Users
Overview
FusionAuth is all about users, and it is helpful to fully understand how FusionAuth understands users to fully leverage all of the features FusionAuth offers.
The User itself is easy enough to understand, it represents your end user, your employee, or your client.
Here’s a brief video covering some aspects of users:
User Scope
A User is scoped to a Tenant. A User existing within a Tenant can be registered to, and use the same credentials to authenticate to multiple applications within that Tenant.
What Makes a User Active
FusionAuth includes reporting on the number of daily and monthly active users. What makes a User active during a time period is any of these events:
-
A User is created.
-
A User logs in.
-
The Login Ping API is used.
-
A JWT is refreshed using a Refresh Token.
-
SSO is used; this calls the login ping.
There are many different ways to log in using FusionAuth, but all of the below trigger a login event:
-
A login is completed using any Login API (normal, one-time, passwordless, Identity Provider, Connector).
-
A User is created with a password, whether self service or using the Registration API.
-
A Refresh Token is exchanged for a JWT.
-
A 2FA login is completed.
User Search
As of version 1.16.0, FusionAuth ships with a database search engine as the default.
By selecting the appropriate installation guide, one can easily create a configuration with Elasticsearch pre-enabled.
You can read more about the database and other search engines in the search core concepts section.
User search requests may be made through the User Search API or within the FusionAuth admin UI under .
Configuration
Please see our search core concepts section for additional information on basic configuration. The remainder of this section will cover specifics as it relates to users and search.
Database Search Engine
This configuration is lightweight, simplifies installation and system complexity, but comes with the trade offs of limited search capabilities and performance implications.
The database search engine enables fuzzy search against the following fields of the user:
-
firstName
-
lastName
-
fullName
-
email
-
username

To learn more about the database search engine in general, view the search core concepts section.
Elasticsearch Search Engine
Leveraging Elasticsearch for the user search engine enables advanced search capabilities on more numerous and granular data and a performance improvement for user search.
Advanced Search UI
FusionAuth provides an advanced user search interface that reveals how you may construct queryString and query parameters for the User Search API and User Bulk Delete API with desired results. Navigate to from the left navigation and click on the "Advanced" link below the Search input field to begin. The "Advanced" portion of this UI is available when the search engine type is configured to elasticsearch
.
We provide selectors for common search fields, as well as a free-form search field for constructing complex search queries. By selecting the Show Elasticsearch query toggle, you will see either the Elasticsearch query string or JSON search query that can be used as queryString and query parameters for the User Search API and User Bulk Delete API.
Additionally, you may enter Elasticsearch query strings or raw JSON queries into the search field for testing purposes.
The following screenshot shows a query string being constructed to search for users that belong to the Moderators
group and are in the Default
tenant:

When searching for users by application or any fields on an application, it is necessary to construct a JSON query due to the way the Elasticsearch mapping is defined.
The following screenshot shows an Elasticsearch JSON query being constructed to search for users that match the email pattern *@fusionauth.io
, are registered to the Pied Piper
application, and are assigned the admin
role:

To learn more about the Elasticsearch search engine in general, view the search core concepts section.