authentication fusionauth

Advanced Threat Detection

Advanced Threat Detection features protect FusionAuth Enterprise licensed systems from malicious behavior related to logins, registration, and user creation.

advanced threat detection

Customizable Rate Limiting

This threat detection feature allows admins to set per user rate limits for the following user actions.

  • Failed login
  • Forgot password
  • Send or resend email verification
  • Passwordless magic link login
  • Send or resend registration verification
  • Send two-factor authentication code
fusionauth customizable rate limiting
FusionAuth CAPTCHA


FusionAuth will require a CAPTCHA in certain circumstances such as when a new device is seen for the first time. There are a variety of paid and free CAPTCHAs supported, including Google ReCaptcha and HCaptcha.

FusionAuth IP ACL


FusionAuth Advanced Threat Detection enables administrators  to lock down an application or API key to a certain IP address or range of IP addresses by creating an IP access control list.

Location Aware Security

Request location data is used in a variety of ways to secure user accounts. All features are configurable by developers. Some location aware features include:

Geographic location of where the password reset request was made is displayed in Password reset email, allowing the recipient to determine if the request seems suspicious.

Calculate "impossible travel" to see if a user could realistically log in at different locations around the globe in a reasonable time frame.

When a login request occurs from an unexpected IP address, a user receives an email to notify them of a new login with an approximate location of the IP address.

Registration Domain Blocking

For self service registration, administrators have the ability to block email domains using Advanced Threat Detection. There may be email addresses for which you want to block registration, like consumer gmail.com addresses if your application is aimed at business users.

registration domain blocking
webhook events

Webhook Events

There are a number of security related events that your SIEM or other analytics systems may want to ingest, such as when MFA has been disabled for a user or when a user has requested a password reset. Advanced Threat Detection webhooks can notify on 10 different suspicious or prohibited user actions, such as Duplicate IDs and Password Updates. 

For a full list of Threat Webhooks, click here.

Security Emails

Chosen security events can trigger emails being sent to the user. Customized email templates contain security variables of choice, for situations such as duplicate ID creation, password resets, or MFA removal.

See full list here.

security emails