What do you like best about the product?

FusionAuth's feature set is hard to beat - it really is an all-in-one auth solution. We particularly appreciate the themable multi-tenant aspect to FusionAuth, the full OAuth 2 support, and the built-in registration, login, and forgot password flows. The admin console makes it easy to get started, but FusionAuth's API-first approach and excellent documentation have made it a breeze to automate tasks once we've got them working via the admin console. To top it all off we love that we can self-host FusionAuth and maintain full control over our user data. We've been doing this via Docker and have had very few problems.

What do you dislike about the product?

The upgrade process for theme/email templates can be kind of a pain and we're not huge fans of freemarker. The flexibility afforded by this theming system is totally worth the effort though.

What problems is the product solving and how is that benefiting you?

We use FusionAuth to manage > 50k user accounts (> 10k daily active users) across multiple iOS, Android, and web applications. The OAuth 2 support gives us a unified registration and login experience across all these platforms. It would have taken us many months to build a custom solution with a fraction of the features that FusionAuth gives us.

What do you like best about the product?

It was a snap to get a self-hosted instance of Fusion Auth going, and for the same amount of effort it took to integrate just one social provider, I got a lot more flexibility.

What do you dislike about the product?

I had to plan and deploy one more system.

What problems is the product solving and how is that benefiting you?

It lets me move all my authentication for both front-end and back-end to one place, without requiring me absorb the risk of moving everything off to a single social provider. The turmoil at twitter makes me very glad not to have chosen that option.

What do you like best about the product?

Integration with Kafka is fantastic for implementing integration events.

The handy built in email template editor makes it easy to customize your auth-related emails.

What do you dislike about the product?

The Kickstart tool is great for automating setup through API calls but it would be nice to have a little bit more of a declarative config file or environment variables for some of the commonly replicated setup.

What problems is the product solving and how is that benefiting you?

OAuth integrations and auth token management are much better handled by a dedicated service like FusionAuth than by using any framework feature or library. We don't need to worry about identity management and can instead focus on the domain logic of our applications.

What do you like best about the product?

We support users across multiple apps and have found Fusionauth to be a good solution tot his problem. We also enjoy the typescript api client, support for SSO providers and the thorough documentation surrounding that.

What do you dislike about the product?

The ability to manage theming and templates for Fusionauth UIs, including the recover password screen, is not very approachable and looks really dated out of the box.

What problems is the product solving and how is that benefiting you?

We need to support a single user across multiple apps in our family of products which FA does effectively. We need to support SSO and FA handles that quite well. We benefit from having saved a lot of time not having to develop these features ourselves.

What do you like best about the product?

Finding an easy-to-use yet powerful auth system is challenging. But FusionAuth provides this effortlessly and inexpensively. After discovering FusionAuth, creating our first demo took just a few hours. After that promising demo, we dove deep into the FusionAuth white papers and API docs to bring Circleboom Login to live.

From my previous experience with other identity providers, I can easily say it saved more than a couple of man/months and tens of thousands of dollars.

What do you dislike about the product?

Some of the features are well hidden, and it’s not easy to understand how to find them, particularly adding roles to an application. Every time we want to do this, we search around and think, “where’s that roles menu item? It was here last time”. Then we realize after a few minutes that we need to exit “app edit mode” and click on the user-shaped icon to get into the roles. You manage every important thing about an app on the “app edit” screen, except role management.

On the admin dashboard, I still have to search for action buttons (you usually put them in the upper right corner). It’s somewhat contrary to standard UX.

Even though I love the product, I think it needs a user experience overhaul.

What problems is the product solving and how is that benefiting you?

We need a standalone SSO system to help our users log in and use the different tools we create without a hitch. With FusionAuth, we were able to create a robust single sign-on solution.

What do you like best about the product?

FusionAuth takes the authentication implementation off your hands and is highly flexible when integrating across multiple applications. Migration from other systems is easy as well when using the API or Lambdas.

