ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

Sergio
Sergio
View on Discord
7/11/2025

Globally disable email auth

Hey team I have all of my users logging in through sso - they each have their own because they have their own idps - how can I disable email verification? see below for an explaination of my use case ```Federation Broker is a technology that enables users to access resources using credentials at their own identity provider. Furthermore, it enables users to provide access to other users without creating individual federation connections to each and every user. Here’s the typical setup. Users make or verify the setup of their own identity provider - it can be Okta, Microsoft Entra/Azure AD, Authentik, or anything else. They then connect their own IdP to their personal Cloudflare Zero Trust account. Next, a SaaS application is added to their Cloudflare Zero Trust application which is added as a IdP source within the Federation Broker Cloudflare Zero Trust account. Finally, the Federation Broker Cloudflare Zero Trust account is set as an IdP for resources and other destinations....
hailrake
hailrake
View on Discord
7/11/2025

The requested redirect_uri is missing in the client

{"error":"invalid_request","error_description":"The requested redirect_uri is missing in the client configuration. If you have any questions, you may contact the administrator of the application."} Where is the problem?...
No description
lbm
lbm
View on Discord
7/11/2025

Question about validating a user's roles within an organization

Hey everyone, appologies if there is already a similar thread about this. I looked quite hard but I wasn't able to find anything. My company is currently investigating Zitadel as a potential shared solution for product auth. From our perspective, is has a lot of clear benefits over the usual suspects like Keycloak. One thing that's got me a bit concerned is how our product teams will be able to validate the roles assigned to a user by a specific organization. As per the docs, with the urn:zitadel:iam:org:project:id:zitadel:aud scope, the userinfo endpoint will return roles in a structure like:...
Steve
Steve
View on Discord
7/10/2025

When setting up Zitadel, why is the default adminuser called `zitadel-admin@zitadel.localhost`?

When setting up Zitadel, why is the default adminuser called zitadel-admin@zitadel.localhost instead of zitadel-admin@localhost? I'm setting it up in my Kubernetes cluster, running Zitadel on domain zitadel.local.k8s and then the username becomes zitadel-admin@zitadel.zitadel.local.k8s. How to get it to simply be: zitadel-admin@zitadel.local.k8s?...
Larzous
Larzous
View on Discord
7/10/2025

EmailTemplate - Default Only or direct DB available?

In the sourcecode you provide the raw HTML file that is used for email generation when the SMTP email is sent: zitadel/internal/notification/static/templates /template.html From my reading of the documentation, in defaults.yml you provide EmailTemplate: which is a subsection of DefaultInstance:. Based on my investigation this is actually a base64 conversion of the html file above. -- As my instance is already setup and using EmailTemplate won't work for us have found that this file exists in hex format over in zitadel.projections.mail_templates2. There is only one instance with a hex entry in template(bytea)....
Caio Rosa
Caio Rosa
View on Discord
7/10/2025

Translator error while on 2fa screen, now my admin user is stuck in 2fa step

I've been using this regularly for months, we have in staging environment running with no problems, now in production environment for a couple of weeks starting tests to move real production apps on it, but today I suddenly go login to it and got this error. time="2025-07-09T10:40:22Z" level=warning msg="missing translation" args="map[]" caller="/home/runner/work/zitadel/zitadel/internal/i18n/translator.go:173" error="message "non-UTF-8 in decrypted string" not found in language "en"" id="non-UTF-8 in decrypted string" time="2025-07-09T10:40:37Z" level=warning msg="missing translation" args="map[]" caller="/home/runner/work/zitadel/zitadel/internal/i18n/translator.go:173" error="message "non-UTF-8 in decrypted string" not found in language "en"" id="non-UTF-8 in decrypted string" I couldn't find anything related to it on the docs or on github issues. Now my admin user is stuck in the 2fa screen and I cannot go back....
Guyzeroth
Guyzeroth
View on Discord
7/10/2025

Instance deletion deletes both with same name!?!? Help!

