Set up a Frontegg connector

C1 provides identity governance for Frontegg. Integrate your Frontegg environment with C1 for unified visibility and governance over tenants, users, roles, groups, and permissions.

Capabilities

Resource	Sync	Provision
Tenants
Users
Permissions
Roles
Groups

The connector reads tenants, users, environment-wide permissions, and per-tenant roles and groups from the Frontegg management API. It syncs grant relationships between users and tenants, roles, and groups. This connector is read-only. It does not provision or modify access in Frontegg.

Gather Frontegg credentials

Use Frontegg vendor credentials (client ID and secret) from your environment’s Keys & domains page. Vendor credentials are region-scoped — the API base URL must match the region where the credentials were issued.

Navigate to Environment > Keys & domains.

Copy the vendor Client ID and Client secret for the environment. The connector uses these to mint a short-lived management JWT.

Note the regional API gateway for your environment:

EU: https://api.frontegg.com
US: https://api.us.frontegg.com
CA: https://api.ca.frontegg.com
AU: https://api.au.frontegg.com

Synced resource types

Tenants: Frontegg accounts in the environment.
Users: Environment-wide users, including per-tenant role assignments.
Permissions: Environment-global permission definitions.
Roles: Per-tenant roles; resource IDs encode tenant and role.
Groups: Per-tenant groups; resource IDs encode tenant and group.

Grant relationships synced:

User membership in tenants
Direct role assignments to users
Group membership
Role assignments inherited through group membership

Configure the Frontegg connector

Cloud-hosted
Self-hosted

Follow these instructions to use a built-in, no-code connector hosted by C1.

In C1, navigate to Integrations > Connectors and click Add connector.

Search for Frontegg and click Add.

Choose how to set up the new Frontegg connector.

Set the owner for this connector.

Click Next.

Find the Settings area of the page and click Edit.

Enter the Frontegg credentials:

Frontegg Base URL: The regional API gateway for your environment, for example https://api.us.frontegg.com.
Frontegg Client ID: The vendor client ID from Keys & domains.
Frontegg Client Secret: The vendor secret paired with the client ID.

Click Save.

The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.

Done. Your Frontegg connector is now pulling access data into C1.

Follow these instructions to run the Frontegg connector in your own environment.

Create secrets for the Frontegg vendor credentials.

Configure the connector environment variables:

BATON_BASE_URL=https://api.us.frontegg.com
BATON_FRONTEGG_CLIENT_ID=<vendor client ID>
BATON_FRONTEGG_CLIENT_SECRET=<vendor client secret>

Deploy the connector using your standard self-hosted connector process.

Done. Your Frontegg connector is now pulling access data into C1.

Connector configuration reference

Setting	Environment variable	Required	Description
Frontegg Base URL	`BATON_BASE_URL`	Yes	Regional Frontegg API gateway origin, without a trailing slash. Must match the region where vendor credentials were issued.
Frontegg Client ID	`BATON_FRONTEGG_CLIENT_ID`	Yes	Vendor client ID from Portal > Environment > Keys & domains.
Frontegg Client Secret	`BATON_FRONTEGG_CLIENT_SECRET`	Yes	Vendor secret paired with the client ID. Stored as a secret.

Set up Front connector

Set up a Fullstory connector

⌘I

​Capabilities

​Gather Frontegg credentials

​Synced resource types

​Configure the Frontegg connector

​Connector configuration reference

Capabilities

Gather Frontegg credentials

Synced resource types

Configure the Frontegg connector

Connector configuration reference