How do you reset a user's password upon their first login?

Is it possible to set all users to have the passwordChangeRequired status set to true by default, so they are forced to reset their password upon their first login? Additionally, can we set a default password format as company{username}? For example, a user with the username 1234 would have the default password company1234.

We’re integrating FusionAuth with our system and want to verify users’ phone numbers during registration, but we’re not ready to enable two-factor authentication (2FA). Is there a recommended way to implement phone number verification via SMS during registration without enabling 2FA? Ideally, we’d like users to enter their phone number and verify it before completing the registration process.

Our FusionAuth instance only lists 11 Lambdas by default, and JWT Populate is not one of them. How can we create a JWT Populate Lambda?

Does FusionAuth provide an API to import roles for an application?

We are using the /api/user/forgot-password API for password resets, with sendForgotPasswordEmail set to false since we send our own email. However, users are now receiving two emails: our custom email and a password reset email from FusionAuth using our template. This issue occurs only in our pre-live and production environments, not in the local Dockerized version. What could be causing this?

You can work around this by passing the IDs directly in your request. Here’s an example of how to structure the request correctly:

from fusionauth.fusionauth_client import FusionAuthClient

api_key = 'your-fusionauth-api-key'
base_url = 'https://your-fusionauth-instance.com'
group_id = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
user_ids_to_remove = [
    'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy',
    'zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz'
]

client = FusionAuthClient(api_key, base_url)
member_delete_request = {'members': {group_id: user_ids_to_remove}}
response = client.delete_group_members(member_delete_request)

if response.was_successful():
    print("Successfully removed users from group!")
else:
    print(f"Error: {response.error_response}")

This approach correctly formats the request for the API to process and delete the specified users from the group.

I tried using delete_group_members() to remove users from a group, but each request failed with a “could not find memberId” error. I tried passing in both the group ID and user ID, but it didn’t work. I was only able to get it to work manually by passing a members_delete_request directly to the client. Is there a way to get delete_group_members() to work properly, or does it have a bug?

This issue was addressed in version 1.56.0. Make sure your FusionAuth instance is updated to the latest version, as several reporting-related fixes have been released that resolve this specific problem.

When tracking daily active users and registration numbers, the data for the last day of each month is missing regardless of the number of days in that month. The last day’s data is missing from both the UI and the API response. Is there a way to determine why this is happening?

You cannot integrate Datadog directly into the cloud-hosted version of FusionAuth. The only relevant section in the documentation is "Use Datadog Agent on a Remote Host." This requires setting up Datadog to monitor FusionAuth using the Prometheus Metrics API endpoint. For monitoring failed 2FA rates, FusionAuth does not currently have built-in support. There is no webhook for failed MFA, but you can use the failed login webhook to monitor incorrect password attempts.

Retrieve system metrics using Prometheus
Use the Datadog Agent on a remote host
User login failed webhook

We are investigating what additional telemetry and data we can monitor and log to our monitoring systems. I found the self-hosted version supports integration with Datadog here: https://fusionauth.io/docs/operate/monitor/datadog

However, I am unclear what we can monitor on the cloud version since we are not managing the container or deployment side.

1. Can we integrate the cloud-hosted version into Datadog to monitor for performance issues or other issues that might impact end users? If so, are there any guides?

2. Can we monitor failed 2FA rates using a tool like this? Or are there recommended approaches for monitoring drop-off during 2FA enrollment and other login issues?

FusionAuth uses standard SMTP for all email connections. As long as Proofpoint Cloud supports a standard SMTP connection where FusionAuth sends transactional emails, initiates a handshake, and completes delivery, the integration will work. You can reference our documentation for details on configuring SMTP with common providers:

Configure Email

Is Proofpoint Cloud supported for SMTP configuration in FusionAuth, or is there anything special needed to make it work?

You can manage both flows within a single tenant. Typically, you’d configure separate applications, one for the Admin portal tied to your AD/Entra ID provider, and another for your client-facing site using FusionAuth. You can then use login hints or managed domains to direct users to the correct Identity Provider (IdP).

Identity Provider Hints
Managed Domains

We’d like to configure FusionAuth so that our Admin portal authenticates against Active Directory/Microsoft Entra ID, while our client-facing site uses FusionAuth for authentication. Does this setup make sense, and should we use separate tenants for this, or can both flows be managed within a single tenant?