Create and configure

User pools provide a robust framework for handling user authentication, authorization, and lifecycle management. By leveraging user pools, you can seamlessly integrate existing identities, segment users for granular management, and ensure minimal disruption to user experience during migrations. The following topic outlines the process of creating and configuring user pools — Selecting the appropriate user pool type (either IdP Federation or external sources), and configuring the pool's settings to align with your organizational needs.

Creating and Configuring User Pools

User pool configuration is comprised of the following steps:

1. Create a new user pool: The administrator accesses the User Pools section within the Frontegg portal and selects "Create User Pool."
2. Configure User Pool Type: Choose the user pool source type (either IdP Federation or external).
3. Configure Settings: Choose the desired behavior for your user pool— options included are Sync User Attributes and Just in Time Migration (note that the latter is applicable only for external user pools).

Step 1: Create a new user pool

To create a new pool, go to your User Pools dashboard via the Portal > [Environment] > User Pools and press the Create button.

Step 2: Choose User Pool Type

Select the user pool type you wish to create.

External sources refer to user pools originating in external resources or databases, which can either be imported and become Frontegg users or maintain authentication via the external resource while syncing with Frontegg upon each login.

In the case of IdP federation user pools, users are always authenticated via their IdP's identification page and thus cannot become Frontegg users (Just in Time migration is not applicable for this user pool).

🚧

Note about TenantId in IdP user pools

Federation expects to see a tenantId field with the same name of the tenantIdFieldName you set in your user pool settings in Frontegg. This topic covers Auth0's use case. For other IdPs, please contact [email protected].

🚧

User pool sync

If the user pool sync is turned on, the user details and metadata in the user pool isn’t editable. In case the user pool’s sync is turned off - the user data can be edited.

Step 3: Configure Settings

Next, you will need to configure your user pool settings. The settings differ slightly between the External and IdP pools, as shown below.

External User Pools

User pool settings are customized via the User pool settings tab. For External user pools, you can choose from one of the common sources (see screenshot below) or write your own custom code to create user pools from additional external sources. Note that for Auth0 and Cognito pools, you will need to implement several actions in your account on their end to ensure the user pool creation on Frontegg's side is done properly. You can choose the Sync user attributes option, meaning that user attributes will be synced upon every time a user performs login — Or alternatively opt for Just in time migration option, upon which users are migrated to Frontegg ad-hoc, and thus become permanent Frontegg users. Note that the latter option is irreversible (i.e., migrated users will be authenticated from the Frontegg user pool from that point onwards).

👍

Tenant ID source

• For each user pool, you can decide whether to derive the tenant ID from the user's properties, use a predefined value, or automatically create a new tenant ID for each new users.
• Note that this applies to new users only and will not apply to users retroactively.
• Tenant ID resolving options vary netween user pool sources.

IdP Federation Pool

📘

IdP Federation Setting Specifics

When creating user pools from an IdP Federation source, make sure you include the following settings:

• The URL of your federation source must be specified.
• Enter your Pool settings, such as ClientID and Secret— that are associated with the customer’s IdP account.
• Important : Just in Time migration is not possible for IdP user pools.
• You can decide how to implemnt the tenant ID for your user pool. You can either derive it from the user properties, use a predefined value, or automatically create a new tenant for new users

🚧

User Pool Limitations

When users are stored externally - but are included in a user pool - the following authentication features will not be available for them:

• One Time Code (OTC)
• Single sign in (SSO)
• Login with SMS

We advise to keep these limitations in mind when enabling users these options in your admin portal.

User Pool authentication via social login

You can allow users added to Frontegg from external user pools to authenticate with their social/enterprise SSO/passwordless login credentials. To enable this option, user pools must be configured, and social, SSO, and passwordless options (whichever you're using) must be enabled in the builder.

User Pool Order

The system is designed to map users according to the following logic: When a new user logs in, Frontegg will first check if the user is a known user—meaning they are either a native Frontegg user or have been previously migrated via a user pool (in both cases, the user will be stored in the Frontegg user store). After this check, the user is matched against your user pools' databases, following the order you have configured. As an admin, you can determine this order to minimize latency through the user pool Settings tab, like so:

Updating user metadata with custom data

When creating users from external resources, you may wish to customize the information within your user’s Metadata on Frontegg’s side with custom data. You can do so in multiple ways:

• Via the Admin portal — [Environment_name] -> Backoffice -> Users tab.
• Via API
• Via Prehooks — [Environment_name] -> Backoffice

Use Cases

Check the External and IdP use cases to see the how to create various use cases via external or IdPs such as Auth0, Amazon Firebase, Custom code, and more.