ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

mmianl
mmianl
View on Discord
7/21/2025

Can Set Arbitrary CORS Headers Using ORIGIN Header

It seems that setting an Origin Header using an arbitrary value (e.g: https://www.example.com) results in an Access-Control-Allow-Origin: https://www.example.com being set in the response. And it seems that there is no validation (e.g: using some kind of allow-list) of these headers. Is that intentional?...
WisnuPram
WisnuPram
View on Discord
7/21/2025

Login create session only available with username not email

I have created new custom login and use API for authentication. At first, I try the create session API with the username and password. It succeded. However when I use the email and password, it shows user not found. ``` {...
No description
TrxsTer
TrxsTer
View on Discord
7/20/2025

[permission_denied] No matching permissions found (AUTH-5mWD2)

I’ve been encountering this error for a while now and have already gone through related posts on Discord, including the one linked below. Unfortunately, none have provided a workable solution so far: https://discord.com/channels/927474939156643850/1362426751522705590/1364269658848362566 The message above suggests adding Iam_Owner and Iam_LoginClient, but I haven’t been able to locate those options anywhere. I’ve created a service user and assigned the Org Owner role within the default ZITADEL organization, but the issue still persists....
No description
Manuel Desdin
Manuel Desdin
View on Discord
7/20/2025

Help needed: Custom claim not appearing in token/userinfo from Complement Token Action

I'm working on integrating Zitadel with pgAdmin using OAuth2. My goal is to include a custom roles claim in the ID token and userinfo response, so I can leverage OAUTH2_ADDITIONAL_CLAIMS in pgAdmin for access control. I've created a Complement Token script to flatten the grants structure and set a custom roles claim. However, neither this dynamic claim nor even a simple static claim (for testing) appears in the ID token or userinfo output. For example, even this simplified test script doesn't work:...
No description
jazzblue
jazzblue
View on Discord
7/19/2025

Custom logo not showing

Hi everyone, I'm facing a persistent issue with self hosted Zitadel where a custom logo doesn't appear on the login page. It was working with a different logo previously though. My Environment: Hosting: Self hosted...
Mario
Mario
View on Discord
7/19/2025

External User Not Found when trying to auto link SAML Users by Email

Hi, I have set up Okta as an Identity Provider on Zitadel, and I am trying to get the auto linking part of it working. I have a created a user in Zitadel with the same email as my Okta account. Now when I click Sign In with Okta, on the login screen, I get External User Not Found. I've played around with different settings on both Zitadel and Okta side and currently, I think I have all this set up correctly. ...
Avlambertucci
Avlambertucci
View on Discord
7/18/2025

Bulk import

Dear Zitadel team, I'm currently exploring the bulk import functionality with the goal of migrating users from my existing system to Zitadel. I'm leveraging the feature to send an initialization email to users, which is very helpful. However, I've noticed that once a user completes the initialization process, they are directed to the Zitadel user page. My objective is to guide the user seamlessly from the initialization email directly to our application after they've completed the setup, rather than having them land on the Zitadel user page, which could be confusing....
spicypixel
spicypixel
View on Discord
7/18/2025

Sharing an organization from production to preproduction instance?

Is it possible to log into a preproduction instance of zitadel with the login credentials from an organization in the production instance? I'd like to avoid duplicating data for the internal staff organization and have all the other orgs different between the instances (customer data).
anhtuan159
anhtuan159
View on Discord
7/17/2025

Register using phone number

Dear team, I'm looking to implement a feature where users can register using their phone number instead of an email and password. I'd like to ask whether this is technically feasible and what the best way to approach it would be....
Perrotti
Perrotti
View on Discord
7/17/2025

Multiple Identity Providers across different organizations

guys, can we show only the organization's identity providers on the login page based on the URL that's being called? I added custom domains to my instance (so I can acess it through iam.domain.com, client1.iam.domain.com, client2.iam.domain.com and etc), but when I access the login page I can only see the default identity provider that was configured on the default org. For example, I see that we have this on the docs (screenshots attached of everything), and I configured 3 different IDP throughout my orgs, but any custom domain that I use to try to login shows me only the Zitadel's configured IDP. Is it possible to configure it this way?...
No description
Gaia
Gaia
View on Discord
7/17/2025

SAML response is not accepted by Zitadel?

