Licensing

    Overview

    FusionAuth will always have a powerful, full featured free-to-use Community edition. This is the foundation of FusionAuth and the community surrounding it and as an organization FusionAuth is committed to improving the Community edition, with both features and bug fixes.

    However, there are additional tiers of functionality which meet the needs of different types of organizations and offer premium features. For these editions, a license is required.

    You can learn more about purchasing FusionAuth editions other than Community on the pricing page. The legal agreement you make when using FusionAuth, with or without a paid license, is the FusionAuth license. Learn more about the license in the licensing FAQ.

    You can see a list of features on the editions and features page.

    Adding Your License to Your Instance

    To access paid features, purchase a license via the pricing page or by contacting the sales team.

    Once a license is purchased you must activate it. To do so, log into your Account. Navigate to the Plan tab.

    View the plan tab.

    Copy the license Id appropriate for your needs.

    Use the "Production" license Id for your production server. This will be used to calculate your monthly active users (MAU), which may affect your monthly bill. Learn more about MAU here. The other license Id is suitable for non-production environments, such as user acceptance testing or development.

    You can always find your license Id by logging in to your Account and then navigating to the Editions tab. If you do not have a license Id there, you are on Community edition. In that case, no license is required.

    After you have your license Id, log in to your FusionAuth instance. The credentials you use to log into the instance have no connection to the credentials you used to log into your account portal. Navigate to the Reactor tab and enter your license Id in the License Id field.

    Activate Reactor.

    In an air gapped configuration where outbound network access is not available, the license text will be available in your Account. Include this text in addition to the license Id when activating. If you need an air gapped license because your application will not have internet access or for any other reason, please contact sales for more information. See Advanced Scenarios for more information.

    Immediately after activating, FusionAuth must obtain a secure connection to FusionAuth’s servers. It may take a minute or two to complete activation.

    Once that has happened, the Licensed field will change to a green checkmark. This may require a page refresh. You will also see a list of premium features. Depending on your particular edition, some may not be active. You can see a list of features on the premium features page.

    Activate Reactor.

    Regenerating Your License

    You may want to regenerate your license for any number of reasons.

    • It may be part of a regular secrets rotation system.

    • You may have inadvertently exposed your license key.

    You can do so using the Reactor API.

    But you can also regenerate the license via the Plan tab. To do so, log into your Account. Then navigate to the Plan tab. Then click the Action button to display the dropdown.

    The license action dropdown.

    After you choose which license to regenerate, you’ll be prompted to confirm your choice.

    Regenerate the license key.

    Deactivating Your License

    Should you need to deactivate your license Id, either because you are changing your editions or rotating your license Id, you can do so by using the "Deactivate" link, in the upper right hand corner of the Reactor page.

    Decomission Reactor.

    Deactivating your license will disable any premium functionality.

    This includes both the ability of users to access such functionality and the ability of admins to configure it.

    For example, consider the scenario where you:

    1. Activate your license.

    2. Enable email MFA on your tenant.

    3. Have users set up email MFA on their accounts.

    Then, after some time, you deactivate your license. While your license is deactivated, the following functionality will be affected:

    • Users will not be able to configure email MFA.

    • Users with configured email MFA will not be prompted for the additional factor at login, but will still be able to log in.

    • Administrators will not be able to configure additional MFA methods.

    However, deactivating your license does not remove configuration previously saved while the license was active. In the scenario above, if you were to activate a license, users and admins would immediately be able to access previously disabled functionality and the previous configuration would be active.

    The License API

    You can use the Reactor API to activate or deactivate your license.

    You can also retrieve data on the license status of your instance, including whether specific features are enabled or disabled.

    Licensing and Kickstart

    You can set your license Id using Kickstart as well. Doing so allows you to use features requiring a license in your development environment and continuous integration systems. You should use the non-production license Id in your Kickstart files.

    If you would like to set this value during Kickstart, set the value in a top level field called licenseId.

    In this example there is a license Id of eb7244dc-5d8e-40cd-a005-70b116fbda31. 

    
{
  "licenseId": "eb7244dc-5d8e-40cd-a005-70b116fbda31"
}

    Learn more about setting up Kickstart.

    Advanced Scenarios

    If you are running FusionAuth with limited or no network access, you can do so using an air gapped configuration. The license text will be available in your Account. Include this text in addition to the license Id when activating. If you need an air gapped license, please contact sales for more information.

    Running air gapped will impede limit certain features in FusionAuth, including breached password detection and advanced threat detection, which depend on downloading external data.

    You may also configure FusionAuth to use an HTTP proxy for any outbound connections. This is done using the proxy.* configuration settings, documented here. When a proxy is configured, FusionAuth will use it for all outbound HTTP connections, including the data downloads for premium features mentioned above. Using a proxy in this manner allows FusionAuth to access external data through a connection of your choosing.

    Common Questions

    Which license do I use?

    There are two licenses, a production license and a non-production one. Use the production license on any system where real live users login. This will be tracked for purposes of MAU calculations, and will affect your monthly bill.

    Non-production licenses are used for any other purpose: development, UAT, testing, CI/CD, etc. Any logins which occur on an instance with such a license will not be part of the MAU count.

    What counts as an active user?

    Any user who logs in during the time period. It doesn’t matter if they log in once or one thousand times. Learn more about what counts as a login here.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.