization calls. Positive integers only. The default value is 30 sec (i.e.,POLLING_MIN_DELAY="30"
).POLLING_MAX_DELAY
- the maximal delay in seconds between data synchronization calls. Positive integers only. The default value is 60 sec (i.e.,POLLING_MAX_DELAY="60"
).
Then, use the fields to run the request:
docker run -p 8181:8181 \
-e FRONTEGG_CLIENT_ID=<YOUR_CLIENT_ID> \
-e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID=<YOUR_PERSONAL_TOKEN_CLIENT_ID> \
-e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET=<YOUR_PERSONAL_TOKEN_SECRET> \
-e FRONTEGG_REGION=<eu|us|au|ca> \
frontegg/entitlements-agent
Cloud deployment health checks
If your deployment requires health checking, the Agent exposes a health check endpoint: GET /health
.
This endpoint can be enriched with query param: ?bundles=frontegg
, which also checks whether
The agent was able to pull the entitlements configuration from Frontegg's servers.
GET /health?bundles=frontegg
Updated 9 days ago