Self Service Account Management Overview

FusionAuth Reactor logo

This feature is only available in paid plans. Please visit our pricing page to learn more.

Available since 1.26.0

Overview

FusionAuth self-service account management allows users to manage their accounts, including the ability to add Multi-factor Authentication (MFA). This documentation section covers:

Here’s a brief video showing account management functionality.

A Note About User Images in this Documentation

Throughout this self service account management section we will use:

Richard Hendricks for any user facing actions. Imagine Richard is a user on your site, trying to enable MFA for his account, or update his profile data.

User Profile Image Richard

Erlich Bachman for any admin facing actions. Imagine Erlich is you or a customer service rep at your company.

User Profile Image Erlich

Finding the Self Service Page

To view the account and self service pages, login as an admin and navigate to Applications and click on the icon to view the application details.

From here copy and paste the account URL into a browser. Use a different browser than the one you are using to access the FusionAuth administrative user interface, or use your browser in incognito mode.

In a real world application this link would be part of the navigation for your application.

Home Screen

Account Home

Before accessing the account you will be asked to log in. Make sure the user you log in with is registered for this application.

Login Screen

Update User Data and Password

FusionAuth Self Service Account Management allows users to easily update their user data and passwords. To adjust user profile data, click on the edit icon in the upper corner. From there a user will be presented with editable fields for user data and their password.

More information about updating user data and passwords can be found in the Updating User Data and Password section.

Self Service Edit Data and Password

Enable or Disable MFA as a User

Account Home

From click on Manage Two Factor

On this screen you can add Two Factor methods.

Account Home

Current supported MFA types are:

  • Authenticator
  • SMS
  • Email

If you are not seeing this screen, you may need additional configuration. Please see troubleshooting steps.

You can click on the links below for more about setting up each MFA method.

You might be wondering, what is the difference between multi-factor authentication and two factor authentication.

A factor is anything a user has, is, or can provide which can uniquely identify the user. A password which historically has been used to identify and authenticate a user is flawed in that it is likely not globally unique, and it can be assumed that eventually it will be known by more than one person. Additional factors can be used to authenticate a user to mitigate the limitations of the traditional password.

When a system can support more than one method of authentication, it is considered to support multiple factors, or MFA. In addition to password authentication, FusionAuth supports a time based one time password, also referred to as TOTP, and an SMS or Email based one time use code. This means FusionAuth supports multiple factor authentication, or MFA.

Two-factor authentication, or 2FA more specifically refers to the practice of requiring two factors of authentication to complete a login request. In practice, this usually means requiring a password, and one additional factor of authentication.

Recovery Codes

Please note that once an authenticator is enabled, users will be displayed recovery codes similar to what is shown below.

Please encourage your users to save these in a secure location, as they can be used to recover an account, should one of their second factors fail to be available. For example, if an email or sms service is “down” and users still want to use your application, or if a user loses their phone, a recovery code allows access.

Recovery Codes