Groups
Overview
There are a few reasons you may want to use a FusionAuth Group.
The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.
The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.
Core Concepts Relationships
Below is a visual reminder of the relationships between FusionAuth’s primary core concepts.
Examples
You could create a Group called Admin
, and assign this group the admin role from each of your applications.
A more detailed example:
Suppose Application A has two roles: admin
and member
. Application B has one role superadmin
.
User 1 has a registration in Application A and user 2 has a registration in Application B.
There’s a group Admin Group
which has the application roles of admin
from Application A and superadmin
from application B.
If you add User 1 to Admin group
they will receive the role admin
in Application A, but not superadmin
(because they aren’t registered in Application B).
Admin UI
Create a Group
Click on Settings -> Groups from the main menu to add a Group. At a minimum, you must provide a Name for the Group and the Tenant it belongs to.
You may apply Application roles from the various Applications in this Group’s Tenant.

Form Fields
The Group Id.
The Group name.
The Tenant the Group will be scoped to.
The selected application roles will be assumed by members of this Group.