Groups

    Overview

    There are a few reasons you may want to use a FusionAuth Group.

    The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.

    The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.

    Examples

    You could create a Group called Admin, and assign this group the admin role from each of your applications.

    A more detailed example:

    Suppose Application A has two roles: admin and member. Application B has one role superadmin.

    User 1 has a registration in Application A and user 2 has a registration in Application B.

    There’s a group Admin Group which has the application roles of admin from Application A and superadmin from application B.

    If you add User 1 to Admin group they will receive the role admin in Application A, but not superadmin (because they aren’t registered in Application B).

    Admin UI

    Create a Group

    Click on Settings → Groups from the main menu to add a Group. At a minimum, you must provide a Name for the Group and the Tenant it belongs to.

    You may apply Application roles from the various Applications in this Group’s Tenant.

    Create a Group

    Form Fields

    Id Optional

    The Group Id.

    Name Required

    The Group name.

    Tenant Required

    The Tenant the Group will be scoped to.

    Application Roles Optional

    The selected application roles will be assumed by members of this Group.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.