Create and configure
User pools provide a robust framework for handling user authentication, authorization, and lifecycle management. By leveraging user pools, you can seamlessly integrate existing identities, segment users for granular management, and ensure minimal disruption to user experience during migrations. The following topic outlines the process of creating and configuring user pools — Selecting the appropriate user pool type (either IdP Federation or external sources), and configuring the pool's settings to align with your organizational needs.
Creating and Configuring User Pools
User pool configuration is comprised of the following steps:
- Create a new user pool: The administrator accesses the User Pools section within the Frontegg portal and selects "Create User Pool."
- Configure User Pool Type: Choose the user pool source type (either IdP Federation or external).
- Configure Settings: Choose the desired behavior for your user pool— options included are Sync User Attributes and Just in Time Migration (note that the latter is applicable only for external user pools).
Step 1: Create a new user pool
To create a new pool, go to your User Pools dashboard via the Portal > [Environment] > User Pools and press the Create button.
Step 2: Choose User Pool Type
Select the user pool type you wish to create.
External sources refer to user pools originating in external resources or databases, which can either be imported and become Frontegg users or maintain authentication via the external resource while syncing with Frontegg upon each login.
In the case of IdP federation user pools, users are always authenticated via their IdP's identification page and thus cannot become Frontegg users (Just in Time migration is not applicable for this user pool).
Note about
TenantId
in IdP user poolsFederation expects to see a
tenantId
field with the same name of thetenantIdFieldName
you set in your user pool settings in Frontegg. This topic covers Auth0's use case. For other IdPs, please contact [email protected].
User pool sync
If the user pool sync is turned on, the user details and metadata in the user pool isn’t editable. In case the user pool’s sync is turned off - the user data can be edited.
Step 3: Configure Settings
Next, you will need to configure your user pool settings. The settings differ slightly between the External and IdP pools, as shown below.
External User Pools
User pool settings are customized via the User pool settings tab. For External user pools, you can choose from one of the common sources (see screenshot below) or write your own custom code to create user pools from additional external sources. Note that for Auth0 and Cognito pools, you will need to implement several actions in your account on their end to ensure the user pool creation on Frontegg's side is done properly. You can choose the Sync user attributes option, meaning that user attributes will be synced upon every time a user performs login — Or alternatively opt for Just in time migration option, upon which users are migrated to Frontegg ad-hoc, and thus become permanent Frontegg users. Note that the latter option is irreversible (i.e., migrated users will be authenticated from the Frontegg user pool from that point onwards).
Tenant ID source
- For each user pool, you can decide whether to derive the tenant ID from the user's properties, use a predefined value, or automatically create a new tenant ID for each new users.
- Note that this applies to new users only and will not apply to users retroactively.
- Tenant ID resolving options vary netween user pool sources.
IdP Federation Pool
IdP Federation Setting Specifics
When creating user pools from an IdP Federation source, make sure you include the following settings:
- The URL of your federation source must be specified.
- Enter your Pool settings, such as ClientID and Secret— that are associated with the customer’s IdP account.
- Important : Just in Time migration is not possible for IdP user pools.
- You can decide how to implemnt the tenant ID for your user pool. You can either derive it from the user properties, use a predefined value, or automatically create a new tenant for new users
User Pool Limitations
When users are stored externally - but are included in a user pool - the following authentication features will not be available for them:
- One Time Code (OTC)
- Single sign in (SSO)
- Login with SMS
We advise to keep these limitations in mind when enabling users these options in your admin portal.
User Pool authentication via social login
You can allow users added to Frontegg from external user pools to authenticate with their social/enterprise SSO/passwordless login credentials. To enable this option, user pools must be configured, and social, SSO, and passwordless options (whichever you're using) must be enabled in the builder.
Updating user metadata with custom data
When creating users from external resources, you may wish to customize the information within your user’s Metadata on Frontegg’s side with custom data. You can do so in multiple ways:
- Via the Admin portal — [Environment_name] -> Backoffice -> Users tab.
- Via API
- Via Prehooks — [Environment_name] -> Backoffice
Use Cases
Check the External and IdP use cases to see the how to create various use cases via external or IdPs such as Auth0, Amazon Firebase, Custom code, and more.
Updated 25 days ago