Frontegg.ai is now available in Beta Get started
Blog

Frontegg AI with Entitlements

This is a guide on building an AI agent with frontegg’s entitlements will walk you through setting up an AI agent, tools, features and feature flags (as an example of entitlements usage), and auth. This guide builds off of the sample app whose code is available publicly in a GitHub repo

This guide shows the power of leveraging Frontegg’s Identity and Access Management and AI SDK for better security and user experience. The specific example in this guide imagines a scenario where you want to easily permit only those with a paid subscription to access a premium feature you’ve just rolled out.

Prerequisites

  • Have the sample app set up
    • The sample app is a fullstack web app with an Express (Node.js) backend and React (in typescript) frontend.
    • The AI Agent is built with LangChain, OpenAI, and integrated with Frontegg.ai as well as the core frontegg SDK.
  • Frontegg account (signup for free)

Overview

The core idea is to build an AI Agent with user auth, context, and restricted feature access through Frontegg AI and Auth with Entitlements.

Allow your AI agent to authenticate users and then fetch entitlements to determine what they can do.

Create an AI Agent in the Frontegg Dashboard

Login to the Frontegg admin dashboard and create an AI Agent

To make sure your users have access to this agent through Frontegg, you can toggle on the “Auto-assigned agent.” Or, you can assign more granularly.

Tools (optional)

Tools provide easy access to your agent for using, or accessing, third party integrations. And, when paired with entitlements, you get a powerful toolbox that branches from some relatively small fundamental building blocks. But, despite being relatively small when each is viewed individually, they’re merely the raw ingredients of a delicious home-cooked meal. 

And, imagine even if you were to just buy the raw ingredients in case you happened to be an exquisite chef? 

Still relatively straightforward for the most part. That’s because the difference is not in the question of the complexity of the step, but in the comparison of the analogy. The analogous counterpart to the tech in play here is more akin to having to grow that head of lettuce you imagined buying to make a salad from a seed, instead. And, on your own farm. Along with managing all of the other ingredients on the recipe list for just one meal. This is where the differences are revealed in dramatic fashion. Might you forego the delivery for a trip to the grocery store and some hard work in the kitchen given enough motivation?  

It’s just that it’s hard to cover all the things in all the right ways all the time. Because that’s the level of reliance the system, namely, security, needs to have. but usually pretty painful things to set up and manage.

Create feature

Application features are secured through a robust system of keys and permissions, forming the foundation of Frontegg’s comprehensive access control mechanism. These keys serve as identifiers for specific functionalities or resources within the application, and associated permissions define the actions that users or roles are authorized to perform on these features.

Frontegg’s Entitlements Engine plays a central role in leveraging these keys and permissions to implement fine-grained user access management. By associating keys with user roles and subscription plans, the engine dynamically determines and enforces the entitlements of each user. This ensures that users can only access the features and functionalities that align with their assigned roles and the terms of their subscription.

The Entitlements Engine provides a flexible and scalable approach to managing user access. As application features evolve and user roles change, the key and permission system can be readily updated to reflect these modifications. This centralized management simplifies the process of controlling access across the entire application, enhancing security and ensuring adherence to defined access policies.

Docs resource: Securing Features with Frontegg’s Entitlements Engine

Create feature flag

Set targeting rules

Docs resource: Set targeting rules

Link feature to feature flag

Set up sample app if you have not already done so

Demo

  1. Run the agent and navigate to the chat interface. 
  2. You should be prompted to authenticate if you don’t have a live session currently. 
  3. After successful authentication, you’ll be taken to the chat interface with your user’s info displayed in the corner.
  4. You can ask what features you have access to.
    1. You can experiment with the feature targeting by comparing cases where your user:
      1. Matches one of the rules and so is targeted with the feature, and 
      2. Doesn’t match and therefore shouldn’t have feature access.

Next Steps

Now that you’re able to selectively permit access to a feature using Frontegg’s Entitlements engine, you can use the access info in your backend or with your LLM.