User Pools

What Are User Pools?

User pools are a feature within Customer Identity and Access Management (CIAM) systems that allow organizations to manage user authentication and authorization efficiently. They serve as a user directory where user profiles are stored and managed, providing a centralized way to handle user sign-ups, sign-ins, and access control.

Organizations use user pools to streamline their user management across multiple applications and identity providers (IdPs). For example, Frontegg's User Pools offer a high level of control and flexibility, enabling seamless integration with existing apps and IdPs without the need for extensive migrations. This feature allows organizations to manage user permissions and access more granularly, enhancing security and compliance with regulatory requirements. This topic will outline the need for user pools and the differences between pools created via external resources and those created with IdPs. For detailed information on how to create user pools, head to the Creating and configuring user pools.

❗️

CSV migration

When creating a new user pool, you have three options: you can either create your user pool via an IdP (Identity Provider), via an External source, or by way of CSV migration. This topic will focus on the first two options.

Why Create User Pools?

User pools give you the flexibility to control your users' journey in multiple aspects:

  • Seamless Integration with Existing Identities: Creating user pools allows you to use all of Frontegg's features like Entitlements and Security Rules without needing to migrate your external user bases to Frontegg.
  • Segmentation and granular management With user pools, you can better manage your users' lifecycle, permissions, and accessibility.
  • Minimal disruption to users: User pools allow you to enhance your offering and application capabilities with minimal disruption to your users' experience. Your users continue interacting with their existing authentication systems while the migration occurs behind the scenes without disrupting their ongoing operation.

Difference between external and IdP user pools

Before Creating and configuring your first user pool, here's an overiview of the key diffrences and use cases:

  • External User Pools:
    External user pools are designed to manage users who are authenticated through external sources or databases. When configuring an external user pool, you have the option to either sync user attributes upon each login or perform a Just in Time (JIT) migration. The sync option ensures that user details are updated every time they log in, which is crucial for maintaining up-to-date user information from the external source. Additionally, external user pools support various authentication methods, including social logins, enterprise SSO, and passwordless options, provided these are configured in the original user pool source.
  • IdP User Pools:
    IdP (Identity Provider) user pools, on the other hand, are configured to authenticate users through their IdP's identification page. This means that users are always authenticated via their IdP, and JIT migration is not applicable for these pools. When setting up an IdP user pool, you need to specify the federation source URL and include settings such as ClientID and Secret associated with the customer's IdP account. It's important to note that certain authentication features like One Time Code (OTC), Single Sign-On (SSO), and log in with SMS are not available for users stored externally but are included in a user pool.
  • Key Differences:
ParameterExternal user poolIdP user pool
Authentication MethodUsers can authenticate via various methods, including social logins, enterprise SSO, and passwordless options.Users are authenticated exclusively through their IdP's identification page.
User Data SyncUser attributes can be synced upon each login or migrated JIT.- JIT migration is not possible; user data is managed by the IdP.
Feature AvailabilitySupports a broader range of authentication features.Limited in terms of certain authentication features like OTC and SSO.