Reactor

Introduction

FusionAuth Reactor is a powerful suite of features developed to extend FusionAuth’s core functionality.

See the Reactor Feature for a high level description.

A paid edition of FusionAuth is required to enable these features. Learn more about purchasing FusionAuth on the Pricing Page.

Features

Activate Reactor

Once a license is purchased, in order to activate your instance and enable Reactor, log into your Account and copy your License Id.

Then in your FusionAuth instance navigate to Reactor and enter your License Id under Start the Reactor.

Note: You may enter your License Id on multiple instances. However, since billing is based upon the total number of monthly active users across all licensed instances it is recommended that you only license those instances you need support for or require Reactor features for.

Immediately after activating, the Status may be Activated, pending connection. This means that the activation was successful, now FusionAuth is just obtaining a secure connection to Reactor. This may take a minute or two, but should change to Activated, securely connected after refreshing the page.

Activate Reactor

Breached Password Detection

The first feature available as part of Reactor is Breached Password Detection. We collected hundreds of millions of compromised usernames and passwords from numerous breached databases. FusionAuth can now check passwords to ensure that they don’t exist in any of these databases to keep your users' accounts safe from external threats that may be using this same breached data.

This password detection can be configured per tenant to detect vulnerable passwords at account creation, during password changes, and even during login. You can also optionally enable breach detection during login. The configurable actions taken when a vulnerability is detected during login are logging for later reporting and analysis, emailing the user with a templated email, and forcing an immediate password change. Performing breach detection during login may introduce additional latency to the end user.

To enable and configure this feature navigate to Tenants Edit Password

Detailed documentation on the configuration can be found in the Tenant Documentation.

Additionally, there is some keen insight into how the Reactor Breached Password Detection is performing on the Reactor page.

High level stats are displayed at the top of the page for the total number of passwords checked, how many vulnerable passwords have been detected, and the number of accounts that have outstanding actions required (users with unresolved vulnerable passwords). If there are any accounts that still need to take action, then a Breached Users search button will appear. Clicking this will take you to the user search page with those users displayed. From there you may investigate each user and perform additional actions, such as forcing a password reset.

At the bottom of the Reactor page is a table with the same stats broken out per tenant.

Activate Reactor

A new webhook event is available for use with FusionAuth Reactor Breached Password Detection. This event when enabled will be fired during login if the user is using a vulnerable password.

  • User Password Breach (user.password.breach), see Webhook Events for additional information.