FusionAuth is a customer identity and access management (CIAM) platform that provides authentication and authorization capabilities for applications. The platform implements the Authorization Code grant standard for delegating authentication and authorization. The product includes multi-factor authentication (MFA) functionality, breached password detection, and customizable login flows. Users can configure authentication requirements per application and implement custom logic to block logins. The system supports password hashing with configurable algorithms and allows migration from legacy hashing methods like MD5 through custom plugins. FusionAuth offers password re-hashing on login to incrementally improve security without affecting user experience. The platform includes Advanced Threat Detection capabilities for blocking malicious behavior, IP-based access restrictions for applications and API keys, and rate limiting for password resets and email verification workflows. Security notification features include customizable, localizable emails for events such as breached passwords, new device usage, MFA method removal, and suspicious activity. The system can fire webhooks for integration with SIEM systems. Additional security features include reCAPTCHA integration, location-aware security, and prevention of self-service registration from specified domains. The platform provides both API-driven functionality and pre-built login flows. Deployment options include self-hosting and cloud hosting.