Enquiry Regarding FusionAuth Evaluation and Access Management Capabilities

jay.saxophone383

Hi All,

I am currently in the process of evaluating FusionAuth as an access management solution and have a few questions regarding its licensing for premium features and its access management capabilities.

1. Does FusionAuth provide an evaluation license to test its premium features for on premise?

2. Does the solution offer robust capabilities to collect and securely store detailed information about trusted user devices and activities during access management sessions? This information is crucial for tracking audit trails and performing analytics, particularly in the following areas:

   a) Device Information
       i) Various device types and models
       ii) Popular operating systems across desktop and laptop platforms (e.g., Windows, macOS, Linux, ChromeOS) and mobile platforms (e.g., Android, iOS, others)
       iii) Security posture details, such as antivirus software and posture checks

   b) Comprehensive Reporting
       Ability to track all access management activities, including login times, accessed resources, actions performed, user activity patterns, and associated geographic locations.

mark.robustelli

@jay-saxophone383

Does FusionAuth provide an evaluation license to test its premium features for on premise?

As far as I know there is no license that allows you to test the premium features. If this is something you are interested, you may want to reach out to the sales team.

Is there something specific (a feature/use case) that you are interested in and how it works?

Does the solution offer robust capabilities to collect and securely store detailed information about trusted user devices and activities during access management sessions?

Yes, in addition to general logging there are numerous webhooks that allow you to consume JSON messages emitted from FusionAuth events.

This information is crucial for tracking audit trails and performing analytics, particularly in the following areas:

a) Device Information
    i) Various device types and models

Yes

ii) Popular operating systems across desktop and laptop platforms (e.g., Windows, macOS, Linux, ChromeOS) and mobile platforms (e.g., Android, iOS, others)

Yes

iii) Security posture details, such as antivirus software and posture checks

I'm not sure what you mean with this question. FusionAuth does have Advanced Threat Detection available. Is that what you are talking about?

b) Comprehensive Reporting
    Ability to track all access management activities, including login times, accessed resources, actions performed, user activity patterns, and associated geographic locations

FusionAuth has a few views you can look at to see such information (like the dashboard below), but between the webhooks and API access you should be able to collect, organize and view the data the way you would need to.

This is an example of the dashboard with some of the advanced features enabled.

Here is an example from a successful login webhook.

{
  "event" : {
    "applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32",
    "authenticationType" : "PASSWORD",
    "connectorId" : "e3306678-a53a-4964-9040-1c96f36dda72",
    "createInstant" : 1747952916005,
    "id" : "fbeb32bc-0a98-4835-800e-7b0b5aa75523",
    "info" : {
      "deviceName" : "macOS Chrome",
      "deviceType" : "BROWSER",
      "ipAddress" : "192.168.147.1",
      "userAgent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
    },
    "ipAddress" : "192.168.147.1",
    "linkedObjectId" : "00000000-0000-0000-0000-000000000001",
    "tenantId" : "d7d09513-a3f5-401c-9685-34ab6c552453",
    "type" : "user.login.success",
    "user" : {
      "active" : true,
      "birthDate" : "1981-06-04",
      "connectorId" : "e3306678-a53a-4964-9040-1c96f36dda72",
      "data" : {
        "favoriteColor" : "chartreuse"
      },
      "email" : "admin@example.com",
      "firstName" : "Dinesh",
      "id" : "00000000-0000-0000-0000-000000000001",
      "insertInstant" : 1736377123822,
      "lastLoginInstant" : 1747952916005,
      "lastName" : "Chugtai",
      "lastUpdateInstant" : 1746139865421,
      "memberships" : [ ],
      "passwordChangeRequired" : false,
      "passwordLastUpdateInstant" : 1746139893637,
      "preferredLanguages" : [ ],
      "registrations" : [ {
        "applicationId" : "ec526002-35cc-4e6e-8f5b-0e4fba2b08c8",
        "data" : { },
        "id" : "b2e3f755-1b1f-44f5-92ff-e6a41fa3eb12",
        "insertInstant" : 1745098563132,
        "lastLoginInstant" : 1745279910748,
        "lastUpdateInstant" : 1745098563132,
        "preferredLanguages" : [ ],
        "roles" : [ ],
        "tokens" : { },
        "usernameStatus" : "ACTIVE",
        "verified" : true,
        "verifiedInstant" : 1745098563132
      }, {
        "applicationId" : "3c219e58-ed0e-4b18-ad48-f4f92793ae32",
        "data" : { },
        "id" : "53635379-6b65-47c0-a593-579f1e0340ec",
        "insertInstant" : 1736377123867,
        "lastLoginInstant" : 1747952916005,
        "lastUpdateInstant" : 1736377123867,
        "preferredLanguages" : [ ],
        "roles" : [ "admin" ],
        "tokens" : { },
        "usernameStatus" : "ACTIVE",
        "verified" : true,
        "verifiedInstant" : 1736377123867
      } ],
      "tenantId" : "d7d09513-a3f5-401c-9685-34ab6c552453",
      "twoFactor" : {
        "methods" : [ ],
        "recoveryCodes" : [ ]
      },
      "usernameStatus" : "ACTIVE",
      "verified" : true,
      "verifiedInstant" : 1736377123822
    }
  }
}

Hope this answers your questions.

jay.saxophone383

Hi @mark-robustelli,

Thank you for your response—it helped clarify several of my questions. The next step for me is to test out the premium features to see if they meet our additional requirements.

Is there something specific (a feature/use case) that you are interested in and how it works?

I have one specific use case I'd like to confirm whether FusionAuth can support.

Use Case: Seamless SSO Login for Windows Desktops/Laptops (Active Directory)

Flow:
User powers on their desktop/laptop → logs in with their credentials → opens a browser → initiates an IdP/SP flow → accesses web applications.

Essentially, I want users to access web applications without being prompted to enter their credentials again, since they've already authenticated during their desktop/laptop login.

Our current access management solution supports this using Kerberos for authentication. However, I couldn’t find Kerberos listed as a supported protocol in FusionAuth. Is there another way to achieve this behavior in FusionAuth?

Additionally, does FusionAuth SSO support for native/desktop applications as well?

Thanks in advance.

mark.robustelli

@jay-saxophone383 I do believe you can get FusionAuth to work as you described here. Here are some links that may give you a little more detail.

SAML v2 with ADFS

OpenID Connect with Azure AD

Enabling Single Sign-On in an Organization

Product Update

As mentioned above, some of the features described are only available with paid planes and if you need to test them out, you will want to contact FusionAuth and see what can be worked out.