Skip to main content

Overview

The Frontier Admin Portal provides a web-based interface for managing your Frontier deployment. It’s built with React and offers a visual way to perform administrative tasks without using the API or CLI.
The Admin Portal is included in the Frontier repository under web/apps/admin. It’s a separate application that connects to your Frontier server via API.

Features

The Admin Portal provides tools for:
  • Organization Management: Create, view, and manage organizations
  • User Administration: View users, manage roles, and assign permissions
  • Authentication Configuration: Set up OIDC providers and authentication methods
  • Platform Preferences: Configure platform-wide settings
  • Domain Verification: Manage and verify organization domains
  • Audit Logs: Monitor system activity and user actions
  • Webhook Management: Configure and monitor webhook endpoints
  • Billing Overview: View billing accounts and subscriptions (if enabled)
The Admin Portal requires a running Frontier server. It cannot operate standalone.

Prerequisites

Before setting up the Admin Portal:
  • ✅ Frontier server is running and accessible
  • ✅ Node.js 18+ and npm installed
  • ✅ You have a user account with admin privileges

Installation and Setup

1

Navigate to the admin portal directory

From the Frontier repository root:
cd web/apps/admin
2

Create environment configuration

Create a .env file with your Frontier server URLs:
.env
# Frontier HTTP API endpoint
FRONTIER_API_URL=http://localhost:8000

# Frontier gRPC Connect endpoint
FRONTIER_CONNECTRPC_URL=http://localhost:8002

FRONTIER_API_URL=http://localhost:8000
FRONTIER_CONNECTRPC_URL=http://localhost:8002
3

Install dependencies

npm install
This installs all required packages including:
  • React 18+
  • Connect-Web for gRPC communication
  • UI component libraries
4

Start the development server

npm run dev
The portal will start on http://localhost:5173
The default port is 5173 (Vite’s default). You can change this in vite.config.ts if needed.
5

Access the portal

Open your browser to:
http://localhost:5173/console
You’ll be redirected to the login page.

First-Time Login

1

Navigate to the login page

The Admin Portal login page shows available authentication methods based on your Frontier configuration.
2

Choose your authentication method

If you’ve configured Google, GitHub, or Azure AD:
  1. Click Sign in with Google (or your provider)
  2. Complete the authentication flow
  3. You’ll be redirected back to the portal
3

Verify your access

After logging in, you should see the Admin Portal dashboard.If you see “Access Denied” or “Insufficient Permissions”:
  1. Ensure your user is listed in app.admin.users in Frontier config
  2. Restart the Frontier server
  3. Log in again

Portal Navigation

The Admin Portal is organized into several main sections:

Dashboard

The dashboard provides an overview of your Frontier deployment:
  • System Health: Server status and version information
  • User Statistics: Total users, active sessions, recent sign-ups
  • Organization Stats: Total organizations and projects
  • Recent Activity: Latest audit log entries

Organizations Tab

Manage all organizations in your system:
  • Lists all organizations with metadata
  • Search and filter by name, status, or creation date
  • See member counts and project counts
  • View organization state (enabled/disabled)
  1. Click Create Organization
  2. Fill in required fields:
    • Name: Unique identifier (slug)
    • Title: Display name
    • Metadata: Additional key-value pairs
  3. Click Create
The organization is created with the current user as owner.
  1. Click on an organization
  2. Go to Members tab
  3. You can:
    • View all members and their roles
    • Add new members by email
    • Assign roles to members
    • Remove members
  1. Select an organization
  2. Go to Projects tab
  3. Create, edit, or delete projects
  4. Manage project-level permissions
  1. Select an organization
  2. Go to Groups tab
  3. Create groups for team organization
  4. Add users to groups
  5. Assign roles to groups

Users Tab

Administer user accounts:
  • See all registered users
  • Filter by email, status, or registration date
  • View authentication methods used
  • See last login timestamps
Click on a user to see:
  • Profile information and metadata
  • Organization memberships
  • Assigned roles across organizations
  • Authentication methods linked
  • Recent activity
  1. Select a user
  2. Go to Roles section
  3. Choose an organization context
  4. Assign or remove roles
  5. Changes take effect immediately
Service users are for API access:
  1. Go to Service Users tab
  2. Click Create Service User
  3. Provide:
    • Title/description
    • Associated organization (optional)
  4. Save the generated credentials securely

Authentication Tab

Configure authentication methods:
Visual interface for configuring:
  • Google OIDC
  • GitHub OAuth
  • Azure AD / Microsoft Entra ID
  • Custom OIDC providers
Each provider requires:
  • Client ID
  • Client Secret
  • Issuer URL
  • Callback URL configuration
Configure:
  • Magic link settings
  • OTP (One-Time Password) settings
  • Email templates
  • Validity periods
Manage organization domains:
  1. Navigate to organization domains
  2. Add a domain (e.g., acme.com)
  3. Verify ownership via DNS TXT record or file upload
  4. Enable auto-join for verified domains
  5. Configure default roles for auto-joined users

Preferences Tab

Set platform-wide preferences:
Example Preferences
disable_orgs_on_create: true
disable_orgs_listing: false
disable_users_listing: false
invite_with_roles: true
invite_mail_template_subject: "Join our platform"
  • disable_orgs_on_create: New orgs require admin approval
  • disable_orgs_listing: Hide org list from non-admins
  • invite_with_roles: Allow role assignment during invitation

Audit Logs Tab

Monitor all system activity:
See all recorded events:
  • User actions (create, update, delete)
  • Permission checks
  • Organization changes
  • Authentication events
Each log entry shows:
  • Timestamp
  • Actor (who performed the action)
  • Action type
  • Target resource
  • Additional metadata
Export audit logs for compliance:
  1. Apply filters as needed
  2. Click Export
  3. Choose format (CSV, JSON)
  4. Download the file

