Last updated

Configuring the Entitlements agent

The Entitlements engine requires the installment of the Entitlements Agent to work. The agent is based on a Docker functionality that ensures its operation.
The Agent communicates with Fronteggs' Entitlements SDK to allow for constant fetching and validation of information regarding your users' access to resources.


Entitlements Legacy

Earlier versions of Entitlements were based on the old Entitlements SDKs — without using the Agent. The addition of the Agent ensures requests for changes in user entitlements are constantly being updated in the agent's local cache — providing the latest information regarding your users' access.


To configure the agent, complete the following steps:

Step 1: Pull the agent

Pull the Entitlements agent using the Docker

docker pull frontegg/entitlements-agent:latest

Docker installation

If you are yet to have the Docker installed, you can do so via this link.

Step 2: Run the agent as a Docker container

The Agent is configured using your environment variables. To run the agent as the Docker container you must include the following fields: FRONTEGG_CLIENT_ID, FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID, and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET.

  • FRONTEGG_CLIENT_ID - To fetch this value, go to your portal's Keys & domains section under the Client ID field:

Env settings


To generate your client credentials (FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID, and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET ), go to your Frontegg account and click the name icon at the upper right corner, like so:


profile


Go to the administration menu and choose Personal tokens. Create a new personal token.


personal token


Use the Client ID and Secret Key as your FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID and FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET values in the docker settings.

Optional configuration values include:

  • FRONTEGG_REGION - Your Frontegg's region, possible values are eu, us, au, ca. When this variable is not set, it defaults to eu.
  • POLLING_MIN_DELAY - the minimal delay in seconds between data synchronization calls. Positive integers only. The default value is 30 sec (i.e., POLLING_MIN_DELAY="30").
  • POLLING_MAX_DELAY - the maximal delay in seconds between data synchronization calls. Positive integers only. The default value is 60 sec (i.e., POLLING_MAX_DELAY="60").

Then, use the fields to run the request:

docker run -p 8181:8181 \
   -e FRONTEGG_CLIENT_ID=<YOUR_CLIENT_ID> \
   -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_CLIENT_ID=<YOUR_PERSONAL_TOKEN_CLIENT_ID> \
   -e FRONTEGG_CLIENT_CREDENTIALS_OAUTH_SECRET=<YOUR_PERSONAL_TOKEN_SECRET> \
   -e FRONTEGG_REGION=<eu|us|au|ca> \
   frontegg/entitlements-agent

Cloud deployment health checks

If your deployment requires health checking, the Agent exposes a health check endpoint: GET /health.
This endpoint can be enriched with query param: ?bundles=frontegg, which also checks whether
The agent was able to pull the entitlements configuration from Frontegg's servers.

GET /health?bundles=frontegg