Users, auth and security module
/
User pools

Authentication and Identity Management

Frontegg offers a comprehensive suite of authentication, user management, and security features to streamline identity management and enhance application security. This section provides an overview of all relevant API endpoints, organized into Authentication, Management, and Self-Service categories.

Authentication Endpoints: Enable secure user login, multi-factor authentication (MFA), passwordless options, and social login integrations, allowing for a flexible and robust sign-in experience.

Management Endpoints: Require environment-level authorization and provide full control over SSO (SAML and OpenID Connect) resources, user roles, permissions, and configurations. These endpoints are designed for administrative use, allowing for centralized identity and access management.

Self-Service Endpoints: Accessible with a user token (JWT), these endpoints empower users to manage their SSO connections and other account settings. Users with the necessary permissions can create, update, or delete SSO configurations directly, ensuring they have the tools to manage their access securely and independently.

Each category in this section helps you configure and extend Frontegg’s capabilities, providing the flexibility to manage user identities, authentication protocols, and access controls as per your application’s needs.

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Languages
Servers
EU Region
https://api.frontegg.com/identity/
US Region
https://api.us.frontegg.com/identity/
CA Region
https://api.ca.frontegg.com/identity/
AU Region
https://api.au.frontegg.com/identity/
Frontegg sub-domain for use with user tokens
https://{domain}.frontegg.com/identity/

API token

Operations

General

Operations

MFA

Operations

Passwordless

Operations

SMS

Operations

Account invitations settings

Operations

Core settings

Operations

Custom social OAuth provider

Operations

Data migration

Operations

Delegation

Operations

Email configuration

Operations

Email templates

Operations

M2M tokens

Operations

MFA configuration

Operations

Permissions categories

Operations

Permissions

Operations

Roles

Operations

SMS configuration

Operations

SMS templates

Operations

Sessions configuration

Operations

User pools

Operations

Get vendor user sources

Request

This route gets all vendor's user sources. An environment token is required for this route.

curl -i -X GET \
  https://api.frontegg.com/identity/resources/user-sources/v1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Bodyapplication/jsonArray [
idstringrequired
namestringrequired
typestringrequired
descriptionstringrequired
appIdsArray of stringsrequired
indexnumberrequired
configurationobjectrequired
usersCountnumberrequired
]
Response
application/json
[
  {
    "id": "string",
    "name": "string",
    "type": "string",
    "description": "string",
    "appIds": [ … ],
    "index": 0,
    "configuration": {},
    "usersCount": 0
  }
]

Get vendor user source

Request

This route gets a user source by id. An environment token is required for this route.

Path
idstringrequired
curl -i -X GET \
  'https://api.frontegg.com/identity/resources/user-sources/v1/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
descriptionstringrequired
appIdsArray of stringsrequired
indexnumberrequired
configurationobjectrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "description": "string",
  "appIds": [
    "string"
  ],
  "index": 0,
  "configuration": {}
}

Delete user source

Request

This route deletes a user source. An environment token is required for this route.

Path
idstringrequired
curl -i -X DELETE \
  'https://api.frontegg.com/identity/resources/user-sources/v1/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Create Auth0 external user source

Request

This route creates a new external user source. An environment token is required for this route.

Bodyapplication/jsonrequired
namestringrequired

The user source name

configurationobjectrequired

User source configuration

configuration.​syncOnLoginbooleanrequired

Whether to sync user profile attributes on each login

configuration.​isMigratedbooleanrequired

Whether to migrate the users

configuration.​domainstringrequired

the auth0 domain

configuration.​clientIdstringrequired

the auth0 application clientId

configuration.​secretstringrequired

the auth0 application secret

configuration.​tenantConfigUserSourceDynamicTenantConfig (object) or UserSourceStaticTenantConfig (object) or UserSourceNewTenantConfig (object)required
One of:
configuration.​tenantConfig.​tenantIdFieldNamestringrequired

The attribute name of which the tenant id would be taken from

configuration.​tenantConfig.​tenantResolverTypestringrequired
Value"dynamic"
appIdsArray of strings

The application ids to assign to this user source

indexnumberrequired

The user source index

descriptionstring

The user source description

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/external/auth0 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "domain": "string",
      "clientId": "string",
      "secret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "appIds": [
      "string"
    ],
    "index": 0,
    "description": "string"
  }'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
appIdsArray of stringsrequired
descriptionstringrequired
indexnumberrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "appIds": [
    "string"
  ],
  "description": "string",
  "index": 0
}

Create Cognito external user source

Request

This route creates a new external user source. An environment token is required for this route.

