We’re excited to release FusionAuth 1.62.0. This version features a refreshed admin UI, the MFA Lambda for granular MFA challenge control, tenant-scoped identity providers, EdDSA support, identity pre-verification during registration, and performance improvements.
We’re calling this release The Refined Reindeer because of our focus on polish and precision.
Fresh New Look for the Admin UI
FusionAuth got a makeover. We’ve refreshed the admin UI with improved spacing, updated colors, and refinements throughout. You’ll still be right at home, but everything feels more polished and professional.
We’ve also made significant performance improvements for deployments with large numbers of applications and tenants. The admin UI stays responsive even with thousands of applications.
Pre-Verified Identities
Traditional verification happens after an account is created. Users create the account, FusionAuth then sends a verification email, and you hope the user completes it. Maybe there was a typo, or maybe a user is squatting on an identity. Either way, this creates an admin burden of managing unverified accounts, and introduces account takeover risks.
Identity Pre-Verification ensures email addresses or phone numbers are verified during registration, before the account is created.
How It Works
- Users provide their info in a registration form
- They verify via a code or link sent immediately
- No account is created until verification succeeds
This should cut down on the administrative burden of cleaning up and recovering unverified accounts.
MFA Lambda: Smarter Authentication Decisions
The MFA Lambda provides programmatic control of multi-factor authentication in your application.
The Problem We’re Solving
FusionAuth’s contextual MFA is powerful but limited to FusionAuth-defined contexts like device trust and suspicious login detection. You couldn’t easily require MFA for your “Administrators” group, challenge users from unexpected locations, or integrate with your threat intelligence systems. Workarounds existed, but they were complex.
Where It Runs
The MFA Lambda runs during login and password changes, making intelligent decisions about whether MFA is needed based on context. It can also be used during step-up authentication. Your application can now ask FusionAuth whether to challenge for MFA rather than deciding entirely on its own.
MFA Lambda vs. Step-Up Authentication
MFA Lambda: custom logic embedded in FusionAuth that determines whether or not to issue an MFA challenge during authentication
Step-Up Authentication: requests for MFA challenges embedded in your application logic
What You Can Do
Your lambda receives context about the login attempt—user, groups, roles, IP, device trust status, suspicious login detection (and geography if you have enabled Advanced Threat Detection)—and tells FusionAuth whether to require MFA or skip it. You can even make API calls from within the lambda.
When configured, the MFA Lambda takes precedence over the existing contextual MFA policies and can override device trust, MFA trust, and other MFA rules.
Tenant-Scoped Identity Providers
You can now scope an identity provider (IdP) to a single tenant. This allows you to have specific configurations, such as a corporate OIDC connection, that only exist and function for the users within that specific tenant.
Tenant-scoped IdPs:
- Will only authenticate users within their assigned tenant
- Can be enabled for applications belonging to that tenant (or universal applications)
- Can share managed domains with IdPs in other tenants
- Can be managed using tenant-scoped API keys
This is valuable for multi-tenant SaaS platforms where each customer organization needs their own IdP configuration.
EdDSA Support for JWT Signatures
FusionAuth now supports EdDSA (Ed25519) for JWT signing and verification. EdDSA offers several advantages:
- Smaller signatures compared to RSA
- Faster signing and verification than ECDSA
- Strong security with a simpler implementation
We’re excited to see what you create with these new tools. Whether you are looking to refine your MFA challenge requirements, tighten your security with pre-verification, or scale your multi-tenant SaaS, FusionAuth 1.62.0 provides the tools you need to do it with refined precision. And if you haven’t started using FusionAuth yet, you can download it for free to try it out.
For all the technical details, check out the release notes.
Thanks for using FusionAuth, and happy holidays!
