@mamaning , welcome to the FusionAuth community!

Can you provide a bit more detail about what the error message is and what you've tried to do to troubleshoot?

Also, if you have a paid edition with support, you can open a support ticket, which will get you a response more quickly.

Thanks!

Tenants are separated logically, with users, identity providers, and applications all separate.

If you need physical or geographic separation (for instance, to host users in tenant A in the USA and users in tenant B in Germany, you can do this by running two instances of FusionAuth. You can keep system wide configuration in sync using scripts with the client library.

Yes. You can use the tenant API or any of the client libraries to created, read, update and delete tenants and all their configuration.

Yes. Apart from what is outlined in the system requirements, FusionAuth does not require any network connection to the Internet.

Yes you can. You have a few options.

If your algorithm matches one of the FusionAuth supported algorithms or one of the community provided ones, you can configure FusionAuth to use it. If not, you may need to write your own hashing plugin.

Once you have imported the hashes, the next the to consider is whether you want FusionAuth to rehash the passwords as the users log in. This is a good option if the previous hashing algorithm was not a strong one. This is configured at the tenant level, under the Passwords tab.

You can migrate all of your user data (store any non standard info in user.data), their roles, groups, application association, refresh tokens (so that someone using a TV app, for example, won't have to login again) and their password hashes.

Please see the FusionAuth migration guide for more.

Does SendGrid indicate why they are rejecting requests? In my experience, this is generally due to invalid creds, or a “From address” with a domain that does not match your SendGrid account.

So if a default template is being used with a no-reply@fusionauth.io address you may see a runtime error such as a rejected SMTP request.

Otherwise I'd make sure the IP address is in any whitelists, or share anything else that sendgrid logs.

Hiya,

I think the best path forward would be for you to use the populate JWT lambda.

In that you can examine the user, their registrations to various FusionAuth applications, and modify the delivered JWT. So you could iterate the registrations and build a JWT claim called supportedApps with a list of your apps. You'd have to keep all the lambdas in sync across every application, but luckily you can do so with the FusionAuth API.

Then in any APIs your SPA or native apps call, they can look at the supportedApps claim. If the API supports that company, it can respond.

I'm not sure exactly why you are separating these companies out as FusionAuth applications if one login gets you access to all of them, though. You could map this within one application using roles too, which is a different set of tradeoffs.

@infosec welcome to the FusionAuth community!

This seems like a bug in our rpms. Can you please file a bug here: https://github.com/fusionauth/fusionauth-issues/issues

Feel free to reference this forum post.

Thanks so much!

Since both APIs are technically the same, is there a way to use the email template defined for the Setup Password with the Forgot Password API?

Yes. Navigate to 'Tenants -> your tenant -> Email' and you can set 'Setup password' and 'Forgot password' to be the same template.

There may be template variable differences, please consult the documentation and ensure you are checking for existence before you rely on them:

https://fusionauth.io/docs/v1/tech/email-templates/email-templates/#setup-password

https://fusionauth.io/docs/v1/tech/email-templates/email-templates/#change-password

It is an ever changing list, but the easiest way to see it is to go to the FusionAuth pricing calculator and select the region to see what countries are currently supported.

If you would like us to support a country not currently on that list, please contact us with more details.

Peering is not an option at the moment. If you have a use case for this, please file a GitHub issue with more details about how you'd like to see the feature implemented.

Another option is to self host and run FusionAuth within your cloud network infrastructure. If you'd like to do that and still have help from the FusionAuth team, consider a plan with a support contract.

We support deploying to Bahrain. Not sure if you are looking for best latency, but that deployment would be the closest geographically.

Welcome to the FusionAuth community @matt-0 !

Hmmm.

search.servers=https://user:pass@es.fusionauth.io

works for me. (But I'm running both ES and FA locally.)

Is https://username:password@awssearchurl.com the real value in your system, or did you swap it out?

Also, what version of java are you running?

Yes, they are equivalent. Building this JSON:

{ "search": { "queryString": "fusionauth.io" } }

and posting it is equivalent to a GET with queryString=fusionauth.io.

We have a license FAQ.

If course, if your questions aren't answered there, please feel free to send us an email.