Hello, I am settting up a my-production instance, I initially created one but then deleted it as I screwed something up. I recreated another one with the same name it now shows two in the dashboard, one with a url assigned my-production.zitadel etc and one without. I deleted the one without and now both are gone?
Krishna
Krishna
View on Discord
7/9/2025

Docker instance failing installation at database access

I am trying to install zitadel to replace authentik on my Ugreen NAS. Somehow it always fails at the database access step. I have setup .env file with all the variables, however something seems to be wrong. zitadel-db container boots up and is healthy. zitadel container fails trying to access database and does not find user/ incorrect password. Any help is much appreciated!

docker-compose.yaml

guidolux
guidolux
View on Discord
7/9/2025

Test drive v4.0.0-rc1

I am trying to run version 4.0.0-rc1 on a server in my home network. I am using a local domain, and the port is 8080. On this release, the (embedded) console is not displaying at all. I had no error messages in the console during the startup phase. http://localdomain.com:8080/ui/console -> redirects to http://localdomain.com:8080/ui/v2/login/login?authRequest=V2_328122283870650372 this url return this JSON ...
No description
Larzous
Larzous
View on Discord
7/9/2025

Email Branding - Bug

Is there a way to get system emails to follow the login branding? Maybe even include our logo as part of the email header? I know with "Message Texts" you can change text within the emails, but they come with white backgrounds and the buttons are default purple. Are these updated for whatever "Light Theme" is set for? I set our system for Dark Mode Only and the emails still use the light default theme....
Larzous
Larzous
View on Discord
7/9/2025

Message Texts - Default Language Incorrect

Self-Hosted - v3.3.0 I think I found a bug? When I'm in the "Message Texts" section the page loads the first available Language from "Languages" despite English being set as the default. ...
No description
ĐARK々MÁTTER
ĐARK々MÁTTER
View on Discord
7/9/2025

How can I get the user last login date from id?

I have added service user as ORG USER MANAGER in the organization and now I have assignment to list all the users and their date of last login. How can I do this? /users/me won't work here....
Sk-7060131690
Sk-7060131690
View on Discord
7/9/2025

Default Role Not Assigned When Creating User from Console (PostCreation Trigger in Internal Auth )

Use-case: I’m working on setting up automated role assignment for users in my application using ZITADEL. I'm using both Zoho OIDC for external login and direct user creation via the ZITADEL console (invite flow). My goal is to assign the default 'user' role automatically right after a user is created—regardless of the method. Environment: ZITADEL Self Hosted...
vhdirk
vhdirk
View on Discord
7/8/2025

Crossplane provider

I'm building a crossplane provider for Zitadel: https://github.com/vhdirk/crossplane-provider-zitadel. It reuses the terraform provider through Upjet. Currently, I cannot create any resource; the internal terraform client is not able to reach the zitadel API. As with the terraform provider, you need to provide: - domain - port...
Dom
Dom
View on Discord
7/8/2025

Primary color (dark mode) is no valid Hex color value (POLICY-391dG)

I come with a very weird bug 🤣 🐛 As you might know, we configure Zitadel mostly as code. So did we the First and Default Instance. Only did I make one tiny mistake: ...
No description
Ramsai
Ramsai
View on Discord
7/8/2025

Best Practices for Limiting Active User Sessions?

Hello Team, We're using a cloud ZITADEL instance with a custom login UI and need guidance on managing user sessions. Our goal is to limit users to a maximum of two active sessions (like Netflix). We've explored two ZITADEL API approaches, but both have challenges for our real-time needs:...
Igor
Igor
View on Discord
7/8/2025

Zitadel - interaction required error

Hi guys. If there are 1+ active users, you must constantly select an account in zitadel every time you reload the page. Error from the FE application logs: `...
TomasP
TomasP
View on Discord
7/8/2025

UserAgent cookie GDPR compliance

Currently, Zitadel uses two cookies: - zitadel.csrf - zitadel.useragent ...
Mattia
Mattia
View on Discord
7/8/2025

JWT auth fails when adding custom domain

Hi everyone 👋 I deployed a ZITADEL v3.3.0 instance to my K8s cluster using the Helm Chart and now want to configure a custom domain. From what I found, this must be done via the API (no UI anymore?) — is that correct?...
YokDaha
YokDaha
View on Discord
7/7/2025

projections.milestones how to fix i cant find the solution

2025-07-07 14:31:03.827 UTC [76] ERROR: relation "projections.milestones" does not exist at character 63 2025-07-07 14:31:03.827 UTC [76] STATEMENT: SELECT instance_id, type, reached_date, last_pushed_date FROM projections.milestones...
PreviousNext