Frontegg

Frontegg

Frontegg is a user management and authentication platform that provides embeddable login experiences. Its scripts handle login flows, single sign-on, multi-factor authentication, and session token management via cookies, controlling user access and identity verification on web applications.

Back to Vendor Library

Overview

Frontegg is a developer-focused user management platform that provides pre-built authentication and user lifecycle components that product teams embed into their web applications. Rather than requiring developers to build login pages, multi-factor authentication, and user settings interfaces from scratch, Frontegg supplies hosted or self-hosted UI components that handle these flows. Its primary audience is B2B SaaS companies building multi-tenant applications where user management complexity is high.

What This Script Does

Frontegg scripts load on pages requiring authentication or user management functionality within a web application. Client-side behavior includes:

Authentication flows: The Frontegg SDK renders login, registration, and MFA screens. These may load as embedded components within the application's own pages or as redirects to Frontegg-hosted login pages. Scripts make requests to Frontegg's authentication API to validate credentials and exchange tokens.

Session token management: Frontegg manages authentication session state using cookies and/or browser local storage. Session tokens (JWTs) are stored client-side and transmitted with API requests to verify user identity. Cookie names and expiry depend on the application's configuration — session cookies expire when the browser closes, while remember-me tokens may persist for days or weeks.

Single sign-on (SSO): For applications using Frontegg's SSO feature, the SDK handles SAML or OIDC redirects to enterprise identity providers. This involves browser redirects and token exchanges with third-party identity providers configured by the operator.

Multi-factor authentication: Frontegg's MFA flows verify TOTP codes, SMS one-time passwords, or hardware keys client-side before completing authentication. Verification requests go to Frontegg's API.

User portal: Frontegg provides an embedded user settings portal where authenticated users manage their profile, security settings, and API tokens. This component makes requests to Frontegg's management API.

Consent & Compliance

GDPR and ePrivacy Directive: Frontegg's authentication cookies and session tokens are strictly necessary for providing the authenticated application service. Users cannot access the application without these mechanisms functioning. The ePrivacy Directive exempts technically necessary cookies from the consent requirement. Under GDPR, session management processing is lawful under contract performance (Article 6(1)(b)) — it is required to deliver the service the user has signed up for. Frontegg acts as a data processor; operators must have a Data Processing Agreement in place.

CCPA/CPRA: Authentication credentials and session tokens are personal information under CCPA. Processing by Frontegg as a service provider for authentication purposes does not constitute a sale or sharing of personal information.

Consent category: essential. Frontegg handles authentication and session management — functions that are technically necessary for the application to operate.

Should You Block This Without Consent?

No.

Frontegg scripts are essential to the application's authentication layer. Blocking them would prevent users from logging in, break session management, and make the application inaccessible. Authentication infrastructure is categorically exempt from consent requirements under the ePrivacy Directive's necessity exemption.

Visit website

Consent Categories

Essential

Also Known As

fronteggfrontegg authuser management platformfrontegg loginauthentication consent

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

frontegg.comEssential

Frequently Asked Questions

Does Frontegg require cookie consent on my website?

No. Frontegg is an authentication platform categorized as essential. Its session token cookies are strictly necessary for users to access the application. The ePrivacy Directive exempts technically necessary authentication cookies, and GDPR Article 6(1)(b) covers processing under contract performance.

What cookies does Frontegg set?

Frontegg stores authentication session tokens (JWTs) in cookies or browser localStorage after login. Session cookies expire when the browser closes; refresh token cookies persist longer depending on application configuration. Cookie names vary by deployment. No advertising or behavioral tracking cookies are set.

How does ConsentStack categorize Frontegg?

ConsentStack categorizes Frontegg as essential and never blocks its scripts. ConsentStack detects Frontegg by its authentication SDK patterns and session token cookie signatures. Because Frontegg is required for user login and access control, it remains active regardless of visitor consent choices.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Frontegg

ConsentStack automatically detects and manages Frontegg trackers so your site stays compliant with global privacy regulations.

Get started free