FusionAuth Documentation
FusionAuth is a Customer Identity and Access Management (CIAM) server that provides:
- Authentication
- Authorization
- User Management
graph LR
User(("fa:fa-user<br>User")) -->|consumes| App[Application]
User -->|authenticates| FA{FusionAuth}
App -->|delegates auth| FA
FA <-->|brokers identity| IdP[External IdPs]
FusionAuth connects users, applications, and identity providers
FusionAuth provides a full implementation of OAuth2, OpenID Connect (OIDC), and SAML v2, where FusionAuth functions as both a Service Provider (SP) and a SAML Identity Provider (IdP).
Try#
To get started with FusionAuth today, check out one of our quickstarts.
Deploy#
You can deploy FusionAuth anywhere: self-hosted on a local machine, on-premises in your own cloud, on an air-gapped server, or via a managed FusionAuth Cloud instance.
Customization#
FusionAuth is highly customizable, both in appearance and behavior. You can control every page and message. You can use lambda functions to customize data validation, MFA challenge logic, token transformation, and much more. You can use webhooks to react to a wide variety of events.
Authentication Protocols#
FusionAuth supports most popular authentication protocols, including username/password, a wide range of identity providers, passkeys, and passwordless logic like magic links and OTP.
Authorization#
Define permissions using role-based access control (RBAC) with users, roles, groups, applications, and entities. For highly granular permissions, check out our fine-grained authorization integration.
Security#
Configure threat mitigation and detection features like multi-factor authentication (MFA), breached password detection, rate limiting, and captcha to keep both you and your users secure.
Support#
When you can’t figure out how to solve a problem yourself, FusionAuth provides first-class support from battle-hardened humans.