Last updated

User invitations and multitenancy

Users in Frontegg must always be associated with one or more accounts. By default, when a user signs up through Frontegg's sign-up flow, a new account is automatically created for them.

For newly created users, an activation email is sent. If an existing user is added to an additional account, they will receive an account invitation email instead.

users-table

Adding a new user in the Frontegg portal

When inviting a user to an account on Frontegg, you can choose to add them silently by unchecking the Send an email invitation option. In this case, the user will be added without receiving an activation or invitation email and will have a Pending login status.

users-table

When a user is being created and an emails is being sent, the invitation or activation will not be successful until the user accepts them.

User activation and invitation

User activation and user invitation are common events in the authentication flow of new and existing users and a way to ensure they are authorized to access your app. Frontegg equips you with two popular methods to allow users verify their identities in these instances — either via a magic link or with a 6-digit code (magic code).

The two verification methods Frontegg supports are Magic link, and Magic code — both of which are sent to the user's email and allow them to complete the flow and log in. While Magic links provide seamless user experience, they are designed for a one-time use only, and often lead to a failure-state page upon subsequent clicks. This problem is growing with the use of link-crawlers by many customers as part of their email delivery service, often causing the link to be "clicked" before the user even receives the email. To solve this, Frontegg allows the use of Magic codes, which are 6-digit codes sent to a user's email and which the users need to manually enter in order to login. This method maintains the user's flow within the app and is considered more secure than Magic links (since it reduces the risk of unauthorized access if the email is compromised).

Configuring user activation/invitation methods

User activation occures when new users wish to activate their accounts and user invitation is used when existing users are invited to join additional accounts. You can easily set your preferred activation/invitation method via the portal. The flow below outlines the steps to configure user-activation method:

Step 1: Choose your environment

Go to the Frontegg portal and select your desired environment. Note that the user activation configuration you create will be applicable only to that specific environment.

Step 2: Enable your preferred method via the user activation tab

Go to Authentication → User activation, and choose which activation method to enforce for your users. You can choose different methods for User activation and User invitaion, if you prefer.

Step 3: Save the configuration

Save the configuration. They new settings will be applied instantly.

user-activaiton

Email verification

In certain flows where email verification is required, the activation email sent upon user creation will direct them to set their password. For authentication methods like one-time codes or links, the user’s email is verified automatically when they follow the link or enter the code received via email.

For social logins and single sign-on (SSO), email verification is not necessary, as authentication is handled by the external provider.

Security measures

Frontegg automatically merges users based on their email. If a user switches from credentials authentication to social login and then back, and their email hasn’t been verified, they will be required to reset their password for enhanced security.