Entitlements and authorization
/
Entitlements
/
Feature-based entitlements
/
Features
Last updated

What are features?

Features are defined as resources in your app that you want to protect. The features management page allows you to add new features and edit existing ones. Features are assigned with designated keys and permissions.

Importance of feature keys

Feature keys play a crucial role in Frontegg's Entitlements Engine by serving as identifiers for specific features within an application that need to be protected or granted access to certain users. These keys are integral to the customization and tailoring of features according to the needs of different user roles and subscription plans. This field is mandatory when creating a new feature.

Creating a new feature

To add a new feature, go to [ENVIRONMENT] → Configurations → Entitlements → Features.

  1. Click “Add new feature”
  2. Add the feature name - the internal name of the feature
  3. Add a description (optional)
  4. Add a key - create a key that you intend to use in your code (key validation)

Creating a new feature


Permission tab

You can assign related permissions to the feature if you would like to protect the resource using the useEntitlementsPermission function. This function will allow you to protect a resource by using permissions only.

The function useFeatureEntitlements is used in Frontegg SDK to determine if a user is entitled to a specific feature, even when permissions are not directly assigned.

You can assign as many permissions as you wish to one feature. The best practice here would be to add the relevant permissions to the feature. For example, if you have an “SSO” feature, you can add sso.read and sso.write to the permission list (link to permission doc). If a user has one of the permissions (granted by their role), they will be entitled to use the SSO feature.

In order to link permissions to a feature, follow these steps:

  1. Click on the Permission tab
  2. Click "Assign permissions"
  3. Choose the relevant permissions
  4. Click Assign permissions and save.

Feature tab


Assigning permissions to features


Assigning features to plans

When creating features, users won't be able to access them unless you assign them to a specific plan.

Use Case: Protect Your Application's SSO Connection

To clarify the flow, let’s take an example where a user wants to set up a new SSO connection (i.e., a feature) in your SAAS application.

Let’s assume that your code currently protects this feature with an sso.read permission.

To create a user entitlement in the Frontegg portal you will need to perform the following actions:

  1. Create a permission with an sso.read key (check the Permissions guide for more information).
    1. Add an sso.read permission to an existing role or create a new role using that permission.
    2. Assign the role to user X.
  2. Create a Feature. For the sake of the example, let’s call this feature User SSO (check the Feature guide for more information).
    1. Link the sso.read permission to User SSO.
  3. Create a Plan (e.g., “Basic Bundle”), and add User SSO to it.
  4. Add the feature to the new plan.
  5. Assign user X to the plan.

Frontegg's end

When a user tries to perform an sso.read permission, Frontegg runs the following logic:

  1. Does the user have an sso.read permission? (this information is derived from the user’s roles).
    • If ‘No’, the user will be denied.
    • If ‘Yes’, Frontegg will subsequently check for features linked to said permissions in the portal.
    • Frontegg will check if the user is granted feature-access as part of a plan. If ‘yes’, the user will be entitled to access the User SSO feature.

Linking between permissions and features

While permissions can be linked to one or more feature(s), if a user is granted access to at least one feature, they will be granted the permission as well.