Common Configuration

These configuration steps are common to almost all FusionAuth installations. Take these steps to avoid being inadvertently locked out of your FusionAuth server.

Configure An Email Server

Email is used for many purposes in FusionAuth, including to verify user email addresses and for passwordless authentication. However, one of the most important functions is to allow for forgotten passwords.

Full instructions on how to configure your email server settings.

If you lose your password, you can reset it using the “Forgot Password” link on the login screen.

Add a Second Admin User

Create a second user with the admin role. This user can provide access should your initially created admin user lose access for any reason.

  • Log in to the administrative user interface.
  • Navigate to Users.
  • Add a user with a known, valid email address and secure password within your organization.
  • Register that user with the FusionAuth application and the admin role.

Set Up an API Key

Create an API key you can use to manage FusionAuth in an emergency. If you lose access to the administrative user interface, you can use this API key to retain access to your FusionAuth instance by adding a new admin user.

  • Log in to the administrative user interface.
  • Navigate to Settings -> API Keys.
  • Add an API Key with no limitations. This will make it a super user key with no limitations.
  • Note the key value, and store it someplace safe.

Modify the Tenant Issuer

The Issuer , found by navigating to Tenants -> Your Tenant -> General defaults to acme.com. This is not usually what you want.

This value is used by any JWTs created by the OAuth grants or the Login API.

While the exact value you change this to varies based on how you are using FusionAuth, a typical value is the URL of the FusionAuth instance, such as https://auth.example.com.

Summary

If you take care of these steps when you first install FusionAuth, you’ll have multiple ways to access your instance should the user you created on installation be removed or lose access, and you’ll be well on your way towards using FusionAuth for your authentication needs.