What do you dislike about the product?

I think the search and sorting of users between tenants, applications and roles needs more attention. It is difficult to isolate users by tenant or application in the UI.

What problems is the product solving and how is that benefiting you?

FusionAuth provides a central application for our team to handle authentication and user management. We do not need to reinvent the wheel when it comes to providing authentication for a new service.

What do you like best about the product?

I'm a technical consultant helping clients implement IAM solutions, and, having found FusionAuth, it's now my product of choice for complex integrations. I've worked with quite a few alternatives, and I must complement the team at FusionAuth for a very well-thought-out application with the clearest UI I've found so far. This covers virtually every integration you'll come across, but, when things get tricky, like dealing with legacy systems, poorly-complying OAuth or SAML implementations, or multiple client dependencies, FusionAuth gives us a comprehensive set of APIs and related tools to help out. I've also really appreciated the diagnostic facilities that come with the FusionAuth; these help reveal what's going on under the bonnet when things don't work the first time! The features are well explained in FusionAuth documentation, which is probably the best I've come across in the IAM area. When I was starting out with the product and having various questions, I was impressed with the quality of the forum and the fact that it was well supported by members of the FusionAuth tech team.

What do you dislike about the product?

There's not a lot that I can complain about. One thing I'd say is that because FusionAuth is a relatively new contender in the IAM areana, there are fewer helpful tips on the Internet than for rival products. However, in the time since I've been using FusionAuth, I've noticed that changing, I guess others are now catching on about the product.

What problems is the product solving and how is that benefiting you?

I often work on complex integrations, frequently on government and local authority jobs, where legacy systems abound. FusionAuth is the most flexible CIAM I've found so far, which combines a clear UI and a comprehensive API, giving me the "glueware" I need to link systems together. I also like the fact that I can download a free version and run it on-prem, typically in a VM that I can snapshot whilst I'm building out a complex solution. That, together with the authentication flow debugging that FusionAuth provides, has really helped accelerate my learning in the IAM field.

What do you like best about the product?

You can tell it was created with developers in mind because the documentation is top notch and the examples are well written and clear. Also, the support is above and beyond expectation.

What do you dislike about the product?

Nothing really serious comes to mind. Overall it is a really great product with great support. I'd love to see even more content on their YouTube channel maybe because I find it really helpful, but I'm sure they are working on that.

What problems is the product solving and how is that benefiting you?

I had multiple projects in development. Some I needed to have auth in an on-premise situation and others could be on cloud. I love that FusionAuth had the flexibility to provide both and for a much cheaper cost than others. I couldn't afford the other options and would have ended up trying to write it myself which would have been a nightmare.

What do you like best about the product?

FusionAuth has a simple to use API, and terrific API docs. We get everything we need including registering users, login both natively and through social platforms, issuing and managing access tokens, performing service-to-service auth for our back end microservices, and managing user roles. The APIs are lightning fast, and there are also APIs for bulk user operations (such as import from our previous, homegrown auth solution). They easily handle our scale of 100,000+ users.

What do you dislike about the product?

Nothing, really. There are some features we're not ready to take advantage of yet, such as SAML integrations.

What problems is the product solving and how is that benefiting you?

We use FusionAuth as the identity provider for our SaaS application and client APIs, and we rely on FusionAuth for account registration, login/logout, access token refreshes, and activating/deactivating accounts. Internally, we use FusionAuth for backend service-to-service authentication and authorization, and for managing user roles in internal applications. We also use FusionAuth to allow for external identity providers, like logging in with Google. FusionAuth automatically handles account creation for us in this case. We plan on adding support for multi-factor. All of this is beneficial because our engineers can focus on our core product features, and not spend their time on solving problems and maintaining solutions that are necessary, but not core to our business.

What do you like best about the product?

I'm an IAM consultant working in the CIAM area, I’ve become pretty familiar with commercial IdP offerings like Auth0, Okta, Gluu, Cognito and so on. I’ve also worked with opensource alternatives like Keycloak, ForgeRock and OpenIAM.

