Frontegg · Capability

Frontegg B2B Onboarding Workflow

Composed Naftiko capability orchestrating a complete B2B onboarding flow on Frontegg: obtain an environment token, create a tenant, invite users, configure SSO/SCIM, and enable entitlements. Wraps the underlying Frontegg APIs (env-auth, tenants, identity, sso, scim, entitlements) into a single workflow surface.

Run with Naftiko FronteggOnboardingB2BWorkflowCIAM

What You Can Do

POST
Onboard — Onboard a new B2B account end-to-end.
/v1/onboard

MCP Tools

frontegg-b2b-onboard

Onboard a new B2B account on Frontegg — creates tenant, invites admin, configures SSO/SCIM, assigns plan.

Capability Spec

frontegg-b2b-onboarding.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Frontegg B2B Onboarding Workflow
  description: |
    Composed Naftiko capability orchestrating a complete B2B onboarding flow on Frontegg: obtain an environment token,
    create a tenant, invite users, configure SSO/SCIM, and enable entitlements. Wraps the underlying Frontegg APIs
    (env-auth, tenants, identity, sso, scim, entitlements) into a single workflow surface.
  tags:
    - Frontegg
    - Onboarding
    - B2B
    - Workflow
    - CIAM
  created: '2026-05-22'
  modified: '2026-05-22'
binds:
  - namespace: env
    keys:
      FRONTEGG_CLIENT_ID: FRONTEGG_CLIENT_ID
      FRONTEGG_API_KEY: FRONTEGG_API_KEY
      FRONTEGG_REGION: FRONTEGG_REGION
capability:
  composes:
    - capability: frontegg-env-auth
      alias: auth
    - capability: frontegg-tenants
      alias: tenants
    - capability: frontegg-identity
      alias: identity
    - capability: frontegg-sso
      alias: sso
    - capability: frontegg-scim
      alias: scim
    - capability: frontegg-entitlements
      alias: entitlements
  workflows:
    - name: b2b-onboard-account
      description: End-to-end B2B account onboarding — vendor auth, tenant creation, admin invite, SSO config, entitlement assignment.
      steps:
        - step: vendor-auth
          call: auth.authenticateWithEnvCredentials
          with:
            clientId: env.FRONTEGG_CLIENT_ID
            secret: env.FRONTEGG_API_KEY
          outputs:
            - name: bearer
              value: $.token
        - step: create-tenant
          call: tenants.createTenant
          with:
            body:
              name: workflow.tenantName
              tenantId: workflow.tenantId
          outputs:
            - name: tenantId
              value: $.tenantId
        - step: invite-admin
          call: identity.inviteUser
          with:
            body:
              email: workflow.adminEmail
              roleIds:
                - workflow.adminRoleId
              tenantId: previous.tenantId
        - step: configure-sso
          call: sso.createSamlConfiguration
          with:
            body:
              tenantId: previous.tenantId
              configuration: workflow.samlConfig
        - step: enable-scim
          call: scim.createScimConfiguration
          with:
            body:
              tenantId: previous.tenantId
        - step: assign-entitlements
          call: entitlements.assignEntitlement
          with:
            body:
              tenantId: previous.tenantId
              planId: workflow.planId
  exposes:
    - type: rest
      namespace: frontegg-b2b-onboarding-rest
      port: 8080
      description: REST adapter exposing the b2b-onboard-account workflow as POST /v1/onboard.
      resources:
        - path: /v1/onboard
          name: onboard
          description: Run the full Frontegg B2B onboarding workflow.
          operations:
            - method: POST
              name: onboard
              description: Onboard a new B2B account end-to-end.
              call: workflow.b2b-onboard-account
              with:
                tenantName: rest.tenantName
                tenantId: rest.tenantId
                adminEmail: rest.adminEmail
                adminRoleId: rest.adminRoleId
                samlConfig: rest.samlConfig
                planId: rest.planId
              outputParameters:
                - type: object
                  mapping: $.
    - type: mcp
      namespace: frontegg-b2b-onboarding-mcp
      port: 9090
      transport: http
      description: MCP adapter exposing the b2b-onboard-account workflow as a single tool.
      tools:
        - name: frontegg-b2b-onboard
          description: Onboard a new B2B account on Frontegg — creates tenant, invites admin, configures SSO/SCIM, assigns plan.
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: workflow.b2b-onboard-account
          with:
            tenantName: tools.tenantName
            tenantId: tools.tenantId
            adminEmail: tools.adminEmail
            adminRoleId: tools.adminRoleId
            samlConfig: tools.samlConfig
            planId: tools.planId
          outputParameters:
            - type: object
              mapping: $.