FusionAuth developer image
FusionAuth developer logo
  • Back to site
  • Expert Advice
  • Blog
  • Developers
  • Downloads
  • Account
  • Contact sales
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    Licensing

    Overview

    FusionAuth will always have a powerful, full featured free-to-use Community edition. This is the foundation of FusionAuth and the community surrounding it and as an organization FusionAuth is committed to improving the Community edition, with both features and bug fixes.

    However, there are additional tiers of functionality which meet the needs of different types of organizations and offer premium features. For these editions, a license is required.

    You can learn more about purchasing FusionAuth editions other than Community on the pricing page. The legal agreement you make when using FusionAuth, with or without a paid license, is the FusionAuth license. Learn more about the license in the licensing FAQ.

    You can see a list of features on the editions and features page.

    • Adding Your License to Your Instance

    • Regenerating Your License

    • Deactivating Your License

    • The License API

    • Licensing and Kickstart

    • Advanced Scenarios

    • Common Questions

    Adding Your License to Your Instance

    To access paid features, purchase a license via the pricing page or by contacting the sales team.

    Once a license is purchased you must activate it. To do so, log into your Account. Navigate to the Plan tab.

    View the plan tab.

    Copy the license Id appropriate for your needs.

    Use the "Production" license Id for your production server. This will be used to calculate your monthly active users (MAU), which may affect your monthly bill. Learn more about MAU here. The other license Id is suitable for non-production environments, such as user acceptance testing or development.

    You can always find your license Id by logging in to your Account and then navigating to the Editions tab. If you do not have a license Id there, you are on Community edition. In that case, no license is required.

    After you have your license Id, log in to your FusionAuth instance. The credentials you use to log into the instance have no connection to the credentials you used to log into your account portal. Navigate to the Reactor tab and enter your license Id in the License Id field.

    Activate Reactor.

    In an air gapped configuration where outbound network access is not available, the license text will be available in your Account. Include this text in addition to the license Id when activating. If you need an air gapped license because your application will not have internet access or for any other reason, please contact sales for more information. See Advanced Scenarios for more information.

    Immediately after activating, FusionAuth must obtain a secure connection to FusionAuth’s servers. It may take a minute or two to complete activation.

    Once that has happened, the Licensed field will change to a green checkmark. This may require a page refresh. You will also see a list of premium features. Depending on your particular edition, some may not be active. You can see a list of features on the premium features page.

    Activate Reactor.

    Regenerating Your License

    You may want to regenerate your license for any number of reasons.

    • It may be part of a regular secrets rotation system.

    • You may have inadvertently exposed your license key.

    You can do so using the Reactor API.

    But you can also regenerate the license via the Plan tab. To do so, log into your Account. Then navigate to the Plan tab. Then click the Action button to display the dropdown.

    The license action dropdown.

    After you choose which license to regenerate, you’ll be prompted to confirm your choice.

    Regenerate the license key.

    Deactivating Your License

    Should you need to deactivate your license Id, either because you are changing your editions or rotating your license Id, you can do so by using the "Deactivate" link, in the upper right hand corner of the Reactor page.

    Decomission Reactor.

    Deactivating your license will disable any premium functionality.

    This includes both the ability of users to access such functionality and the ability of admins to configure it.

    For example, consider the scenario where you:

    1. Activate your license.

    2. Enable email MFA on your tenant.

    3. Have users set up email MFA on their accounts.

    Then, after some time, you deactivate your license. While your license is deactivated, the following functionality will be affected:

    • Users will not be able to configure email MFA.

    • Users with configured email MFA will not be prompted for the additional factor at login, but will still be able to log in.

    • Administrators will not be able to configure additional MFA methods.

    However, deactivating your license does not remove configuration previously saved while the license was active. In the scenario above, if you were to activate a license, users and admins would immediately be able to access previously disabled functionality and the previous configuration would be active.

    The License API

    You can use the Reactor API to activate or deactivate your license.

    You can also retrieve data on the license status of your instance, including whether specific features are enabled or disabled.

    Licensing and Kickstart

    You can set your license Id using Kickstart as well. Doing so allows you to use features requiring a license in your development environment and continuous integration systems. You should use the non-production license Id in your Kickstart files.

    If you would like to set this value during Kickstart, set the value in a top level field called licenseId.

    In this example there is a license Id of eb7244dc-5d8e-40cd-a005-70b116fbda31.

    
    {
      "licenseId": "eb7244dc-5d8e-40cd-a005-70b116fbda31"
    }

    Learn more about setting up Kickstart.

    Advanced Scenarios

    If you are running FusionAuth with limited or no network access, you can do so using an air gapped configuration. The license text will be available in your Account. Include this text in addition to the license Id when activating. If you need an air gapped license, please contact sales for more information.

    Running air gapped will impede limit certain features in FusionAuth, including breached password detection and advanced threat detection, which depend on downloading external data.

    You may also configure FusionAuth to use an HTTP proxy for any outbound connections. This is done using the proxy.* configuration settings, documented here. When a proxy is configured, FusionAuth will use it for all outbound HTTP connections, including the data downloads for premium features mentioned above. Using a proxy in this manner allows FusionAuth to access external data through a connection of your choosing.

    Common Questions

    Which license do I use?

    There are two licenses, a production license and a non-production one. Use the production license on any system where real live users login. This will be tracked for purposes of MAU calculations, and will affect your monthly bill.

    Non-production licenses are used for any other purpose: development, UAT, testing, CI/CD, etc. Any logins which occur on an instance with such a license will not be part of the MAU count.

    What counts as an active user?

    Any user who logs in during the time period. It doesn’t matter if they log in once or one thousand times. Learn more about what counts as a login here.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    Subscribe for developer updates