Getting Started


FusionAuth is a modern platform for Customer Identity and Access Management (CIAM). FusionAuth provides APIs and a responsive web user interface to support login, registration, localized email, multi-factor authentication, reporting and much more.

If you’re looking for employee login or a replacement for Active Directory - you may be in the wrong place. While FusionAuth can be used for nearly any application, we do not offer native desktop integration and replacing Active Directory is not on our roadmap. However, if you’re looking for a solution to manage end users that can perform at scale, then keep reading.

Here’s a typical application login flow before FusionAuth.

UserApplicationView HomepageClick Login LinkShow Login FormFill Out and Submit Login FormAuthenticates UserDisplay User's Account or OtherInfoUserApplication

Login before FusionAuth

And here’s the same application login flow when FusionAuth is introduced.

UserApplicationFusionAuthView HomepageClick Login Link (to FusionAuth)View Login FormShow Login FormFill Out and Submit Login FormAuthenticates UserGo to Redirect URIRequest the Redirect URIIs User Authenticated?User is AuthenticatedDisplay User's Account or OtherInfoUserApplicationFusionAuth

Login after FusionAuth

Core Concepts

Legacy identity technologies have complex hierarchy and cryptic terminology like realms, principals, subjects and distinguished names. In order to simplify something perceived to be complex, the best approach is to go back to the basics, to the atomic elements and throw everything else away.

When we built FusionAuth we took the back to basics approach. We identified two atomic elements of identify, Users and Applications. Everyone has Users, and Users need to be authenticated to Applications. For this reason FusionAuth is built upon four core elements:

  • Users - someone that can log into things
  • Applications - things that Users log into
  • Registrations - the connection between a User and an Application they have access to
  • Tenants - A way to logically isolate Applications, Users and Registrations


A user is uniquely identified in any particular tenant by an email address or username. Learn more.


A FusionAuth Application represents an authenticated resource such as a web application, mobile application or any other application that requires authenticated users. A FusionAuth Application is defined by a name and a set of Roles. Learn more.


A User can be registered to one or more FusionAuth Applications. A User Registration can define one to many Application Roles. Learn more.


Tenants are way to separate Users, Applications and Registrations into separate containers. Inside a Tenant, you can define any number of Users, Applications and Registrations. Across Tenants, you can define duplicate Applications, Users and Registrations.

For example, you might have two Tenants and inside both Tenants you might have an Application named Web Based Payroll and a User with the email address Each of these Users might have a Registration to the Web Based Payroll Application. And finally, each of these Users might have different passwords and data. Learn more.

Getting Started

First you will need to install and configure FusionAuth before starting your integration. Here are some links to get you started:

Quick Start

Install Options

Create a User and call an API