Tenants

The named issuer used to sign tokens. Typically a fully-qualified domain name.

The Theme associated with this Tenant; determines which templates to render for interactive work-flows.

The form that will be used in the FusionAuth UI for adding and editing users.

This is a paid edition feature and is unavailable in the community edition. Please visit our pricing page to learn more about paid editions.

The IP address of the outgoing SMTP mail server.

The port of the outgoing SMTP mail server.

The username of the outgoing SMTP mail server authentication.

When enabled, you may modify the SMTP password, when the Password field is not displayed the current password will not be modified.

The new password to use for the outgoing SMTP mail server authentication.

The preferred encryption protocol used by your SMTP server, this is generally documented by your SMTP service provider.

The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn <jared@piedpiper.com>).

The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn <jared@piedpiper.com>).

When enabled, users will be required to verify their email address.

When enabled, users will be required to verify their email address upon update.

The email template to use when accounts are created to verify the User’s email address.

Required when the Verify email toggle is enabled.

When enabled, users who have not verified their email address after a configurable duration since being created will be permanently deleted.

The duration since creation that a user must exist before being deleted for having an unverified email address.

Required when the Delete unverified users toggle is enabled.

The email template to use when accounts are created and the user needs to setup their password.

The template to use for the forgot password workflow that uses emails.

The template to use to send the link for passwordless login requests.

When enabled, you may model parent-child user relationships, and observe parental approval and age validation on user creation.

The maximum age a user can be to be considered a child.

The minimum age a user must be to create a family.

When enabled, allow children to register themselves without requiring a parent to create their account for them.

The email template used when children are not able to register themselves and they are asking their parent to create them an account.

The email template used when a parent needs to confirm a child account before it is activated as part of their family.

The email template used when a child is requesting that their parent create an account (because it is not created automatically).

When enabled, child users must provide their parent’s email address during the registration process.

When enabled, child user accounts that have not been verified by a parent after a configured period will be automatically deleted.

The number of days before a child account that has not yet been verified by a parent is automatically deleted.

Required when the Delete unverified children toggle is enabled.

The length of time an SSO session can be inactive before it is closed.

The URL the user is redirected to upon logout.

The length of time the refresh token is valid. Refresh tokens are typically long lived.

The length of time the issued token (access token and Id token) is valid. JWT tokens are typically short lived.

The key used to sign the access token JWT.

The key used to sign the Id token JWT.

The user action must be 'time-based' and must have 'prevent login' enabled. This actions is applied after multiple failed login attempts.

The number of failed attempts allowed during the specified time period before the selected action is applied.

The window of time in seconds for which the failed authentication attempts are counted. If no further failed attempts occur the failure count will be reset after this time period starting at the time of the last failed login.

The length of time the selected action is applied to the user before the action expires at which point the user will be allowed to attempt log in again.

The time unit the Action duration is measured in.

When enabled, users' login Id and password will be checked against public breached password databases on user creation, password change, and (optionally) on login. Purchase of a FusionAuth Edition is required to enable this feature.

The login Id and password match constraints to qualify as a breach match.

The action to perform during login for breach detection. Performing breach detection during login may increase the time it takes to complete authentication.

The minimum length a password may be to qualify as a valid password.

The maximum length a password may be to qualify as a valid password.

When enabled, force the user to use at least one uppercase and one lowercase character.

When enabled, force the user to use at least one non-alphanumeric character.

When enabled, force the user to use at least one number.

When enabled, users must wait a configurable duration before changing their password after the previous change.

The minimum age (in seconds) users must wait before changing their password after the previous change.

Required when the Minimum age toggle is enabled.

When enabled, user passwords will expire after a configurable duration, at which point the user will be forced to change their password on login.

The duration (in days) the password expire after since the previous change.

Required when the Expiration toggle is enabled.

When enabled, prevent users from using a configurable number of their previous passwords.

The number of previous password to retain, to prevent users from password reuse.

Required when the Reject previous passwords toggle is enabled.

When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.

The password encryption scheme used when creating new users and when changing a password.

A non-zero number that provides an iteration count to the hashing scheme. A higher number will make the password hash more difficult to reverse engineer but will take more CPU time during login. Be careful as a high factor may cause logins to become very slow.

When enabled the user’s password hash will be modified if it does not match the configured values during next login.

The event type, this value will be present in the JSON request to identify the message.

When enabled this event can be sent by one or more webhook. You will also need to enable the event for a specific webhook to receive the event.

This toggle allows you to optionally disable an event for all webhooks all at once.

The transaction setting for this event. This setting will apply to all webhooks consuming this event type.

The number of seconds before the OAuth2 Authorization Code is no longer valid to be used to complete a Token request.

The number of seconds before the Change Password identifier is no longer valid to complete the Change Password request.

The number of seconds before the Email Verification identifier is no longer valid to complete the Email Verification request.

The number of seconds before the External Authentication identifier is no longer valid to complete the Authentication request.

The number of seconds before the One Time Password identifier is no longer valid to complete a Login request.

The number of seconds before the Passwordless Login identifier is no longer valid to complete a Login request.

The number of seconds before the Registration Verification identifier is no longer valid to complete the Registration Verification request.

The number of seconds before the Setup Password identifier is no longer valid to complete the Change Password request.

The number of seconds before the Two Factor identifier is no longer valid to complete a Two Factor login request.

The number of seconds before the Two Factor Trust is no longer valid and the user will be prompted for Two Factor during login.

The number of seconds before the device_code and user_code are no longer valid to be used to complete the Device Code grant.

The length and type of characters of the generated code used in the Change Password flow.

The length and type of characters of the generated code used in the Email Verification flow.

The length and type of characters of the generated code used in the Passwordless Login flow.

The length and type of characters of the generated code used in the Registration Verification flow.

The length and type of characters of the generated code used in the Setup Password flow.

The length and type of characters of the generated user code used in the Device Authorization Grant flow.

The custom SMTP configuration properties that may be necessary in some cases.