Skip to main content

What is Frontier?

Frontier is a cloud-native identity and access management (IAM) platform designed to help organizations secure their systems and data. Built by Raystack, Frontier provides comprehensive user authentication, role-based authorization, and multi-tenant organization management through a modern, API-first architecture. With Frontier, you can manage authentication and authorization across all your applications and services, ensuring that only authorized users have access to your valuable resources.

Quick Start

Get Frontier up and running in minutes

Installation

Install Frontier on your platform

Core Concepts

Understand Frontier’s architecture

API Reference

Explore the complete API documentation

Key Features

Frontier combines powerful identity and access management capabilities into a single, unified platform.

Single Sign-On (SSO)

Implement OIDC-compliant authentication with support for Google, Microsoft Azure AD, GitHub, LinkedIn, and other identity providers. Enable seamless single login and logout across all your applications.

Role-Based Access Control

Define roles, permissions, and policies using SpiceDB-powered authorization. Simplify access management with predefined roles and fine-grained permissions.

Multi-Tenant Organizations

Manage multiple organizations, each with their own users, projects, groups, and resources. Support complex organizational hierarchies with ease.

Integrated Billing

Built-in billing engine with Stripe integration. Manage subscriptions, plans, virtual credits, and feature entitlements out of the box.

Service User Authentication

Support machine-to-machine authentication with API keys, client credentials, and JWT-based authentication for service accounts.

Admin Portal

Out-of-the-box web interface for managing SSO configuration, users, groups, organizations, and roles in one place.

Audit Logging

Comprehensive audit trails for all user activity and access-related events. Generate reports on user activity and access levels.

Webhooks

Real-time event notifications for user actions, policy changes, and billing events to integrate with your systems.

Virtual Credits

Flexible pay-as-you-go model with virtual credits for usage-based billing. Track and manage credit balances automatically.

Feature Entitlements

Control feature access based on user subscriptions and plans. Check entitlements programmatically via API.

How Frontier Works

Frontier acts as a central authentication and authorization server for your applications:
  1. Configure Frontier - Set up database connections, OIDC providers, email services, and define your access policies and resource types.
  2. Define Resources & Policies - Configure resource types, roles, and permissions that match your application’s security model.
  3. Connect Your Applications - Integrate frontend and backend services using Frontier’s REST/gRPC APIs, CLI, or SDKs.
  4. Authenticate Users - Users authenticate once through Frontier and gain access to all connected applications seamlessly.
  5. Authorize Requests - Frontier validates permissions using SpiceDB before granting access to protected resources.
Frontier is API-driven and provides multiple interfaces: REST/HTTP APIs, gRPC APIs, CLI tools, and an Admin Portal for management tasks.

Architecture Overview

Frontier uses a modern, cloud-native architecture:
  • API Server - Exposes HTTP and gRPC APIs for managing users, organizations, policies, and authorization checks
  • PostgreSQL - Stores business logic including user details, organizations, roles, and billing data
  • SpiceDB - Google Zanzibar-inspired authorization engine for fine-grained permissions
  • Admin Portal - React-based web interface for platform administration
New to IAM concepts? Start with the Architecture guide to understand Frontier’s design principles.

Use Cases

Frontier is ideal for:
  • SaaS Platforms - Build multi-tenant applications with organization-level isolation and role-based access
  • Enterprise Applications - Implement SSO and centralized access control across internal tools
  • API Services - Secure microservices with token-based authentication and policy-driven authorization
  • Developer Platforms - Manage user access to APIs, resources, and features with billing integration

Multiple Interfaces

Choose the interface that works best for your workflow:
Full-featured HTTP API for all Frontier operations. Perfect for frontend applications and service integrations.
curl -X GET https://frontier.example.com/v1beta1/users \
  -H "Authorization: Bearer <token>"
High-performance gRPC APIs for backend services. Ideal for microservices architectures.See proton for gRPC definitions.
Command-line interface for automation, scripting, and administrative tasks.
frontier user list
frontier organization create --name "Acme Corp"
Web-based interface for visual management of organizations, users, groups, and SSO configuration.

Getting Started

Ready to get started with Frontier?
1

Install Frontier

Choose your preferred installation method: Homebrew, Docker, or binary download.
2

Follow the Quick Start

Complete the Quick Start guide to set up your first organization and user.
3

Explore the Concepts

Learn about Authentication, Authorization, and Organizations.
4

Integrate with Your Apps

Use the API Reference to integrate Frontier with your applications.

Open Source

Frontier is open source and licensed under Apache 2.0. We welcome contributions from the community.

GitHub Repository

View source code, report issues, and contribute

Contribution Guide

Learn how to contribute to Frontier
Need help? Join the community discussions or check the GitHub repository.

Build docs developers (and LLMs) love

Get started for freeTalk to us