First, ensure your instance meets the requirements outlined here. In particular:

When using the Advanced Threat Detection feature, a minimum of 2GB of heap is required, and 3GB is recommended.

You also need to make sure the instance has outbound network access.

If this doesn't work, please open a support ticket.

@hanumant-sidraya

🎉 🙂

There is no built in support for this, but you may be able to modify your theme to allow for this functionality using javascript.

Here is a relatively simple example online - https://www.w3schools.com/howto/howto_js_toggle_password.asp - that should be helpful.

These are documented in here: https://fusionauth.io/docs/v1/tech/apis/users/#import-users

user.encryptionScheme is the field value to look for.

If you are using a custom password hasher, as outlined here: https://fusionauth.io/docs/v1/tech/plugins/custom-password-hashing/ you want to use the name that was used to bind the hashing class in the plugin module.

Currently the way you would do that is by using the short version in the custom field definition. This will be the programatic value that is persisted. For example:

US DE

Then in your message bundle (managed by the theme), you can translate those values into a more human readable option.

US=UNITED STATES DE=GERMANY

If we do not find a localized key, we will just use the key as the value which would then render as <option value="US">US</option>.

@rwheelerflemming

Please close this. I'm a moron and was using the Key ID instead actually clicking and revealing the Key Value.

Trust me when I say this - We have all been there RE: pebcak. 🙂

Glad you got it figured out!

Thanks,
Josh

@andres-garcia

I might lack a bit of context, but I think that

user is already created on FusionAuth

You do have the option to choose how FusionAuth will look for users on the tenant (more in the documentation). So you might have FusionAuth look for your user in an external LDAP connector, firstly, for instance.

So I was trying to do it that way because I can't provision the service async using the webhooks.

Is this a limitation of your architecture/design or a limitation you are finding within FusionAuth

Thanks,
Josh
FusionAuth

There is a known issue with performance if you are running our intel based Docker image on an M1 or other ARM based system.

We will be pushing out support for M1/ARM shortly..
We have a test image out there if you want to try it - using this one should provide much better performance.
https://hub.docker.com/layers/fusionauth/fusionauth-app/1.32.1_multi/images/sha256-da71d5be2bc849ef9d4e1205508fa34994973d75798a47cab9a8484ee2592ff7?context=explore

is the latest current experimental version. Make sure you choose the arm64 based image.

You can't do this with the hosted login pages, but there is an issue to allow/disallow MFA on an application by application basis: https://github.com/FusionAuth/fusionauth-issues/issues/763

Currently, you can't bypass MFA, but you can do an end run around by using the Login API.

You can start multi factor with a code you provide: https://fusionauth.io/docs/v1/tech/apis/two-factor/#start-multi-factor

Then complete the login process with that known code: https://fusionauth.io/docs/v1/tech/apis/login/#complete-multi-factor-authentication .

@maciej-wisniowski

Glad that you are able to figure it out. I am not sure if that qualifies as a bug, but definitely something to be aware of and might be worth calling out in our documentation.

I believe that you should have email templates after a kickstart (at least the default ones). I can do some more testing to see if that same thing happens to me when I kickstart.

Thanks,
Josh

@shaheem-aziz

Glad that you are enjoying FusionAuth!

The role name is not changeable. To change the name, you would have to remove the role and then re-add with a new name.

This only applies to the role name. The other fields (isDefault, Description, etc), however, are changeable.

Thanks,
Josh

@amit

Much of this might be context-specific. Entity Management is an implementation of the Client Credentials grant and may fit your use case. This video offers a useful demonstration:

https://www.youtube.com/watch?v=pJIzYLSTrMM

You may also find this to be useful --> https://github.com/FusionAuth/fusionauth-site/pull/1158/files as well if you are trying to implement certain levels of granularity within your permissions.

Hope this helps!

Thanks,
Josh

I'd use a webhook to provision/deprovision the grants.

https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-registration-create-complete/ has the roles for the application, so in the webhook, you can call the FusionAuth grant API to create or revoke the grant.

For initial setup, run a script to get all the users that have a given role (using a user search query) and then grant them access to all the entities.

Think about what happens when a new piece of equipment is added. From what I gather, all users with the "viewer" role will need to be granted access to that equipment. You can take care that of within the 'new equipment added' script: provision the equipment, then add the grant to all users with the "viewer" role.

Depending on when you are going to check the grant and the number of users and pieces of equipment, this may be a good thing to use a queue like SQS for, to add/revoke/update grants asynchronously.

@stuggiboogie I'm not familiar with ionos. You should check with them to make sure they support java applications or docker applications as well as a shell account and a database. If they can provide these and meet the system requirements, you should be able to run FusionAuth.

System requirements: https://fusionauth.io/docs/v1/tech/installation-guide/system-requirements/

Installation using a package: https://fusionauth.io/docs/v1/tech/installation-guide/fusionauth-app/

Installation using docker: https://fusionauth.io/docs/v1/tech/installation-guide/docker/

@owner

Apologies for the trouble. I believe this may be resolved in the issue below. This should be fixed in the next release of FusionAuth.

https://github.com/FusionAuth/fusionauth-issues/issues/1519

Please see the workaround mentioned in this issue and let us know if this resolves this issue for you.

Thanks,
Josh

@oleksiikraieviy and @vindhyahegde2114

This is going to be related to how you set up a generic messenger - I have a few tips here.

https://www.loom.com/share/cdd0835c054b40a4a3a6e2e32f1c9d04

Thanks,
Josh

@zero-enna

Glad that you got this figured out!

Thanks,
Josh

Hi @johnmiller

One option might be to use a webhook and take action based on this event.

https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-email-verified/

Thanks,
Josh

You can now do so as of FusionAuth 1.32.

More details in the issue 628 linked above.