I have configured an EntraID SAML organization in zitadel. I have set up an action on external post authenticate. When I print the following values ``` let logger = require("zitadel/log"); ...
Light
Light
View on Discord
7/17/2025

4.0.0-rc.2 - V2 Login Issues

I am running Zitadel as a Docker container and it runs nicely. However for some reason the Login V2 never works for me, even on a fresh setup. I always run into "status_code: 5, Not found". Version 3.3.1 on the other hand works flawlessly for me, which still uses v1. If I enable v2 for an app in 3.3.1 I run into the same issue as I do no with 4.0.0.-rc.2. Am I missing some crucial configuration somewhere? Here is my minimal zitadel service: ``` zitadel:...
miello
miello
View on Discord
7/17/2025

Role field scope in token introspection

Hi Zitadel team, I have some questions about token introspection endpoint for OIDC. I have a setup in zitadel with two projects, let's named it project A and B, I would like to design the "shared role" for every projects in organization in project A and access it via token introspection from API application in project B because it's possible to have more additional roles in project B Currently, token introspection endpoint for OIDC only return role from current project and ignore role from other projects in audience field. Is it possible for token introspection endpoint to access role from external project that API key does not reside on, especially in audience field ?...
nnych
nnych
View on Discord
7/16/2025

Issue with Cloud Account Creation - Can't create an email support ticket without logging in

Hi Zitadel, I'm brand new to your platform and I'm having immediate issues with the account onboarding. There was an error message during the initial account creation, immediately after the GitLab SSO auth step. Now, I'm unable to login: Error image attached from the following URL: https://zitadel.cloud/ui/login/login?authRequestID=329153918942585249...
No description
Jenkins
Jenkins
View on Discord
7/16/2025

How to query project users belonging to a certain role

Hi, I'm trying to write a Zitadel backend for the Apricot project (An LDAP proxy for OIDC backends), but I'm running into some API limitations that I am hoping you could potentially assist with. I am making a couple (unqualified) assumptions about both Zitadel and LDAP (as I'm inexperienced with both, please let me know if I'm completely off chart here):...
Neymar is dood
Neymar is dood
View on Discord
7/16/2025

Service User - Oauth token fetch Fails with 500 Internal Error

Use-case: A multitenant SaaS solution where a tenant superuser can manage users from their own application through the SaaS platform. The Admin API will be handled via my Service account and it will manage the users on the super user's request Environment: Zitadel Cloud Version: V2 (for the Admin API requests) Stack: Python + React ...

test_zitadel_jwt.py

nullsense
nullsense
View on Discord
7/15/2025

Search Organization Metadata API Not Found

Hello, It seems that Searching Organization Metadata is deprecated with the following API: https://zitadel.com/docs/apis/resources/mgmt/management-service-list-org-metadata ...
Guyzeroth
Guyzeroth
View on Discord
7/15/2025

SSO + Password users?

Hello, our customer wants to have their staff use SSO to login and their customers use password login. We don't want to enable account creation as we need to create accounts via our own portal. The problem is that SSO users are being prompted to set passwords upon logging in (we create them first with emails) so they can link their SSO to the users we created. We want to link them to their emails but not need passwords if that makes sense? Any tips?
Michael_Builder
Michael_Builder
View on Discord
7/15/2025

Protocol error: missing status

Hi, I followed the documentation, but I'm encountering an error when accessing the app. API URL: https://auth.heykernel.com...
No description
pivwan
pivwan
View on Discord
7/14/2025

Zitadel hanging due to freshrss config

I'm using zitadel to secure almost all my self-hosted applications. Everything is hosted in docker containers, zitadel included. i'm encountering a problem with FreshRSS, a feed aggregator app allowing OIDC (https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html): After a while, and I don't have any logs for now, Zitadel hangs then fails with a gateway timeout error. I need to restart the freshrss app so Zitadel can work again. App in zitadel is configured in POST mode with refresh token enabled. The same setup works with others apps....
PreviousNext