Configuring the Entitlements agent
The Entitlements engine requires the installment of the Entitlements Agent to work. The agent is based on a Docker functionality that ensures its operation.
The Agent communicates with Fronteggs' Entitlements SDK to allow for constant fetching and validation of information regarding your users' access to resources.
Entitlements Legacy
Entitlements Legacy
Earlier versions of Entitlements were based on the old Entitlements SDKs — without using the Agent. The addition of the Agent ensures requests for changes in user entitlements are constantly being updated in the agent's local cache — providing the latest information regarding your users' access.
To configure the agent, complete the following steps:
Step 1: Pull the agent
Pull the Entitlements agent using the Docker
docker pull frontegg/entitlements-agent:latest
Docker installation
Docker installation
If you are yet to have the Docker installed, you can do so via this link.
Step 2: Run the agent as a Docker container
The Agent is configured using your environment variables. To run the agent as the Docker container you must include the following fields: FRONTEGG_CLIENT_ID
, FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID
, and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET
.
FRONTEGG_CLIENT_ID
- To fetch this value, go to your portal'sKeys & domains
section under the Client ID field:
To generate your client credentials (FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID
, and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET
), go to your Frontegg account and click the name icon at the upper right corner, like so:
Go to the administration menu and choose Personal tokens. Create a new personal token.
Use the Client ID
and Secret Key
as your FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID
and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET
values in the docker settings.
Optional configuration values include:
FRONTEGG_REGION
- Your Frontegg's region, possible values areeu
,us
,au
,ca
. When this variable is not set, it defaults toeu
.POLLING_MIN_DELAY
- the minimal delay in seconds between data synchronization calls. Positive integers only. The default value is 30 sec (i.e.,POLLING_MIN_DELAY="30"
).POLLING_MAX_DELAY
- the maximal delay in seconds between data synchronization calls. Positive integers only. The default value is 60 sec (i.e.,POLLING_MAX_DELAY="60"
).
Then, use the fields to run the request:
docker run -p 8181:8181 \ -e FRONTEGG_CLIENT_ID=<YOUR_CLIENT_ID> \ -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID=<YOUR_PERSONAL_TOKEN_CLIENT_ID> \ -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET=<YOUR_PERSONAL_TOKEN_SECRET> \ -e FRONTEGG_REGION=<eu|us|au|ca> \ frontegg/entitlements-agent
Cloud deployment health checks
If your deployment requires health checking, the Agent exposes a health check endpoint: GET /health
.
This endpoint can be enriched with query param: ?bundles=frontegg
, which also checks whether
The agent was able to pull the entitlements configuration from Frontegg's servers.
GET /health?bundles=frontegg