Note that as of release 1.68.0 (released in late Jun 2026), there is a mfa_deleter role that can remove MFA from a user.
Please see the release notes for more details.
Helpful folks who know a lot about FusionAuth
Note that as of release 1.68.0 (released in late Jun 2026), there is a mfa_deleter role that can remove MFA from a user.
Please see the release notes for more details.
Since we can’t store API keys in code,
FYI, with the release of 1.64.0, you now can store secrets elsewhere and have lambdas retrieve them.
As of 1.62.0, FusionAuth supports pre-verification of emails and phone numbers.
More details:
https://fusionauth.io/docs/lifecycle/manage-users/verification/identity-pre-verification-using-email
https://fusionauth.io/docs/lifecycle/manage-users/verification/identity-pre-verification-using-phone
You have a couple of options.
However, the easiest way to make sure an application cannot be logged into is to deactivate the application.
Is there a way to disable logging into an application without disabling/deleting it?
Per https://github.com/FusionAuth/fusionauth-issues/issues/1810 I'm not clear what my options are.
Lots of options!
What are account recovery options available with FusionAuth?
You want to use search parameters like those outlined in this sample script.
POST on /api/user/searchaccurateTotal on the requestnumberOfResults to 1 on the requestIn the response, look at the total field.
This will let you get exact numbers while reducing load on your instance.
How can I get an exact number of users with some attributes? I'm using elasticsearch.
Beginning in version 1.65.0, FusionAuth offers Complete Registration. Full docs here.
How this would work:
required. If you are using a basic form, you could select 'birth date'. If you are using an advanced form, you can select whatever profile attributes you needRegistration mode to Complete registration. This setting means that users cannot self-register, but can complete missing information from an existing registration.Now, your admin user can create a user with a minimal amount of data (perhaps just an email address).
The user will, at first login, be prompted to fill out their profile data, including all fields you've marked required.
This is not full progressive registration, but can be useful in certain circumstances.