You cannot integrate Datadog directly into the cloud-hosted version of FusionAuth. The only relevant section in the documentation is "Use Datadog Agent on a Remote Host." This requires setting up Datadog to monitor FusionAuth using the Prometheus Metrics API endpoint. For monitoring failed 2FA rates, FusionAuth does not currently have built-in support. There is no webhook for failed MFA, but you can use the failed login webhook to monitor incorrect password attempts.

Retrieve system metrics using Prometheus
Use the Datadog Agent on a remote host
User login failed webhook

@raymondcamden Ha, gald you got it working. Generally, the quickstarts come with a docker file that you can just run docker compose against and it will get you the instance. That instance would be configured to work with the sample code for that quickstart. The application and uses would be created and things like that. If you have it working the way you want, awesome. If you run into other issues, please just let us know.

Just an FYI, as of 1.59.0, phone number verification is now fully supported in FusionAuth.

Read more here: https://fusionauth.io/docs/lifecycle/manage-users/verification/gate-accounts-until-user-phone-verified

@atakan @theogravity-sb Seems like two different issues here.

@theogravity-sb is talking about attackers using the Google identity provider to create accounts with malicious names. @atakan is talking about attackers using self-service registration to create accounts with malicious names. They seem related but not identical. When you are allowing people to create their own identity and/or delegate to another source of identity, you decrease friction but give up some control.

The bad news is that FusionAuth has nothing out of the box to stop this behavior.

The good news is that you can build an integration to stop it. There are email verification services that give you a risk factor for email addresses and you can check that before you allow for registration or login.

Here's a blog post I wrote about leveraging a third-party service to check the validity of emails provided during registration. This post uses a self-service registration validation lambda, but for the Google identity provider use case, you could use the login validation lambda and perform the same type of check.

While I used Fideo because it had a good API and I had a connection there, I have not done an extensive survey of the landscape of email verification services, so cannot recommend any particular service.