8GB is way plenty. 1 or 2GB is generally adequate, it can depend a bit, but FusionAuth doesn't keep much in RAM. Scaling out horizontallly is likely more effective than more ram per instance. This way you can handle more logins per second--these are going to be cpu bound.

Hiya,

Yup, you've encountered a known limit of the lambda functionality. The two options you outline are the ones I'd consider. You could update the user data with the tenant name on create using a webhook, so maybe not as messy as you might think.

The only other option would be to file a github issue requesting the tenant information be made available in the lambda: https://github.com/fusionauth/fusionauth-issues/issues

There are some similar issues I'd suggest voting up if this is important to you:

https://github.com/FusionAuth/fusionauth-issues/issues/571
https://github.com/FusionAuth/fusionauth-issues/issues/267
https://github.com/FusionAuth/fusionauth-issues/issues/229

Generally this is a dev time message. Although depending upon your integration, it may be possible that an end user would see that message.

You could try adding a message to your theme:

[MultiTenantSSONotSupported]=n/a

In general, any user facing message can be overridden by your theme.

You can use the admin ui to build the query string.

Definitely test it out with the search first, and then use the bulk delete api.

Here's a shell script that searches for all users except one:

curl -vvv -XGET -H "Authorization: $API_KEY" 'http://localhost:9011/api/user/search/?queryString=NOT%20email:test%40example.com'

Note that I had to escape the space and the @ sign, but here's the elasticsearch query without the escaping: NOT email:test@example.com.

Also, if you are using the database search engine, the syntax will be entirely different, as this example relies on the Elasticsearch syntax.

I'd use the import users API.

Helpful links:

https://fusionauth.io/docs/v1/tech/tutorials/migrate-users https://fusionauth.io/docs/v1/tech/apis/users#import-users

what are you looking for in particular? This blog post has a node session which is used to manage the access_token:

https://fusionauth.io/blog/2020/03/10/securely-implement-oauth-in-react

Is this what you are looking for? https://fusionauth.io/docs/v1/tech/events-webhooks/events#jwt-refresh

Make sure you enable the webhook in the tenant as well as in the webhook definition.

Not with a FusionAuth policy, but you could enforce it just by checking the user during login, as twoFactorEnabled is an attribute of the user.

There's also this github issue which you may want to vote up: https://github.com/FusionAuth/fusionauth-issues/issues/763

No. A lot of our clients use Google analytics (or other similar page analytics tools) to gather those type of metrics.

This is a unique Id field per event, we do not currently persist this event for later retrieval.

If you want any persistent storage of the events, you would need to capture and store the event.

We don’t currently have any internal reporting for that metric.

The best way to do this currently would be to listen to the user.login.success event.

This event will contain what IdP was used and more info. You can then push that to whatever analytics storage layer (database, s3, etc) you'd like.

More here: https://fusionauth.io/docs/v1/tech/events-webhooks/events#user-login-success

There is not any special logging for webhooks.

If an exception occured that would cause it not to be fired, that will be in the log. If it is not being fired and there is no exception, then it is likely that the webhook is not configured to be sent for the particular tenant that you’re using.

More about webhooks: https://fusionauth.io/docs/v1/tech/events-webhooks/

Currently there is no way to prevent a user from doing what is outlined.

Please feel free to create an issue: https://github.com/fusionauth/fusionauth-issues

Hiya,

FusionAuth provides the APIs and data entities, but you have to code the flow. This is because there are multiple choices for parental consent.

Again, still working on documentation, but basically, when the child registers, you'll need to make sure they have a parentEmail attribute associated with the user object. FusionAuth will send one of two email templates based on whether the parent has an account or not.

Then you have to have the parent grant consent, which means building a form that they can check a consent box in, and you then record that consent using the Consent API. If the consent is a COPPA email plus consent, FusionAuth will send a second email based on the tenant settings (make sure you use version 1.18+ because of this issue: https://github.com/FusionAuth/fusionauth-issues/issues/724 ).

When a child is signed in, you can get any consents they have been granted, so your application can prohibit any functionality that needs parental consent.

Here's a sample app for the consent granting that may be helpful: https://github.com/FusionAuth/fusionauth-example-family

@denisskaletti Thanks for feedback. I removed your link because it seemed like spam. We welcome useful links that are about using FusionAuth, please check out the blog category and post there.

You’re correct. That is not a standard redirect URL. You could easily build some glue code to to look like an OpenID Connect compliant SP and then handle the redirect yourself. I am not super familiar with some of the OpenID Connect server options, but something like Hydra may be useful here. Perhaps some others from the community here can help with off the shelf options if you don’t want to code it yourself.

But coding it yourself may be the easiest, if you coded it in Node or something like that, it would be super simple, you’d have FusionAuth redirect to your node app and then you’d redirect to the video platform.

Check out the official documentation on using Docker + Kickstart.

Currently the only way to accomplish this will be to use the Import API, as you mentioned: https://fusionauth.io/docs/v1/tech/apis/users#import-users

We do have an open feature request to allow hashes to be provided on the User API, which I think would be what you're looking for: https://github.com/FusionAuth/fusionauth-issues/issues/348

Feel free to upvote that issue.

Sounds like @viola-mauro you've got this all working.

For anyone else that may be interested, we do have an apache module, that seems to be similar to what you're trying to do.

https://github.com/FusionAuth/fusionauth-mod-authnz-external