FusionAuth is all about users, and it is helpful to fully understand how FusionAuth understands users to fully leverage all of the features FusionAuth offers.
The User itself is easy enough to understand, it represents your end user, your employee or your client.
Here’s a brief video covering some aspects of users:
A User is scoped to a Tenant. A User existing within a Tenant can be registered to, and use the same credentials to authenticate to multiple applications within that Tenant.
What makes a User Active
FusionAuth includes reporting on the number of daily and monthly active users. What makes a User active during a time period is any of these events:
A User is created.
A User logs in.
The Login Ping API is used.
A JWT is refreshed using a Refresh Token.
SSO is used; this calls the login ping.
There are many different ways to log in using FusionAuth, but all of the below trigger a login event:
A login is completed using any Login API (normal, one-time, passwordless, Identity Provider, Connector).
A User is created with a password, whether self service or using the Registration API.
A Refresh Token is exchanged for a JWT.
A 2FA login is completed.
User search requests may be made through the User Search API or within the FusionAuth admin UI under .
As of version 1.16.0, FusionAuth ships with a database search engine as the default.
See the fusionauth-app.search-engine-type and fusionauth-app.search-servers properties, as well as the
FUSIONAUTH_SEARCH_SERVERS environment variables definitions of the Configuration Reference for details on configuring the search engine and (optional) Elasticsearch integration.
If you are running FusionAuth in a Docker environment, see the Using FusionAuth on Docker documentation for an example configuring Elasticsearch as the user search engine.
You may view the configured search engine type in the FusionAuth admin UI by navigating to.
You may also switch between the different search engines.
Database search engine
This configuration is lightweight, simplifies installation and system complexity, but comes with the trade offs of limited search capabilities and performance implications.
The database search engine is appropriate for systems that are not dependent on the User Search APIs, is not expected to have a large number of active users, and may be running in an embedded environment.
The database search engine enables fuzzy search against the following fields of the user:
If you don’t need advanced searching capabilities, you may be able to use the database search engine for large installations. This is not a use case FusionAuth tests, so ensure you provision your database with enough resources and benchmark your typical use cases.
You may add a
* character to wildcard match any character, including none. So
*piedpiper will match
thepiedpiper. You may put the wildcard at any location in a search string.
All search terms are converted to lowercase and compared with lowercase values.
Regular expressions, ranges and other complicated queries can not be used.
Elasticsearch search engine
Leveraging Elasticsearch for the user search engine, enables advanced search capabilities on more numerous and granular data and a performance improvement for user search.
The Elasticsearch search engine is appropriate for systems that are dependent on the User Search APIs, are expected to have a large number of active users, and requires a more tactical search than is provided by the database search engine.
Advanced search UI
FusionAuth provides an advanced user search interface that reveals how you may construct queryString and query parameters for the User Search API and User Bulk Delete API with desired results. Navigate to from the left navigation and click on the "Advanced" link below the Search input field to begin. The "Advanced" portion of this UI is available when the search engine type is configured to
We provide selectors for common search fields, as well as a free-form search field for constructing complex search queries. By selecting the Show Elasticsearch query toggle, you will see either the Elasticsearch query string or JSON search query that can be used as queryString and query parameters for the User Search API and User Bulk Delete API.
Additionally, you may enter Elasticsearch query strings or raw JSON queries into the search field for testing purposes.
The following screenshot shows a query string being constructed to search for users that belong to the
Moderators group and are in the
When searching for users by application or any fields on an application, it is necessary to construct a JSON query due to the way the Elasticsearch mapping is defined.
The following screenshot shows an Elasticsearch JSON query being constructed to search for users that match the email pattern
*@fusionauth.io, are registered to the
Pied Piper application, and are assigned the
Advanced search UI
It is possible, though rare, for an Elasticsearch index to become out of sync with the database. If you stand up FusionAuth with a database dump and restore, you may need to run this operation. You may also be instructed to do so by FusionAuth support.
However, in general, even if a temporary outage occurs with Elasticsearch, the index will be sync up automatically. Reindexing is an expensive operation, especially if your system has a large number of users, so it should not be run unless necessary.
If you do need to run this, navigate toin the FusionAuth admin UI to initiate a reindex of all users. This navigation item will only be displayed when the search engine is Elasticsearch.
How helpful was this page?