I think it’s fair to say that most of the above have been around for a while, and whilst they all do the job, many of these products seem to have grown organically to become so full of bloatware that a lot of arcane knowledge is needed to get around the product and to make its deployment and management services work.

I’ve been wondering for a while now when the industry was going offer up a newly architected product for CIAM use, something developed from scratch, without the baggage of its legacy, with a comprehensible UI and a comprehensive API that would allow me to build the myriad of complex integrations that I’m increasingly asked for.

Well, it’s happened. Enter FusionAuth, a newly architected product that does just that. The developers clearly know their stuff and from what I’ve seen they must have been in the IAM and related security industry for some time because virtually everything you would want from a CIAM integration tool is there.

Pricing - So, what do I like about FusionAuth? I’d start with the way they price the product. You get what you pay for they say, but with these guys it seems you really do get a good deal. I started using their “freemium” “Community” plan, which I run on-prem (actually on AWS free-tier). I can use it for as long as I like, with an many users as I like, in as many “tenants” as I like. That’s pretty cool. There are a few functional limitations imposed on the freemium product, but importantly, the codebase is the same as their cloud offering, so I can confidently deploy a client solution from that into a live environment. As you get more familiar with the product, you’ll get to the point where you’ll want to release those “Premium” features, and their well-priced “Starter” plan on-prem is a pretty cost-effective place to start (around $125pm for up to 10k MAU).

Efficiency – Unlike many of the more established alternatives, FusionAuth really is economical in its use of server resources. For example, I couldn’t believe that I could get an entire on-prem FusionAuth system running happily in a 1GB AWS free-tier EC2 instance. That’s just brilliant, and by running the various integration “Lambda” I’d created on the AWS Lambda free tier, I’ve been able to set up complete cloud-based POCs for my clients, all based on these freemium products.
Multi-tenancy – One of FusionAuth’s immediate benefits is it’s multi-tenanted structure. Each tenant offers a completely distinct application and user context, which separates integrations and clients’ user base. Each tenant can have its own connectors, customizations, themes, etc., and so that each tenant’s hosted forms can be tailored to suit each set of client application’s needs.

Admin UI – In my view, FusionAuth has one of the clearest Admin UI that I’ve seen yet in a CIAM product. It’s certainly easier to learn and use than Auth0 or Okta, and I suspect this is due to the fresh approach the developers have been allowed to take. The UI allowed me to do most of the common integration tasks I need, but when I need extra functionality, I’ve found that there’s a comprehensive API system to fall back on. The API taxonomy is very logical and well-architected, which again looks like a benefit of starting from scratch. Finding your way around any product’s APIs can be frustrating, but in FusionAuth’s case, it looks like the developers had a real SOA architecture in mind and they’ve provided an unusually good level of documentation and examples to work from.

Documentation - FusionAuth documentation is generally very good, it’s certainly better than some of the competitive products I’ve been using. So, newbies like I was, when exploring the Admin UI for their first integrations, will find each flow (OIDC, External IdPs, SAML IdP Initiated, etc. ) clearly explained in the relevant sections of the online doc, and frequently supported by extra YouTube videos. Then, for specific queries like how to debug flows, customize themes, add claims, manage user lockouts etc., it turns out there’s a mass of help available through the supplier-supported GitHub and Forum channels. It's clear that there’s a growing body of FusionAuth enthusiasts, all working away on their individual projects, who are sharing their knowledge to the benefit of all. That gives one confidence going forwards. Finally, I’m now on a paid-for plan, and I find can get access to their dev specialists via their support tickets, which has helped me advance further into the product’s capabilities, using FusionAuth as the “glue” for a few really complicated integrations.

