2

I have the following use case. I have several organizations that want to use my application (spa). The owners of these organizations must be able to register a new organization by email. Once the email has been verified and the organization has been unlocked, the owner must be able to create new users for their own organization. the username and password can be chosen freely by the owner (no email, eg Callagent1, Bob, etc.). The newly created users can now log in with the help of organization id, username and password.

how can i realize this with the help of your product? which steps do I have to take?

user1167253
  • 813
  • 1
  • 11
  • 27

1 Answers1

3

FusionAuth supports the concept of Tenants and then each Tenant can have multiple Applications and Users. Here's how you would accomplish this with the FusionAuth APIs:

  1. When a new organization is unlocked, you call the Tenant API to create a new Tenant (https://fusionauth.io/docs/v1/tech/apis/tenants)
  2. You create a new Application in this newly created Tenant using the Application API (https://fusionauth.io/docs/v1/tech/apis/applications). Don't forget to send in the Tenant Id using the header. You can read up more on Tenants in this Tutorial (https://fusionauth.io/docs/v1/tech/tutorials/tenants)
  3. The user that just verified their email is created a User in the Tenant by calling the User API (https://fusionauth.io/docs/v1/tech/apis/users) and/or the Registration API (https://fusionauth.io/docs/v1/tech/apis/registrations). They will also need a Registration to the Application created in step #2. This user can be granted a role in the Application that allows them to create new users. Maybe it is called Admin or something.
  4. The admin user can now create new users. When a new user is created, you perform the same API cals from step #3, but the new users are given different roles.

This setup will allow the organizations to have users that can log in with their organization id (which is the tenant id), username and password.

voidmain
  • 1,625
  • 1
  • 14
  • 14
  • Thanks a lot. Can I also use FusionAuth for the initial step, I mean verification of email and register/unlock a new organization by email? – user1167253 Aug 27 '19 at 04:48
  • FusionAuth can be setup to verify user's email addresses during the sign up process. You need to enable this in the System Settings by setting up an SMTP email server and then selecting the "Email Verification" template. In terms of unlocking a new organization, that is likely something you'll need to manage inside your application though. – voidmain Aug 27 '19 at 17:11
  • Nice, one more question, how can I setup Fusionauth to trigger my unlocking logic (call some REST endpoint with verified email) after Email verification? If I can do this, I just can write the logic for steps 1 till 4. – user1167253 Aug 28 '19 at 04:33
  • FusionAuth fires an event whenever a user verifies their email address. You can configure a Webhook to receive this event and then unlock the organization from there. Here's the documentation for Webhooks and events: https://fusionauth.io/docs/v1/tech/events-webhooks/ – voidmain Aug 28 '19 at 14:34
  • 1
    user.registration.verified event is reported to be code complete but not available until 1.8 is released: https://github.com/FusionAuth/fusionauth-issues/issues/163 – David Wilson Sep 04 '19 at 12:31