<![CDATA[How can I protect the FusionAuth admin screens from unauthorized access?]]>I'd like to prevent unauthorized users from ever seeing the FusionAuth admin screens. How can I do so?

]]>https://fusionauth.io/community/forum/topic/148/how-can-i-protect-the-fusionauth-admin-screens-from-unauthorized-accessRSS for NodeFri, 10 Apr 2026 15:23:52 GMTMon, 08 Jun 2020 21:04:51 GMT60<![CDATA[Reply to How can I protect the FusionAuth admin screens from unauthorized access? on Mon, 08 Jun 2020 21:07:13 GMT]]>The way most of our clients handle this is by using proxy redirect rules. For example, if your service is available at https://auth.example.com then you would redirect https://auth.example.com/ to https://example.com to push the user back into the "user" space of your site. This would mean that if you have a FusionAuth admin, they would need to directly access the UI by navigating to https://auth.example.com/admin/.

If you're already using a load balancer or a similar technology that provides routing rules, these are easy to configure.

You can also use managed IP locking (limiting access to a certain set of IP addresses), or some other type of HTTP header on the request to limit access to the FusionAuth admin UI to authorized users and treat all other traffic to anything under /admin for end users as an invalid request. These types of solutions are best handled at the network layer or with a proxy.

]]>https://fusionauth.io/community/forum/post/354https://fusionauth.io/community/forum/post/354Mon, 08 Jun 2020 21:07:13 GMT