ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

Ty
Ty
View on Discord
5/9/2025

Outage information

We were hit by the outage yesterday pretty hard https://status.zitadel.com/incidents/290183, for about half an hour our users weren't able to login to our app. One thing that we tried to mitigate the issue was turning off the custom login that we were using which is largely based on the next app found at https://github.com/zitadel/typescript. It's somewhat unclear to me if that was the full solution or if we happened to do the switch around the same time that the cloud issues were resolving, but...
RockingChair
RockingChair
View on Discord
5/9/2025

Possible to activate user over console UI?

Hi, is it possible for me as an admin to activate a user and verify an email over the console ui? A user does not receive his verification mail due to unknown reasons and I want to activate him manually... Thanks!...
Sk-7060131690
Sk-7060131690
View on Discord
5/9/2025

ZOHO external IDP using generic OIDC

I am trying to use zoho as a login method in ziatdel login page using generic OIDC for my next js application but I dont see any button for zoho login in zitadel login page. I am sure I have correctly setup everything in zoho api console and ziatdel console. But I cant make it work. I am a junior dev and first time using zetadel as my company is shifting its authentication layer to zitadel self hosted and i have been tasked to implement zoho login with ziatdel provider and next auth. I cant fi...
Iyyammal
Iyyammal
View on Discord
5/8/2025

Zitadel - Facing issue while changing the logo

Hi, I am trying to change the zitadel logo in branding settings, but i have faced the error like "Http failure response for https://demoauth.inhlth.app/assets/v1/org/policy/label/logo/dark: 401 OK" Can anyone advice me why this error is happening
Ty
Ty
View on Discord
5/7/2025

OIDC callback url when using custom login, doesn't use custom domain

Hello, setting up a custom idp for a client. We also use the new custom login flow. I am seeing a couple descrepincies in the callback URL that we need to use. For one, we use a custom domain as well, but it is still making the request using the default zitadel domain. Also the path given in the documentation and the UI when setting up an IDP doesn't match, it is given as {CUSTOM_DOMAIN}/ui/login/login/externalidp/callback (and in that case it actually does use the custom domain). But when the request goes out it actually sets the callback to a path {GIVEN_ZITADEL_CLOUD_DOMAIN}/idps/callback. We can make this work, but it would be nice to have our clients configuring their SSO with the custom domain we have setup instead....
Masum
Masum
View on Discord
5/7/2025

Userinfo endpoint not returning all roles from all Role Audiences

When requesting the /userinfo endpoint using an access_token with the following scopes: openid profile email urn:zitadel:iam:org:project:id:zitadel:aud urn:zitadel:iam:org:project:id:<PROJECT-ID-1>:aud ...
Jon @ Posit
Jon @ Posit
View on Discord
5/6/2025

Device Authorization with Okta using zitadel/oidc

Hello! I'm attempting to use zitadel/oidc for device authorization against Okta, but I'm getting back this error from DeviceAuthorization: 
ErrorType=invalid_request Description=The client_assertion_type is invalid.
ErrorType=invalid_request Description=The client_assertion_type is invalid.
...
boblack_zocker
boblack_zocker
View on Discord
5/5/2025

Is there a way to have multiple microsoft identity provider but just 1 button instead of x buttons

Hello, i have a selfhosted zitadel and my customer have own identity providers that they want to have included. but for the moment if i add their identity provider as external identity on the main page there is added a button for that provider. so i would have a lot of buttons there. is there a way to change that?
Azure Byte
Azure Byte
View on Discord
5/5/2025

Is there a way to only allow a user to manage project permission grants instead of project owner?

