ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

gloammer

10/8/2025

Will the typescript repository be updated?

Hi! I’d like to use https://github.com/zitadel/typescript to build a custom Login UI, but I see the repo hasn’t been updated for a while and it’s missing several fixes that exist in https://github.com/zitadel/zitadel/tree/main/apps/login . Is the typescript repo still maintained and planned to receive updates, or should we instead use the app under https://github.com/zitadel/zitadel/tree/main/apps/login as the source of truth?...

jorar

10/8/2025

Zitadel cloud grpc client recommended keepalive parameters

Hi, We are on a zitadel cloud pro plan, we use the zitadel-go pkg to communicate with our zitadel instance, when we create a new client (https://github.com/zitadel/zitadel-go/blob/45e1206d57a1e78fea9afcdca37c6bda1463a10c/pkg/client/client.go#L123) what are the recommended keepalive parameters for the client? (https://pkg.go.dev/google.golang.org/grpc/keepalive) I'm getting responses like "rpc error: code = Unavailable desc = error reading from server: read tcp xx.xx.xx.xx:56690->xx.xx.xx.xx:443: read: connection reset by peer" after sometime if I create the client without any grpc options, so my guess is that we should be passing the keepalive option ( https://pkg.go.dev/google.golang.org/grpc#WithKeepaliveParams) Best,...

ladon.space

10/7/2025

Opinion on how to set up a invite-only access.

Hi there, I have a web app (react) that uses a self-hosted zitael IDP. It's currently configured, that anyone can login or register a new account and join my webapp. However, especially at the beginning I would like to offer a closed beta to a defined user group. At least I want to prevent that anyone can register for my webapp trough the idp. Best case would be to invite my beta-tester group via an invite link. Is this or something similar possible with zitadel? I use the legacy built-in login...

JayPe

10/7/2025

We are migrating from Login V1 to Login V2. We already are in production with Login V1. After hosting the login V2, and configuring our zitadel instance organization to redirect to the new login ui v2. ...

Aldraz

10/6/2025

SystemAPI doesn't work in v4.3.0

Following this tutorial no longer works: https://zitadel.com/docs/guides/integrate/zitadel-apis/access-zitadel-system-api I tried all kinds of things.. but can't manage to use the AddCustomDomain API.. it always gives me this error: ...

Spanky

10/6/2025

Terraform: InvalidArgument desc = Project member is invalid (PROJECT-3m9d)

I've got all of my Terraform set up and working well, but I"m running into an error I can't figure out. I'm creating a zitadel_project_role like so, and it's creating the Project Role just fine: ```...

rud

10/6/2025

Microsoft Entra ID: eager create users in Extranal Authentication action doesn't quite work

This is for Zitadel 4.3.0, self-hosted. We are building an integration with Microsoft Entra ID. The use-case is for customers of our SaaS will have their Microsoft Entra Tenant ID whitelisted in our system. Once a user from an allowed Microsoft Entra ID tenant logs in, we want to automatically provision the user and give them the appropriate roles in Zitadel, then log them in. This is the flow we are trying to implement:...

Dustin B

10/5/2025

I'm trying out the v2 login in my self hosted instance, and I can successfully login, but I can no longer access the console. After logging in, if I try to navigate to the console, it logs me out and sends me back to the v2 login screen. What am I doing wrong here? The v2 login documentation needs a lot of work. Is there a v1 > v2 migration guide somewhere?

Gaia

10/5/2025

Choose Google account on SSO?

I am wondering, when I configure Google IDP: if I start an OIDC flow from UI, if I'm not logged into Google, it shows the view to do so. But if I am already logged in, and I start the OIDC flow, it just used that google session. If I have more than 1 Google account logged in, it still just proceeds with the first session. How can I configure zitadel to send something to Google, to list the Google accounts (even if there's only one session) to let the user choose which one to use to log in?

Blazespectre

10/5/2025

ZITADEL v4.1.4 — Init successful, but no console/login UI visible (Caddy reverse proxy)

I’m trying to get ZITADEL v4.1.4 running self-hosted with Docker Compose and Caddy as reverse proxy (--tlsMode external, TLS termination). Database: PostgreSQL 17. Containers start, logs look fine, DB initializes, and health checks return 200 — but I still can’t reach the UI. Both /ui/console and /ui/v2/login return a JSON 404 (“Not Found”), even when testing locally on port 8080. ...

