Groups
Overview
There are a few reasons you may want to use a FusionAuth Group.
The first use may be to simply logically group one or more users within a Tenant. Once a User is a member of a Group they may be identified as a member of the Group and retrieved using the User Search API and the Elasticsearch search engine.
The second reason you may wish to use a FusionAuth group is to manage Application Role assignment. A Group may be assigned roles from one or more Applications, a member of this Group will be dynamically assigned these roles if they have a registration for the Application.
Examples
You could create a Group called Admin, and assign this group the admin role from each of your applications.
A more detailed example:
Suppose Application A has two roles: admin and member. Application B has one role superadmin.
User 1 has a registration in Application A and user 2 has a registration in Application B.
There’s a group Admin Group which has the application roles of admin from Application A and superadmin from application B.
If you add User 1 to Admin group they will receive the role admin in Application A, but not superadmin (because they aren’t registered in Application B).
Admin UI
Create a Group
Click on from the main menu to add a Group. At a minimum, you must provide a Name for the Group and the Tenant it belongs to.
You may apply Application roles from the various Applications in this Group’s Tenant.
Form Fields
- Id Optional
-
The Group Id.
- Name Required
-
The Group name.
- Tenant Required
-
The Tenant the Group will be scoped to.
- Application Roles Optional
-
The selected application roles will be assumed by members of this Group.