Webhooks Tab

Manage webhook endpoints:
View all configured webhooks:
  • Endpoint URL
  • Subscribed events
  • State (enabled/disabled)
  • Last delivery status
  1. Click Create Webhook
  2. Configure:
    • URL: Your webhook endpoint
    • Description: What this webhook is for
    • Events: Which events to send
    • Headers: Custom headers (e.g., Authorization)
  3. Save and receive the signing secret
  4. Use the secret to verify webhook signatures
  1. Select a webhook
  2. Click Test
  3. Choose an event type
  4. Send a test event
  5. View the response
For each webhook:
  • View recent deliveries
  • See success/failure status
  • Inspect request/response
  • Retry failed deliveries

Billing Tab (Optional)

If billing is enabled:
  • View billing accounts
  • Check subscription status
  • Monitor usage and credits
  • View invoices
  • Manage payment methods

Common Administrative Tasks

Creating an Organization with Teams

1

Create the organization

  1. Go to Organizations tab
  2. Click Create Organization
  3. Fill in name and details
2

Add members

  1. Open the organization
  2. Go to Members tab
  3. Click Invite Member
  4. Enter email addresses
  5. Assign initial roles
3

Create teams (groups)

  1. Go to Groups tab
  2. Create groups like:
    • engineering-team
    • design-team
    • product-team
4

Assign members to groups

  1. Open each group
  2. Add members
  3. Assign group-level roles
5

Set up projects

  1. Go to Projects tab
  2. Create projects
  3. Assign projects to groups

Configuring Domain-Based Auto-Join

1

Navigate to organization domains

  1. Select an organization
  2. Go to Domains tab
2

Add domain

  1. Click Add Domain
  2. Enter domain (e.g., acme.com)
  3. Click Add
3

Verify the domain

Two verification methods:DNS TXT Record:
  1. Add TXT record to your DNS: 
    _frontier-verification.acme.com TXT "verification-token-here"
  2. Wait for DNS propagation
  3. Click Verify
File Upload:
  1. Download verification file
  2. Upload to https://acme.com/.well-known/frontier-verification.txt
  3. Click Verify
4

Enable auto-join

  1. After verification, toggle Auto-join
  2. Configure default roles for new members
  3. Save settings
Now users with @acme.com email addresses automatically join the organization on first login.

Setting Up Role-Based Access Control

1

Define roles

  1. Go to Roles section
  2. Create custom roles like:
    • project-manager
    • developer
    • viewer
2

Assign permissions to roles

For each role, select permissions:
project-manager:
  - app.project.create
  - app.project.update
  - app.group.create

developer:
  - app.project.get
  - app.resource.create
  - app.resource.update

viewer:
  - app.project.get
  - app.resource.get
3

Assign roles to users

  1. Go to organization Members
  2. For each member, assign appropriate roles
  3. Or assign roles to groups

Production Deployment

Building for Production

# Build optimized production bundle
npm run build

# Preview production build locally
npm run preview
The build output goes to dist/ directory.

Deployment Options

nginx.conf
server {
    listen 80;
    server_name admin.your-domain.com;
    root /var/www/frontier-admin/dist;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }

    # API proxy (optional)
    location /api/ {
        proxy_pass http://frontier-server:8000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Security Considerations

Production Checklist:
  • ✅ Use HTTPS for both portal and API
  • ✅ Configure CORS properly on Frontier server
  • ✅ Set secure cookies (session.secure: true)
  • ✅ Implement CSP (Content Security Policy) headers
  • ✅ Enable rate limiting on Frontier API
  • ✅ Use authentication (disable identity_proxy_header)
  • ✅ Regular security updates for dependencies
  • ✅ Monitor access logs

Troubleshooting

Error: Network error or timeoutSolutions:
  1. Verify Frontier server is running: curl http://localhost:8000/v1beta1/ping
  2. Check FRONTIER_API_URL in .env matches server address
  3. Ensure CORS is configured in Frontier config: 
    app:
  cors:
    allowed_origins:
      - "http://localhost:5173"
  4. Check firewall rules allow connections
Issue: User is authenticated but lacks admin privilegesSolution:
  1. Add user to admin list in Frontier config: 
    app:
  admin:
    users:
      - "[email protected]"
  2. Restart Frontier server
  3. Log out and log back in to the portal
Issue: Changes made via API don’t appear in portalSolutions:
  1. Hard refresh the page (Ctrl/Cmd + Shift + R)
  2. Clear browser cache
  3. Check browser console for errors
  4. Verify API responses in Network tab
Error: Module not found or type errorsSolutions:
  1. Delete node_modules and reinstall: 
    rm -rf node_modules package-lock.json
npm install
  2. Ensure Node.js version is 18+
  3. Check for TypeScript errors: npm run type-check

Customization

The Admin Portal can be customized:

Branding

Edit src/config/branding.ts: 
export const branding = {
  name: 'Your Company Portal',
  logo: '/path/to/logo.svg',
  primaryColor: '#3B82F6',
  favicon: '/favicon.ico'
};

Adding Custom Pages

  1. Create component in src/pages/
  2. Add route in src/App.tsx
  3. Add navigation item if needed

Extending with Plugins

The portal supports plugins for additional functionality. Check the plugin documentation for details.

Next Steps

Configure Webhooks

Set up webhooks from the admin portal

Monitor Audit Logs

Use audit logs for compliance and security

Platform Preferences

Deep dive into platform settings

API Reference

Learn the API behind the portal

Build docs developers (and LLMs) love

Get started for freeTalk to us