Bodyapplication/jsonrequired
namestringrequired

The user source name

configurationobjectrequired

User source configuration

configuration.​syncOnLoginbooleanrequired

Whether to sync user profile attributes on each login

configuration.​isMigratedbooleanrequired

Whether to migrate the users

configuration.​regionstringrequired

The aws region of the cognito user pool

configuration.​clientIdstringrequired

The cognito app client id

configuration.​userPoolIdstringrequired

The id of the cognito user pool

configuration.​accessKeyIdstringrequired

The access key of the aws account

configuration.​secretAccessKeystringrequired

The secret of the aws account

configuration.​clientSecretstring

The cognito application client secret, required if the app client is configured with a client secret

configuration.​tenantConfigUserSourceDynamicTenantConfig (object) or UserSourceStaticTenantConfig (object) or UserSourceNewTenantConfig (object)required
One of:
configuration.​tenantConfig.​tenantIdFieldNamestringrequired

The attribute name of which the tenant id would be taken from

configuration.​tenantConfig.​tenantResolverTypestringrequired
Value"dynamic"
appIdsArray of strings

The application ids to assign to this user source

indexnumberrequired

The user source index

descriptionstring

The user source description

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/external/cognito \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "region": "string",
      "clientId": "string",
      "userPoolId": "string",
      "accessKeyId": "string",
      "secretAccessKey": "string",
      "clientSecret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "appIds": [
      "string"
    ],
    "index": 0,
    "description": "string"
  }'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
appIdsArray of stringsrequired
descriptionstringrequired
indexnumberrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "appIds": [
    "string"
  ],
  "description": "string",
  "index": 0
}

Create Firebase external user source

Request

This route creates a new external user source. An environment token is required for this route.

Bodyapplication/jsonrequired
namestringrequired

The user source name

configurationobjectrequired

User source configuration

configuration.​syncOnLoginbooleanrequired

Whether to sync user profile attributes on each login

configuration.​isMigratedbooleanrequired

Whether to migrate the users

configuration.​apiKeystringrequired

The firebase Web API Key

configuration.​serviceAccountobject(FirebaseServiceAccountConfig)required
configuration.​serviceAccount.​typestringrequired
configuration.​serviceAccount.​project_idstringrequired
configuration.​serviceAccount.​private_key_idstringrequired
configuration.​serviceAccount.​private_keystringrequired
configuration.​serviceAccount.​client_emailstringrequired
configuration.​serviceAccount.​client_idstringrequired
configuration.​serviceAccount.​auth_uristringrequired
configuration.​serviceAccount.​token_uristringrequired
configuration.​serviceAccount.​auth_provider_x509_cert_urlstringrequired
configuration.​serviceAccount.​client_x509_cert_urlstringrequired
configuration.​serviceAccount.​universe_domainstringrequired
configuration.​tenantConfigUserSourceStaticTenantConfig (object) or UserSourceNewTenantConfig (object)required
One of:
configuration.​tenantConfig.​tenantIdstringrequired

The tenant id which all of the users would be added to

configuration.​tenantConfig.​tenantResolverTypestringrequired
Value"static"
appIdsArray of strings

The application ids to assign to this user source

indexnumberrequired

The user source index

descriptionstring

The user source description

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/external/firebase \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "apiKey": "string",
      "serviceAccount": {
        "type": "string",
        "project_id": "string",
        "private_key_id": "string",
        "private_key": "string",
        "client_email": "string",
        "client_id": "string",
        "auth_uri": "string",
        "token_uri": "string",
        "auth_provider_x509_cert_url": "string",
        "client_x509_cert_url": "string",
        "universe_domain": "string"
      },
      "tenantConfig": {
        "tenantId": "string",
        "tenantResolverType": "static"
      }
    },
    "appIds": [
      "string"
    ],
    "index": 0,
    "description": "string"
  }'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
appIdsArray of stringsrequired
descriptionstringrequired
indexnumberrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "appIds": [
    "string"
  ],
  "description": "string",
  "index": 0
}

Create Custom-Code external user source

Request

This route creates a new external user source. An environment token is required for this route.