VantomLP

10/5/2025

"User registration allowed" Checkbox doesn't work

I don't want Users to be able to register themselves - they only should be invited manually by me to prevent registration-spam and unwanted users. As you can see in Screenshot1 I've disabled that checkbox for that reason. Then I tried to register new users on mydomain.de/ui/v2/login/register?requestId=oidc_V2_... => And the registration works regardless of my setting...

VantomLP

10/5/2025

[not_found] membership not found (AUTHZ-cdgFk)

Reproduce:
- User registers with email (without organization), e.g., example@gmail.com - User does not receive verification email (should receive one) - User goes to ui/console and clicks “Resend code” beside the email field - Error “[not_found] membership not found (AUTHZ-cdgFk)” (Screenshot1)...

VantomLP

10/5/2025

Project grant is invalid (PROJECT-ckUpbvboAH)

I can't figure out why I can't save on "Create Organization Grant" (Screenshot1).
Already searched everywhere I could think of including docs, #questions-help-bugs and LLMs. For context: - I'm self-hosted "ZITADEL Admin" (Org Owner and every other Role Screenshot3) while trying this (tried with other users too - nothing works)....

Shardool

10/3/2025

Are there any guides / docs on upgrading from v2 to v4? Do i have to upgrade to v3 first?

I saw the docs mention that look at the release nodes to see whats changed but i was wondering if there were any definitive guides that serve as sort of checklist when upgrading from v2 -> v3 and v3 -> v4 for self-hosted zitadel.

bramgn

10/2/2025

Created a free instance for PoC, clicking on Manage will throw the browser in a loop

Use-case: Moving from self-hosted to managed. Migrated our data using this guide. Environment: Zitadel Cloud Version: v4.2.2 Stack: Just Zitadel Cloud, we want to move from self-hosted to managed What you expected to happen: After we succesfully migrated our data, we expected the web page to manage the instance. It worked on the first day after import, but the next day it loops....

danielarmyr

10/2/2025

Two users missing after server/db instance move

Hello. We use the self-hosted Zitadel for our product. We used to have a simple docker Zitadel instance (v2.68.0) backed by a managed postgres 17.5. The day before yesterday, we migrated to another managed postgres instance (16.9) and used the provided helm chart to start a high-availibility system on kubernetes (All of this at a new hosting provider). ...

euphline

10/1/2025

4.x Upgrade Issue

Hello! Self hosting. I recently upgraded from 3.3.2 to 4.3.0. The migrations worked. Life was good. EXCEPT... I have what I assume is a decryption issue. OIDC fails with the error Message=Errors.Internal Parent=(ID=CRYPT-Jaik2R Message=error decrypting value Parent=(invalid character '\u0097' looking for beginning of value))" oidc_error.description=Errors.Internal oidc_error.type=server_error status_code=500. The UI flakes. I have reverted to 3.4.2 which works fine. But any 4.x series seems to fail. Running in Cloud Run, where it's insanely easy to direct traffic amongst versions. So appreciative for being able to just revert to the older version....

Bram

10/1/2025

New Login UI session cookie doesn't survive browser close

Today I figured out that the sessions cookie set by the New Login UI doesn't have an expiry date or max age and thus is created as a session cookie. For Firefox (with restore session on) this means an endless living cookie, but other browsers (at least Chrome and Safari without restore tabs) are clearing the session cookies at different times. This means that I have to login after closing my browser even if the settings are to stay signed in for 10 days. Is this deliberate or a bug?

11011011

9/29/2025

Bearer token type does not trigger 'preaccesstoken' v2 action not triggered

Hi, I have a project application configured as shown on the picture. Token settings: Bearer token. Actions V2 configured like this: ```...

nlu

9/29/2025

No root login after update (user not active)

Selfhosted Zitadel with docker compose and an external PostgreSQL DB here. I updated from version 3.3.0 to 3.4.0 and then to 3.4.2, When I try to login to zitadel via the console with the root user, using the format "root@zitadel.{ourdomain}" I get an error message before even entering the password, stating

Benutzer ist nicht aktiv (EVENT-Zws3s) (user is not active)...

Previous Next