Logo
Become a Client

FrontEgg: Customer Configuration Guide

This guide walks IDC customers through migrating from the legacy IDC.com authentication and authorization solution to Frontegg. By the end of this setup, your users will be able to log in securely using your Identity Provider (IdP) instead of IDC’s legacy system.

Frontegg provides a built-in setup wizard for most major IdPs, including Okta, Azure AD, Google, Ping Identity, OneLogin, JumpCloud, and Rippling. During setup, simply select your IdP in the wizard and follow the guided steps. These wizards automatically generate the correct fields (Entity ID, ACS URL, Metadata) and streamline the process. If your IdP is not shown in the Frontegg setup wizard, please choose Custom SAML Setup.

More information can be found in the Appendix of this document.

Who should use this guide

IT administrators with access to:

  • IDC Admin Portal
  • Your IdP (Okta, Azure AD, Ping, etc.)
  • Your DNS provider (or the ability to request DNS updates)

Estimated time to complete: 30–60 minutes; DNS propagation usually completes within
minutes; in some cases, it may take up to 24 hours

Prerequisites Checklist

Before you begin, confirm you have:

  • Read this document and the resources in the Appendix
  • DNS administration privileges. If not, engage the admin. to partner in the setup
  • Ensure you provide the mandatory SAML attributes:
    – A unique user identifier as the SAML NameID (either in persistent format or an
    email address format).
    – The user’s email address (SAML attribute with name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    – The user’s given name (attribute .../givenname).
    – The user’s surname (family name attribute .../surname)

Step-by-Step Migration

Step 1: Log in to the IDC Admin Portal

1. Navigate to the appropriate environment:

  • Production: https://identity.idc.com/oauth/portal/sso
  • QA / Test: https://identity-qa.idc.com/oauth/portal/sso

Please sign in with your admin credentials (email and password).

Step 2: Configure a New SSO (SAML) Connection

  1. In the Admin Portal, go to the SSO tab
  2. Click Setup SSO Connection or Configure SAML
  3. Choose your IdP from the list, or select Custom SAML

  1. Provide one of the following:
    • IdP metadata URL (recommended), OR
    • Manual details:
      – SSO endpoint (from your IdP)
      – Public certificate (from your IdP). By default, it is the metadata UR

Step 3: Claim Your Domain

  1. Enter your company’s domain (e.g., acme.com for john.doe@acme.com)
  2. Copy the TXT record provided
  3. Add the TXT record to your DNS provider. Example format:
    Name: _saml-domain-challenge.uuid.acme.com
    Type: TXT
    Value: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  4. Wait for DNS propagation (typically 15 minutes – 24 hours)
  5. You can use tools like dig, nslookup, or online DNS checkers to verify that the TXT record has propagated correctly
  6. Click Validate in the Admin Portal
  7. If you have more than one domain or subdomain, repeat all steps under “Claim Domain” for each one

If verification fails:

  • Confirm the TXT record is added at the correct DNS level
  • Check for propagation delays using tools like dig or online DNS checkers
  • Work with your DNS admin if needed
  • Domain Validation Issue:
    – After entering the correct domain and clicking Proceed, the system may initially display an error (!) even though the domain is valid
    – To resolve this, click Edit (pencil icon) next to the domain and then click Validate.
    – The domain should then be successfully validated, and a green checkmark will
    appear.

Step 4: Manage Authorization

  1. Select the Default SSO role: Customer SSO Read only
  2. Click Done
    There are two SSO roles:

    • Customer SSO Admin – Role for SSO self-administration with permissions. This role is assigned by IDC Support.
    • Customer SSO Read Only – Default role for SSO users with read-only access and no permissions.

Step 5: Enable the Connection

  1. Save your configuration
  2. Toggle the connection to Enabled

Step 6: Test the Setup

  1. Go to https://demo-app.idc.com
  2. Log in with an SSO-enabled user from your claimed domain.
  3. Expected outcomes:
    • User successfully logs in, go to Closure Checklist
    • If login fails, go to the Troubleshooting Guide

Closure checklist

Once you successfully log into Frontegg, please: 

Troubleshooting Guide

IssuePossible Cause Resolution 
Domain verification failed TXT record not propagated Wait longer (up to 24 hrs) or confirm record format 
Certificate error Incorrect or expired IdP certificate Upload correct public certificate from IdP
Login attempt fails Attribute mismatch (email not mapped) Ensure email claim/attribute is mapped to user.email 
Non-claimed domain fails login Expected behaviorAdd and verify additional domains as needed 

If your SSO login is not working: 

1. Temporarily disable the SSO login

2. Review and edit the SSO configuration settings as needed 

3. Add or remove domains to adjust SSO access 

4. Re-enable SSO once the configuration has been corrected 

 

Rollback Plan

Legacy authentication remains enabled until final cutover at the end of 2025.
If users cannot log in via SSO:

  • Re-enable legacy login in the Admin Portal
  • Contact IDC support for assistance

Support

If you encounter issues you cannot resolve, please reach out to our Support team:

  • Send an email to IDC Support idc_support@idc.com
  • Domain Validation Issue:
    – Your company name
    – Environment (Production/QA)
    – Steps attempted
    – Error messages/screenshots

Document quick links

Need Help Getting Started?

For any technical issues or questions, you can reach out to IDC’s support team via

  • Email at idc_support@idc.com (preferred)
  • Phone +1 508-935-4323. If no one will be available to pick up the phone leave a message and it will be directed to the support team who will get back to you.