Bodyapplication/jsonrequired
namestringrequired

The user source name

configurationobjectrequired

User source configuration

configuration.​syncOnLoginbooleanrequired

Whether to sync user profile attributes on each login

configuration.​isMigratedbooleanrequired

Whether to migrate the users

configuration.​codePayloadstringrequired
configuration.​getUserCodePayloadstring
configuration.​tenantConfigUserSourceNewTenantConfig (object) or UserSourceFromSourceTenantConfig (object)required
One of:
configuration.​tenantConfig.​tenantResolverTypestringrequired
Value"new"
appIdsArray of strings

The application ids to assign to this user source

indexnumberrequired

The user source index

descriptionstring

The user source description

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/external/custom-code \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "codePayload": "string",
      "getUserCodePayload": "string",
      "tenantConfig": {
        "tenantResolverType": "new"
      }
    },
    "appIds": [
      "string"
    ],
    "index": 0,
    "description": "string"
  }'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
appIdsArray of stringsrequired
descriptionstringrequired
indexnumberrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "appIds": [
    "string"
  ],
  "description": "string",
  "index": 0
}

Create Federation user source

Request

This route creates a new federation user source. An environment token is required for this route.

Bodyapplication/jsonrequired
namestringrequired

The user source name

configurationobjectrequired

User source configuration

configuration.​syncOnLoginbooleanrequired

Whether to sync user profile attributes on each login

configuration.​wellknownUrlstringrequired

The url of the service provider

configuration.​clientIdstringrequired

The client id from the service provider

configuration.​secretstringrequired

The secret from the service provider

configuration.​tenantConfigUserSourceDynamicTenantConfig (object) or UserSourceStaticTenantConfig (object) or UserSourceNewTenantConfig (object)required
One of:
configuration.​tenantConfig.​tenantIdFieldNamestringrequired

The attribute name of which the tenant id would be taken from

configuration.​tenantConfig.​tenantResolverTypestringrequired
Value"dynamic"
appIdsArray of strings

The application ids to assign to this user source

indexnumberrequired

The user source index

descriptionstring

The user source description

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/federation \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "wellknownUrl": "string",
      "clientId": "string",
      "secret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "appIds": [
      "string"
    ],
    "index": 0,
    "description": "string"
  }'

Responses

Bodyapplication/json
idstringrequired
namestringrequired
typestringrequired
appIdsArray of stringsrequired
descriptionstringrequired
indexnumberrequired
Response
application/json
{
  "id": "string",
  "name": "string",
  "type": "string",
  "appIds": [
    "string"
  ],
  "description": "string",
  "index": 0
}

Update Auth0 external user source

Request

This route updates an external user source. An environment token is required for this route.

Path
idstringrequired
Bodyapplication/jsonrequired
namestring

The user source name

configurationobject

User source configuration

indexnumber

The user source index

descriptionstring

The user source description

curl -i -X PUT \
  'https://api.frontegg.com/identity/resources/user-sources/v1/external/auth0/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "domain": "string",
      "clientId": "string",
      "secret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "index": 0,
    "description": "string"
  }'

Responses

Update Cognito external user source

Request

This route updates an external user source. An environment token is required for this route.

Path
idstringrequired
Bodyapplication/jsonrequired
namestring

The user source name

configurationobject

User source configuration

indexnumber

The user source index

descriptionstring

The user source description

curl -i -X PUT \
  'https://api.frontegg.com/identity/resources/user-sources/v1/external/cognito/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "region": "string",
      "clientId": "string",
      "userPoolId": "string",
      "accessKeyId": "string",
      "secretAccessKey": "string",
      "clientSecret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "index": 0,
    "description": "string"
  }'

Responses

Update Firebase external user source

Request

This route updates an external user source. An environment token is required for this route.

