oliwel•12mo ago

Limit scopes / metadata per project

We have provisioned our users from the HR system and have added some "confidential" information such as the employee id or internal department role as metadata. As we now want to use Zitadel to provide login to some third party applications I am looking for a solution to limit access to the user data by application. Example: I need the employee ID to be exposed when the user logs in to an HR application but I do not want to send this ID when I log in to the daily lunch service provider. Same question applies to the scopes in general as I want to onboard an application where the third party needs to verifiy that I am a member of this organisation but I do not want to expose the details of my identiy at all. I have not found any way to configure this via the UI, so is this possible by any other means or will all applications always see all metadata?

2 Replies

FFO•12mo ago

Do you store these infor in zitadels metadata?

oliwelOP•12mo ago

The "auxiliary" data is stored as Zitadel metadata, the "scopes" question targets to the regular "email" and "profile" scope that exposes the properties of the user base data.

Limit scopes / metadata per project

Did you find this page helpful?