Groups

Overview

There are a few reasons you may want to use a FusionAuth Group.

The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.

The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.

Core Concepts Relationships

Below is a visual reminder of the relationships between FusionAuth’s primary core concepts.

Examples

You could create a Group called Admin, and assign this group the admin role from each of your applications.

A more detailed example:

Suppose Application A has two roles: admin and member. Application B has one role superadmin.

User 1 has a registration in Application A and user 2 has a registration in Application B.

There’s a group Admin Group which has the application roles of admin from Application A and superadmin from application B.

If you add User 1 to Admin group they will receive the role admin in Application A, but not superadmin (because they aren’t registered in Application B).

Admin UI

Create a Group

Click on Settings -> Groups from the main menu to add a Group. At a minimum, you must provide a Name for the Group and the Tenant it belongs to.

You may apply Application roles from the various Applications in this Group’s Tenant.

Form Fields