There are a few reasons you may want to use a FusionAuth Group.
The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.
The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.
Core Concepts Relationships
Below is a visual reminder of the relationships between FusionAuth’s primary core concepts.
You could create a Group called
Admin, and assign this group the admin role from each of your applications.
A more detailed example:
Suppose Application A has two roles:
member. Application B has one role
User 1 has a registration in Application A and user 2 has a registration in Application B.
There’s a group
Admin Group which has the application roles of
admin from Application A and
superadmin from application B.
If you add User 1 to
Admin group they will receive the role
admin in Application A, but not
superadmin (because they aren’t registered in Application B).
Create a Group
Click on Settings -> Groups from the main menu to add a Group. At a minimum, you must provide a Name for the Group and the Tenant it belongs to.
You may apply Application roles from the various Applications in this Group’s Tenant.
The Group Id.
The Group name.
The Tenant the Group will be scoped to.
The selected application roles will be assumed by members of this Group.