FusionAuth is all about users, and it is helpful to fully understand how FusionAuth understands users to fully leverage all of the features FusionAuth offers.

The User itself is easy enough to understand, it represents your end user, your employee or your client. In order to help you manage users and what resources they are authorized to access we have built a few other concepts.

These are applications, groups and tenants. A tenant is a top level object that contains users, applications and groups. You may or may not have a use for Groups or Tenants, but it will be helpful to know how they work in case you have a future need.

User scope

A User is scoped to a Tenant. A User existing within a Tenant can be registered to, and use the same credentials to authenticate to multiple applications within that Tenant.

FusionAuth provides an advanced user search interface that reveals how you may construct queryString and query parameters for the User Search API and User Bulk Delete API with desired results. Navigate to Users from the left navigation and click on the "Advanced" link below the Search input field to begin.

We provide selectors for common search fields, as well as a free-form search field for constructing complex search queries. By selecting the Show Elasticsearch query toggle, you will see either the Elasticsearch query string or JSON search query that can be used as queryString and query parameters for the User Search API and User Bulk Delete API.

Additionally, you may enter ElasticSearch query strings or raw JSON queries into the search field for testing purposes.

The following screenshot shows a query string being constructed to search for users that belong to the Moderators group and are in the Default tenant: User Search by Query String

When searching for users by application or any fields on an application, it is necessary to construct a JSON query due to the way the ElasticSearch mapping is defined.

The following screenshot shows an ElasticSearch JSON query being constructed to search for users that match the email pattern *, are registered to the Pied Piper application, and are assigned the admin role: User Search by JSON Query