FHei @Alexei the domain on the organisations are only used for the loginnames not as url of your instance
Fif you are using zitadel cloud you can add domains to host zitadel in the customer portal zitadel.cloud
FThe idea is that you can define an instance wide default and still have the ability for your customers to manage their own idps in their org.
FYes.
Generally speaking zitadel handles domain in two places.
1) On an instance level (through the system api) you can append as many domains to an instance as needed
2) On an organization level you can allow your customers to "claim" their domain to kind of prevent that any other organization can create usernames with their domain name
Generally speaking zitadel handles domain in two places.
1) On an instance level (through the system api) you can append as many domains to an instance as needed
2) On an organization level you can allow your customers to "claim" their domain to kind of prevent that any other organization can create usernames with their domain name
FYes the callback is typicaly the instace domain
MHi there, this answer confuses me: if that's so, how does Zitadel know for which org a user tries to – at least – register to, or wants to login to edit their account? I couldn't find anything on the topic and also ran into the "missing instance" error, when i've tried to do the definition using a custom domain set as primary (
Edit: do i understand right that default org and available domains must be added by calling the api directly?
org2.my.domain vs auth.my.domain – same issues with a more default users.auth.my.domain)Edit: do i understand right that default org and available domains must be added by calling the api directly?
EYou can add scopes to your auth requests to map them to organizations https://zitadel.com/docs/apis/openidoauth/scopes#reserved-scopes.
The domains on which you can serve auth requests are configured at instance level and only accessible via System API (which is not directly available on the SaaS service zitadel.cloud. You have to use the ZITADEL Customer Portal application for this instead, where you can purchase a custom domain with a TLS cert).
The domains on which you can serve auth requests are configured at instance level and only accessible via System API (which is not directly available on the SaaS service zitadel.cloud. You have to use the ZITADEL Customer Portal application for this instead, where you can purchase a custom domain with a TLS cert).
ZITADEL supports the usage of scopes as way of requesting information from the IAM and also instruct ZITADEL to do certain operations.
MYou can also checkout the playground here: https://zitadel.com/docs/apis/openidoauth/authrequest
Just enter the required parameters, enter the organization ID and select the last scope in the list. Click on "Try it out" to test it out on your instance.
Just enter the required parameters, enter the organization ID and select the last scope in the list. Click on "Try it out" to test it out on your instance.
The OIDC Playground is for testing OpenID Authentication Requests, giving you more insight how OpenID Connect works and how you can customize ZITADEL behavior with different parameters.