Self Service Account Management

Available since 1.26.0

Overview

FusionAuth self-service account management allows users to manage their accounts, including the ability to add Multi-factor Authentication (MFA). This documentation section covers:

Here’s a brief video showing account management functionality.

A Note About User Images in this Documentation

Throughout this self service account management section we will use:

Richard Hendricks for any user facing actions. Imagine Richard is a user on your site, trying to enable MFA for his account, or update his profile data.

User Profile Image Richard

Erlich Bachman for any admin facing actions. Imagine Erlich is you or a customer service rep at your company.

User Profile Image Erlich

Finding the Self Service Page

To view the account and self service pages, login as an admin and navigate to Applications and click on the icon to view the application details.

From here copy and paste the account URL into a browser. Use a different browser than the one you are using to access the FusionAuth administrative user interface, or use your browser in incognito mode.

In a real world application this link would be part of the navigation for your application.

Home Screen

Account Home

Before accessing the account you will be asked to log in. Make sure the user you log in with is registered for this application.

Login Screen

Update User Data and Password

FusionAuth Self Service Account Management allows users to easily update their user data and passwords. To adjust user profile data, click on the edit icon in the upper corner. From there a user will be presented with editable fields for user data and their password.

More information about updating user data and passwords can be found in the Updating User Data and Password section.

Self Service Edit Data and Password

Enable or Disable MFA as a User

Account Home

From click on Manage Two Factor

On this screen you can add Two Factor methods.

Account Home

Current supported MFA types are:

  • Authenticator

  • SMS

  • Email

If you are not seeing this screen, you may need additional configuration. Please see troubleshooting steps.

You can click on the links below for more about setting up each MFA method.

You might be wondering, what is the difference between multi-factor authentication (MFA) and two factor authentication (2FA)? First, a factor is anything a user has, is or provides which proves who they are. The end goal of authentication, after all, is to be assured that whoever is behind a request is who they say they are.

When a system can support more than one method of authentication, it supports MFA. For example, FusionAuth supports a code sent to a phone or email and a time-based one-time password (TOTP) based on a shared secret stored in Google Authenticator or another similar application.

2FA typically occurs when a user provides two factors at the moment of login. In FusionAuth, one of those factors will always be a password.

Recovery Codes

Please note that once an authenticator is enabled, users will be displayed recovery codes similar to what is shown below.

Please encourage your users to save these in a secure location, as they can be used to recover an account, should one of their second factors fail to be available. For example, if an email or sms service is "down" and users still want to use your application, or if a user loses their phone, a recovery code allows access.

Recovery Codes

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo