How can I get the user last login date from id?
I have added service user as ORG USER MANAGER in the organization and now I have assignment to list all the users and their date of last login. How can I do this?
/users/me won't work here....
Default Role Not Assigned When Creating User from Console (PostCreation Trigger in Internal Auth )
Use-case:
I’m working on setting up automated role assignment for users in my application using ZITADEL. I'm using both Zoho OIDC for external login and direct user creation via the ZITADEL console (invite flow). My goal is to assign the default 'user' role automatically right after a user is created—regardless of the method.
Environment:
ZITADEL Self Hosted...
Crossplane provider
I'm building a crossplane provider for Zitadel: https://github.com/vhdirk/crossplane-provider-zitadel. It reuses the terraform provider through Upjet.
Currently, I cannot create any resource; the internal terraform client is not able to reach the zitadel API. As with the terraform provider, you need to provide:
- domain
- port...
Primary color (dark mode) is no valid Hex color value (POLICY-391dG)
I come with a very weird bug 🤣 🐛
As you might know, we configure Zitadel mostly as code.
So did we the First and Default Instance. Only did I make one tiny mistake:
...
Best Practices for Limiting Active User Sessions?
Hello Team,
We're using a cloud ZITADEL instance with a custom login UI and need guidance on managing user sessions. Our goal is to limit users to a maximum of two active sessions (like Netflix).
We've explored two ZITADEL API approaches, but both have challenges for our real-time needs:...
Zitadel - interaction required error
Hi guys.
If there are 1+ active users, you must constantly select an account in zitadel every time you reload the page.
Error from the FE application logs:
`...
UserAgent cookie GDPR compliance
Currently, Zitadel uses two cookies:
- zitadel.csrf
- zitadel.useragent
...
JWT auth fails when adding custom domain
Hi everyone 👋
I deployed a ZITADEL v3.3.0 instance to my K8s cluster using the Helm Chart and now want to configure a custom domain.
From what I found, this must be done via the API (no UI anymore?) — is that correct?...
projections.milestones how to fix i cant find the solution
2025-07-07 14:31:03.827 UTC [76] ERROR: relation "projections.milestones" does not exist at character 63
2025-07-07 14:31:03.827 UTC [76] STATEMENT: SELECT instance_id, type, reached_date, last_pushed_date
FROM projections.milestones...
Actions v2 documentation
There is a kind of chaos regarding documentation of v2 actions. Migration guide link the testing functions (https://zitadel.com/docs/guides/integrate/actions/testing-function) but to know how to add the claims you have to jump to Using Action (https://zitadel.com/docs/guides/integrate/actions/usage). All the example using the restWebhook for target, but in fact it doesn't work with webhook. After getting through API documentation, you can find that webhook make a rest call without processing the...
User ip info in custom login
Hi team. In a hosted login session info like user's device information, ip or location , zitadel handles them . I am using a custom login ui , can you please help me on how get the info like user's device information, ip , location in custom login.
I am currently trying to use https://zitadel.com/docs/apis/resources/session_service_v2/session-service-create-session this API . In this api we need to provide ip in the api request, can you tell me how can I retrieve the ip info in custom login...
Change user email
I'm implementing a feature to allow users to change their email. I'm using the API: https://zitadel.com/docs/apis/resources/auth/auth-service-set-my-email. User noticed that ZITADEL updates the email without verifying whether the email address actually exists. As a result, if the user enters an incorrect email, they won't be able to enter the verification code when logging in again. How can you handle this issue effectively?
Questions about new SCIM feature & Commercial License
The new SCIM feature, which is currently in preview seems very promising for my business, since we're a B2B SaaS with per-seat pricing in Germany.
What I don't quite get is the commercial license. So the feature, when generally available will only be accessible with a commercial license, right?
A few specific questions:...
Remove all MFA settings for locally hosted Zitadel
Hello, through some bad luck my phone was recently fatally damaged and with it poof gone is my TOTP app and thus all my access to my self-hosted zitadel instance. Is there any way to remove the 2fa settings for each individual user on my local installation? I suppose they are somewhere in the postgres database but where would I find and change these?
Does ZITADEL support automatic retries for failed Actionsv2 webhook executions?
Hi everyone! 👋
I’m using Actions v2 with webhook targets configured under function and event executions. I see that when a webhook returns an error (HTTP 500, timeout, etc.), ZITADEL can interrupt further execution (via interruptOnError) and indicates failure.
But my questions are:...
Help with RFC implementation
Hello there!
Currently I'm trying to implement support for RFC-9126 in self-hosted fork of Zitadel to help migration from Keycloak
I'd like some help to understand the best way to implement this one:...
When uploading any photo, get a “no existing directory” error
Environment: Ubuntu 20.04
Version: 2.64.1
Stack: Netbird’s combo stack:...
SAML2: Signing the documents, in addition to the assertion
Use-case
SSO solution for most things
Environment
Self-hosted...
Linking multiple emails
Dear everyone
My programmer has a little problem. in the old system we were able to link 2 or more email adresses together in the user-profile as we often had the situation where they want to login with a private email but due to the nature of our platform also use their professional email for that and we could link this together.
our programmer said that zitadel is always "1 email is 1 account" so we cant do that anymore. Did someone of you have the same problem once or how would you solve this?...
How to enable user self-registration option on login page?
This seems like a simple thing but I can't seem to figure it out. I'm using Zitadel for oAuth/OIDC apps. When the apps redirect user to login, they are sent to /ui/login/login but it only has a Login Name field and a next button. If they aren't already registered there doesn't appear to be a way for them to register. How can I let them register if they haven't already?
I've read this (https://zitadel.com/docs/guides/integrate/onboarding/end-users#built-in-register-form) but, since they're not logged in, the app wouldn't know if they are already registered and wouldn't know whether to send that prompt parameter....