Extra Features - So, what have I not covered that I like? Lots, like the way I can quickly customize their hosted forms by using CSS, custom fields and custom forms. Or using their APIs to log in and register users with my own local forms. There’s also the ability to customise flows using their “Lambda” functions. Lambdas are snippets of code that we author that can be stitched into different stages of the authentication/federation flow, typically to translate claims and JWTs. Obviously, all the standard features of a CIAM product are there as well, e.g., there’s both a fast-track and generic way to setup upstream (external) IdPs such as Google, Facebook, Linked In etc. MFA options are also provided using Google and MS Authenticators, and in the Premium version, Email and SMS. There are tools to migrate users, both gradually (using FusionAuth’s “connectors”) and en-masse via import scripts, where the APIs give ample scope for mapping claims and the like.

Active Development - All complex software has bugs and illogicalities, but having monitored FusionAuth’s release notes and worked with their updates as they become available, I take confidence that there’s a team continually on the case. That, together with the neat APIs, the integrated debugging, the plentiful options for customization, the cool documentation, and the growing body of knowledge about the product, gives me the incentive I need to continue my journey and deploy the product into the increasingly complex situations I’m getting involved with.

What do you dislike about the product?

Now we come to what I don’t like about the product. To be honest, there aren’t many things I can think of. Maybe it not being opensource, which I cover below, or maybe the difficulties I had in the early days mastering some of its customizations. FusionAuth’s forms would feature here; they depend heavily Apache’s FreeMarker macro language which although I was aware of it, I’d not had to use in anger before. That said, I can now see why FusionAuth use it so extensively; the macros provide what amounts to an MVC framework for their hosted forms, greatly simplifying the customization process across the 20 or so hosted forms that each Theme gives.

Opensource it Isn’t – FusionAuth is not opensource, and although there is talk that the developers may choose to release it as such at some point, right now they are keeping it to themselves. I used to shy away from proprietary solutions, and was thus attracted to the likes of Keycloak, OpenIAM and more recently, Auth0. But now I’m not so sure. The fact is, like most folk, I’ve never had time to delve under the bonnet into an IdP product’s codebase, so that’s no advantage. Instead, I have to put up with bloated opensource products that have become very messy legacy interfaces, and with “mixed” levels of support. That’s the main reason I’ve turned to using proprietary products like FusionAuth. The clue is in the FusionAuth’s own strapline; “built by developers for developers”, and that certainly makes sense in the world of CIAM. CIAM is not only complex, it’s also absolutely mission critical for most clients, and so any IdP solution has to be robust and dependable. Its fine for me to develop clever POCs based on opensource, but when it comes to putting these into live environments I can’t afford failure, I’m much better off using tried and tested product with guaranteed support behind it, like FusionAuth.

What problems is the product solving and how is that benefiting you?

FusionAuth is one of the latest Identity Provider (IdP) products focused on the CIAM market place. In a CIAM context, an IdP offers a “single point of truth” for managing user records.

IdPs are hooked into one or more applications that rely on this user information as “relying parties”. The benefit to the relying party is that they then don’t have to worry about the increasingly complex tasks of looking after the user records, i.e.: ensuring the integrity and confidentiality of the user data, or the management tasks for users to self-manage, change passwords, add attributes etc.

Offloading these tasks to specialist software is especially important as the world moves beyond simple username/password credentials to MFA and beyond to a fully “passwordless authentication” process, which requires seamless integration with more advanced authentication technologies.

The architectures of IAM solutions can quickly get very complex and so, as well as managing user data, the IdP also has to integrate into an arbitrarily complex application space. It’s, therefore vital that the IdP product has the right “hooks” to enable this integration. To that end the FusionAuth designers have sought a balance between what they think could/should be done in the admin UI, and what the integrator could/should do via programmatic interfaces. The trick in getting this right is to provide a sufficiently comprehensive set of such interfaces, which FusionAuth does through its mechanisms for API calls, webhooks, Lambda functions, and a rich set of customization options within the admin UI itself. FusionAuth is a good example of a well-designed, modern product, aimed directly at this CIAM market.