FusionAuth

API

FusionAuth is an open source customer identity and access management platform with SSO, MFA, OAuth2, SAML, and full depl

fusionauth.io

Last updated: April 2026

FusionAuth is an open source customer identity and access management platform with SSO, MFA, OAuth2, SAML, and full deployment flexibility.

Visit Website

2views

Identity & Access ManagementOpen Source Enterprise Developer-Focused

About

FusionAuth is a customer identity and access management (CIAM) platform that provides a comprehensive set of authentication, authorization, and user management features. Available as both a self-hosted open source platform and a managed cloud service, FusionAuth offers the flexibility to deploy anywhere from a developer's laptop to an enterprise data center or cloud environment.

The authentication capabilities in FusionAuth cover all modern authentication patterns. Email and password login with configurable password hashing algorithms (bcrypt, Argon2, PBKDF2, and others), social login with major OAuth providers, passwordless login via magic links and WebAuthn passkeys, multi-factor authentication with TOTP, email, and SMS second factors, and enterprise SSO via SAML 2.0 and OpenID Connect are all included.

The multi-tenancy model in FusionAuth is particularly powerful. A single FusionAuth installation can host multiple independent tenants, each with its own user database, application configurations, branding, and security policies. This makes FusionAuth an excellent choice for SaaS platforms that need to provide white-labeled authentication for each customer, IoT platforms with multiple device ecosystems, and businesses managing multiple brands.

The Themes system allows complete customization of all FusionAuth HTML pages including the login page, registration page, forgot password flow, and email verification screens. Themes are written using Apache FreeMarker templates with full CSS customization, enabling pixel-perfect brand alignment. Multiple themes can be configured for different tenants or applications.

Lambda functions in FusionAuth are JavaScript or GraalJS functions that run during specific authentication events, enabling customization of the claims included in JWTs, user reconciliation from external directories, and other event-driven logic. Lambdas are used during SAML and OIDC login events to map identity provider attributes to FusionAuth user fields.

The identity provider system allows users to authenticate through external OAuth and OIDC providers including Google, Apple, Facebook, GitHub, LinkedIn, Twitter, and any custom OAuth or OIDC server. SAML IdP integrations support enterprise federation with any SAML 2.0 identity provider.

FusionAuth provides comprehensive APIs for all user management operations including CRUD for users and groups, bulk user import for migrations from legacy systems, audit log access, JWT verification, and tenant management. The admin UI provides a web interface for day-to-day management tasks.

As an open source project (Apache 2.0 license), FusionAuth can be fully audited, customized, and self-hosted with no vendor lock-in, making it a trusted choice for security-conscious and compliance-focused organizations.

Positioning

FusionAuth is a customer identity and access management (CIAM) platform that runs anywhere — your servers, any cloud, Docker, Kubernetes, or FusionAuth's own cloud. Built from the ground up for developers who need auth that works without compromise, it supports every modern authentication standard while remaining simple enough to configure through its admin UI.

Unlike Auth0 or Okta, which are cloud-only and priced per monthly active user, FusionAuth offers a self-hosted community edition with no user limits. This makes it particularly attractive for high-volume consumer applications where per-user pricing would be prohibitively expensive at scale.

What You Get

Complete Authentication
Passwordless login, MFA/2FA (TOTP, SMS, email), social login (Google, Apple, Facebook, 30+ providers), and enterprise SSO via SAML and OIDC.
Multi-Tenancy
Isolate users, applications, and configurations across tenants within a single FusionAuth instance — ideal for SaaS platforms.
User Management & Self-Service
Built-in registration forms, account management, password reset flows, and email verification with fully customizable templates.
Consent & Privacy
GDPR-ready consent management, data portability endpoints, and configurable data retention policies.
Threat Detection
Rate limiting, breached password detection, IP-based access control, and advanced login anomaly detection.

Core Areas

Consumer Authentication

Handle millions of end-user logins with social sign-in, passwordless options, and progressive profiling for consumer applications.

SaaS Multi-Tenancy

Provide isolated authentication environments for each of your customers within a single FusionAuth deployment.

Enterprise SSO

Connect to corporate identity providers via SAML 2.0 and OIDC for B2B applications that require enterprise federation.

Compliance & Security

Meet SOC 2, HIPAA, GDPR, and COPPA requirements with built-in consent management and audit logging.

Why It Matters

Authentication is one of those systems that seems simple until it isn't — edge cases around password resets, account linking, session management, and regulatory compliance consume months of engineering time. FusionAuth packages all of this into a single binary that deploys anywhere and scales to millions of users.

The self-hosted model is the key differentiator: your user data stays in your infrastructure, you control upgrade timing, and there's no per-user cost that scales linearly with growth. For companies building consumer-facing products, this can mean six-figure annual savings compared to cloud-only CIAM providers.

Reviews

No reviews yet.

Teleport

Teleport is an open source identity-aware infrastructure access platform for SSH, Kubernetes, databases, and web apps with zero-trust and audit logging.

Identity & Access Management