There are a few reasons you may want to use a FusionAuth Group.
The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.
The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.
You could create a Group called
Admin, and assign this group the admin role from each of your applications.
A more detailed example:
Suppose Application A has two roles:
member. Application B has one role
User 1 has a registration in Application A and user 2 has a registration in Application B.
There’s a group
Admin Group which has the application roles of
admin from Application A and
superadmin from application B.
If you add User 1 to
Admin group they will receive the role
admin in Application A, but not
superadmin (because they aren’t registered in Application B).
Create a Group
Click on Name for the Group and the Tenant it belongs to.from the main menu to add a Group. At a minimum, you must provide a
You may apply Application roles from the various Applications in this Group’s Tenant.
- Id Optional
The Group Id.
- Name Required
The Group name.
- Tenant Required
The Tenant the Group will be scoped to.
- Application Roles Optional
The selected application roles will be assumed by members of this Group.