How to find which organisations use an Idp
Is there a way to see where idp are used ? If we have many organisations on an instance, it's impossible to check them 1 by 1 to know which one is using an idp slot.
Login with phone number feature
We intend to enable phone number login in our application using ZITADEL. Currently, it seems that only Twilio is supported as the SMS provider. We would like to explore options to integrate other, more cost-effective SMS providers instead of Twilio.
So I locked myself out with IDP
I had created an organisation, with an IDP (oidc). Only allowed IDP logins.
Now I renewed the secret on my IDP and I cannot go into my instance to change the secret.
I went into the db to change the login policies, so now I can use username and password again.
But I still get the following error, is it cached somewhere?
...
How do I get Single V1 Session Termination working?
I have enabled OIDC Single V1 Session Termination in the features list, but whenever I log out of an OIDC session it completely logs me out. The request does include the id_token_hint query param and the id_token does include an sid claim.
My use case is using Zitadel as an SSO provider
I do see this note of
Note that currently all sessions from the same user agent (browser) are terminated in the login UI but I am assuming that this is the old way then with this feature enabled it shouldn't work like that....Access the authorize request in the Complement Token flow (Actions V1)
Hello Zitadel crew π
We have a need to pass arbitrary parameters in the
/authorize request and then run some API request inside an action using those parameters, to finally complement the token claims. E.g.:
1- User attempts to login and the frontend passes the arbitrary company_id=42 query parameter in the /authorize request
2- On an action inside Zitadel, we read that arbitrary parameter and use that to make an internal request to our backend API (to e.g.: check if user really has access to company_id=42...Issue signing up to zitadel cloud
Hi guys, the signup form appears to be broken on the website. I can enter an email address, then a name and password but the button spins for a moment then does nothing. My browser console shows a 500 response from the email endpoint. Any ideas? Thanks
Scope Zitadel API by Org
I'm struggling to identify the the best way to interact with the zitadel API scoped by a single org/tenant.
In this scenario, a humans is granted an auth_token after logging in, is validated on the backend, and now the Zitadel API needs to be used to search users that are in the same org as the
The general approach I'm taking is along the lines of:...
Splunk SAML authentication performs a second redirect back to Zitadel before login succeeds
Hello everyone,
Environment
Zitadel version : v3.2.2
Load Balancer: F5...
Automate Technical Advisory 10016
Hi there folks,
I was wondering if Zitadel is looking to automate some of the migration fixes, like in https://zitadel.com/docs/support/advisory/a10016. Seems this is something that should be fixed out of the box, no?...
How to update SAMLv2 certificate at "$ZIT_URL/saml/v2/certificate" when acting as IDP
Hello Zitadel community,
I'm currently developing a proof of concept implementing Zitadel at my organization and have encountered a challenge that I couldn't resolve through the documentation.
Specifically, I need to update the certificate provided by the endpoint "$ZIT_URL/saml/v2/certificate" when Zitadel is acting as an Identity Provider. While I've found documentation on updating external IdP SAML certificates, I haven't been able to locate information about updating Zitadel's own certificate when it serves as the IdP....
pre-authentication action
Hello,
according to the documentation a "just-in-time" migration is possible by setting up a "pre-authentication" action (see https://zitadel.com/docs/guides/migrate/introduction#just-in-time-migration). However it is not possible to set up such an action. There is also no further documentation available about this action.
Can you please elaborate how this "pre-authentication" setup is supposed to work?
...
Only getting 404 from /v2beta/projects/search in v3.2.2?
Following the docs at https://zitadel.com/docs/apis/resources/project_service_v2/project-service-list-projects
The query is simply a POST to
/v2beta/projects/search with a Bearer token.
Grabbed from the docs. What am I missing?...permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
Hi,
My instance can't send notifications on password reset or on email verification. I have this error :
I have grant all on sequences to my zitadel user (he's also the owner of the sequences).
After some research, I saw an error in postgresql logs before the permission denied : ```ERROR: could not obtain lock on row in relation "current_states"...
level=error msg="statement execution failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:673" error="ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=info msg="process events failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:436" error="statement failed: ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=error msg="statement execution failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:673" error="ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=info msg="process events failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:436" error="statement failed: ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
External IDP ZOHO login via Generic OIDC throwing error with parameter prompt=select_account
Use-case:
Weβre integrating Zoho login using Zitadel as the OIDC provider.
Environment:
Self-hosted Zitadel....
Assistance requested with adding custom claim with Actions V2
Use-case: we are fully integrating Zitadel with all our products, replacing the build-in custom IDP of our current platform. I'm writing this post because I am struggling to add a custom claim with Actions V2 when our users are logging in to a specific solution of ours.
Environment: Zitadel Cloud
Version: v3.2.2
Stack: we are using Xano for our back-end and another software solution where our customers can login to.
What you expected to happen: The OIDC part is already working, but I am struggling with Actions V2 to add another custom claim, and I would like to request some guidance here. Please note, I am a low-code/no-code kind of guy, and not a full-fledged developer, so please bear with me π ...
upgrading 2.63.1 to >=2.63.2 with cockroachdb gives me errors
The problem is further explained on this github post, can anyone help?
How to include a service user in IAM owner role?
Hi guys, I am just testing out Zitadel and want to implement a action(v2) to integrate with my webhook for syncing successfully registered users. For now, I have set targets and actions but the webhook is not triggered. As far as I know, if I want to test this from an API client, I need to have IAM owner role. How can I achieve IAM owner token for that or add a service user to IAM Owner role? I think I messed up somewhere in the config because I can't export token for my current IAM user. Please...
How do I get the PAT of the First Machine User
https://github.com/zitadel/zitadel-charts/tree/main/examples/4-machine-user
I followed the guide above and I can see that the PAT was created in the console but how can I get it. It says it creates a Kubernetes secret, but I don't see it....
Get User Org Golang
How is it possible to get a requesting users' Organization metadata in Golang? Essentially, I have the bearer token after introspection and I would like to fetch the metadata on the organization. If the user is a manager on the Org this will work, but how can i set this up for say externally authenticated users, without manual intervention or having to call webhooks and assigning permission.
Currently, we are using the actions to add this to claims, but due to the way actions 2 is working, I am wondering if it's worth doing it like that or just fetch it in the backend.
Thanks!...
Self hosted vs cloud pricing and limitations
Hello ,
We are currently evaluating Zitadel for use within our company and plan to deploy the open-source version, self-hosted in our own infrastructure. Our main use cases are authentication via local accounts and allowing our users to connect using their own external Identity Providers (IDPs).
We are trying to understand if there are any limits in the self-hosted open-source software that would require purchasing a license to surpass them. Specifically:...