Path
idstringrequired
Bodyapplication/jsonrequired
namestring

The user source name

configurationobject

User source configuration

indexnumber

The user source index

descriptionstring

The user source description

curl -i -X PUT \
  'https://api.frontegg.com/identity/resources/user-sources/v1/external/firebase/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "apiKey": "string",
      "serviceAccount": {
        "type": "string",
        "project_id": "string",
        "private_key_id": "string",
        "private_key": "string",
        "client_email": "string",
        "client_id": "string",
        "auth_uri": "string",
        "token_uri": "string",
        "auth_provider_x509_cert_url": "string",
        "client_x509_cert_url": "string",
        "universe_domain": "string"
      },
      "tenantConfig": {
        "tenantId": "string",
        "tenantResolverType": "static"
      }
    },
    "index": 0,
    "description": "string"
  }'

Responses

Update Custom-Code external user source

Request

This route updates an external user source. An environment token is required for this route.

Path
idstringrequired
Bodyapplication/jsonrequired
namestring

The user source name

configurationobject

User source configuration

indexnumber

The user source index

descriptionstring

The user source description

curl -i -X PUT \
  'https://api.frontegg.com/identity/resources/user-sources/v1/external/custom-code/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "isMigrated": true,
      "codePayload": "string",
      "getUserCodePayload": "string",
      "tenantConfig": {
        "tenantResolverType": "new"
      }
    },
    "index": 0,
    "description": "string"
  }'

Responses

Update Federation user source

Request

This route updates a federation user source. An environment token is required for this route.

Path
idstringrequired
Bodyapplication/jsonrequired
namestring

The user source name

configurationobject

User source configuration

indexnumber

The user source index

descriptionstring

The user source description

curl -i -X PUT \
  'https://api.frontegg.com/identity/resources/user-sources/v1/federation/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "string",
    "configuration": {
      "syncOnLogin": true,
      "wellknownUrl": "string",
      "clientId": "string",
      "secret": "string",
      "tenantConfig": {
        "tenantIdFieldName": "string",
        "tenantResolverType": "dynamic"
      }
    },
    "index": 0,
    "description": "string"
  }'

Responses

Assign applications to a user source

Request

This route assigns applications to a user source. An environment token is required for this route.

Bodyapplication/jsonrequired
appIdsArray of stringsrequired

The application ids to assign to this user source

userSourceIdstringrequired

The user source id

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/assign \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "appIds": [
      "string"
    ],
    "userSourceId": "string"
  }'

Responses

Unassign applications from a user source

Request

This route unassigns applications from a user source. An environment token is required for this route.

Bodyapplication/jsonrequired
appIdsArray of stringsrequired

The application ids to assign to this user source

userSourceIdstringrequired

The user source id

curl -i -X POST \
  https://api.frontegg.com/identity/resources/user-sources/v1/unassign \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "appIds": [
      "string"
    ],
    "userSourceId": "string"
  }'

Responses

Get user source users

Request

This route gets all of users of a user source. An environment token is required for this route.

Path
idstringrequired
curl -i -X GET \
  'https://api.frontegg.com/identity/resources/user-sources/v1/{id}/users' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Bodyapplication/json
itemsArray of objects(GetUserSourceUsersResponseDTO)
_linksobject(FronteggPaginationLinks)
_metadataobject(FronteggPaginationMetadata)
Response
application/json
{
  "items": [
    { … }
  ],
  "_links": {
    "next": "string",
    "prev": "string",
    "first": "string",
    "last": "string"
  },
  "_metadata": {
    "totalItems": 0,
    "totalPages": 0
  }
}

Users

Operations

Account invitations

Operations

Account roles

Operations

API tokens

Operations

Domain restrictions

Operations

IP restrictions

Operations

Lockout policy

Operations

MFA settings

Operations

Password settings

Operations

Personal tokens

Operations

Sessions management

Operations

User groups

Operations

User management

Operations

User sessions

Operations

Users-applications management

Operations