## Configuring the Entitlements agent The Entitlements engine requires the installment of the **Entitlements Agent** to work. The agent is based on a **Docker** functionality that ensures its operation. The Agent communicates with Frontegg's Entitlements SDK to allow for constant fetching and validation of information regarding your users' access to resources. Entitlements Legacy Earlier versions of Entitlements were based on the old Entitlements SDKs — without using the Agent. The addition of the Agent ensures requests for changes in user entitlements are constantly being updated in the agent's local cache — providing the latest information regarding your users' access. br To configure the agent, complete the following steps: ### Step 1: Pull the agent Pull the Entitlements agent using Docker. ```shell docker pull frontegg/entitlements-agent:latest ``` br Docker installation If you are yet to have the **Docker** installed, you can do so via this [link](https://docs.docker.com/get-started/get-docker/). ### Step 2: Run the agent as a Docker container The Agent is configured using your environment variables. To run the agent as the Docker container you must include the following fields: `FRONTEGG_CLIENT_ID`, `FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID`, and `FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET`. - `FRONTEGG_CLIENT_ID` - To fetch this value, go to your portal's `Keys & domains` section under the Client ID field: br ![Env settings](/assets/manage-settings.048aa22ed02a6efcff729e98b31dec778cbacc261eaa9853bf9a9c801bff7679.71ab04f0.png) br To generate your client credentials (`FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID`, and `FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET`), go to your Frontegg account and click the name icon at the upper right corner, like so: br ![profile](/assets/press-profile.3163a83262546d10295cd5bd2ad77c648b9514c57c8d48a4904f3ad01a6ad8c0.71ab04f0.png) br Go to the administration menu and choose **Personal tokens**. Create a new personal token. br ![personal token](/assets/personaltokennew.fdc3c3cc1258902f04cfa51a473cda07f7d7684c48cd85114a11b613aa2bf9cd.71ab04f0.png) br Use the `Client ID` and `Secret Key` as your `FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID` and `FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET` values in the docker settings. Optional configuration values include: - `FRONTEGG_REGION` - Your Frontegg's region, possible values are `eu`, `us`, `au`, `ca`. When this variable is not set, it defaults to `eu`. - `POLLING_MIN_DELAY` - the minimal delay in seconds between data synchronization calls. Positive integers only. The default value is 30 sec (i.e., `POLLING_MIN_DELAY="30"`). - `POLLING_MAX_DELAY` - the maximal delay in seconds between data synchronization calls. Positive integers only. The default value is 60 sec (i.e., `POLLING_MAX_DELAY="60"`). Then, use the fields to run the request: ```shell docker run -p 8181:8181 -e FRONTEGG_CLIENT_ID= -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID= -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET= -e FRONTEGG_REGION= frontegg/entitlements-agent ``` ### Cloud deployment health checks If your deployment requires health checking, the Agent exposes a health check endpoint: `GET /health`. This endpoint can be enriched with a query param: `?bundles=frontegg`, which also checks whether The agent was able to pull the entitlements configuration from Frontegg's servers. ```shell GET /health?bundles=frontegg ```