I am looking to use Zitadel as an SSO authoriser and manager for a SaaS I am building. As part of this I am trying to allow users to manage user grants for a project and nothing else so they can manage who's allowed access to their instance themselves without messing up our config for them. I can see that there is an ORG_PROJECT_PERMISSION_EDITOR but is there one for just managing a single projects permissions? ...
Kanimozhi
Kanimozhi
View on Discord
5/5/2025

Assistance Needed: Google IDP Integration in ZITADEL Login

Hello Team!, I have recently started working with ZITADEL and am currently trying to configure multiple Identity Provider (IDP) logins for my application's ZITADEL login page. I have referred to the following documentation for integrating Google as an IDP: https://zitadel.com/docs/guides/integrate/identity-providers/google#ensure-your-login-policy-allows-external-idps ...
vf-tyler
vf-tyler
View on Discord
5/2/2025

v2beta/actions/* 404 with Actions V2 feature enabled

Hello, I realized I am still using the /v3alpha/actions/* endpoints and I went to switch to v2beta, but it seems all of the endpoints return 404: ```...
No description
mikecastillo
mikecastillo
View on Discord
5/1/2025

Is there a proto maven/gradle package?

I'm using quarkus app for connecting to the grpc services of zitadel. I'm looking for an oficial package that I can import to my gradle/maven config, instead of copy the proto file from the repository, so it keeps updated with each release that you are doing. So for now I copy the proto file, and added this dependencies to my gradle config, but I do not find in the documentation if this versions match the one you are using....
VilleFTW
VilleFTW
View on Discord
5/1/2025

Login shows Social idP, but not on Registration screen

Hello there! I'm trying to enable social links to be also available in the registration page, same as I have gotten on the login screen, but no matter what I do, they do not show up In addition, these are my settings for Google idP; even though I have added account create if it does not exist, I get back the following error...
No description
vhdirk
vhdirk
View on Discord
4/30/2025

K8s (with traefik) error 400 or 500

Hi! I've just installed zitadel in my homelab, which is a k3s cluster using traefik for ingress. I used the helm chart. After some issues with the init and setup jobs, I finally got to the point where I can login with the initial user. After the first login, I am asked to change the password. That seems to succeed. ...
AYEEDITYA
AYEEDITYA
View on Discord
4/29/2025

Migrating from CRDB to PGSQL

Has anyone migrated from cockroach DB to Postgres for Zitadel running via docker? I’ve been trying but have been unsuccessful. Any guidance would be much appreciated!
Tegar
Tegar
View on Discord
4/28/2025

Organization Home Page Customization

Hello, is there anyway to custom this page?
No description
Equinoxe
Equinoxe
View on Discord
4/25/2025

Disabling MFA globally

Is there any way to disable the MFA prompt which appears after the first login for the users (/ui/login/password)? I added those texts, but it seems that users don't read, just tap without knowing what MFA is, and later they don't know how to validate/use it 🙂 I have already configured Multifactor Init Check with a value of 0 as per https://zitadel.com/docs/guides/solution-scenarios/configurations#disable-multi-factor-mfa-prompt but the prompt still appears....
No description
bawsky
bawsky
View on Discord
4/24/2025

Roles missing in access token (JWT)

Hello. I'm trying to request access tokens with projects' roles without success - is this a bug or am I missing something? Authorization request (line breaks for readability): ``` note the scopes:...
oliwel
oliwel
View on Discord
4/23/2025

Debugging token handshake

hello - I need some really basic advice :/ After an upgrade from 2.67 to 2.71 last week we have the strange situation that a python script to get an access token via an assertion is no longer working on the prod env (windows server) but still works on Linux. We are unable to spot any error on the client side and even on "debug" level I just get the final generic error message. The "trace" log level seems to be unknown to zitadel so my question is simply: Is there any chance to "watch" whats happening inside Zitadel during the failed handshake to track down the problem?...
Ty
Ty
View on Discord
4/22/2025

Initate Login URI from SSO provider

Hello, I have a client who is integrating with us using their okta oidc client. For the most part everything is working well, but we want to enable the ability for their okta client to initiate the login process rather than relying on the login button from our login page to their specific okta client. Okta supports this easily enough, but it has a Initate Login URI configuration variable that I don't know what to tell them to put in. For reference, when specified and the client then tries to start the login, they are redirected to the configured URI with an iss search param that refers back to the cleints SSO provider. I assume at that point the app just needs to redirect to that issuer the same way the redirection happens if the user were to click the SSO button on our login page. I've attached a picture of the configration options within Okta....
No description
PreviousNext