Groups
Overview
There are a few reasons you may want to use a FusionAuth Group.
The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.
The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.
Examples
You could create a Group called Admin
, and assign this group the admin role from each of your applications.
A more detailed example:
Suppose Application A has two roles: admin
and member
. Application B has one role superadmin
.
User 1 has a registration in Application A and user 2 has a registration in Application B.
There’s a group Admin Group
which has the application roles of admin
from Application A and superadmin
from application B.
If you add User 1 to Admin group
they will receive the role admin
in Application A, but not superadmin
(because they aren’t registered in Application B).
Admin UI
Create a Group
Click on Name for the Group and the Tenant it belongs to.
from the main menu to add a Group. At a minimum, you must provide aYou may apply Application roles from the various Applications in this Group’s Tenant.

Form Fields
- Id Optional
-
The Group Id.
- Name Required
-
The Group name.
- Tenant Required
-
The Tenant the Group will be scoped to.
- Application Roles Optional
-
The selected application roles will be assumed by members of this Group.
Feedback
How helpful was this page?
See a problem?
File an issue in our docs repo
Have a question or comment to share?
Visit the FusionAuth community forum.