RHey @Rail Sakhaviev! Thanks for reaching out :gigipixel:
The following docs should have the endpoints you're looking for:
The following docs should have the endpoints you're looking for:
2Hello @Raccine , just to explain more on the use case for a self hosted Zitadel instance,
We have a default organization created adn the users are added to that org. Now we create multiple other orgs and authorize these users to be part of these organizations.
The requirment for us is to get the list of all the organization the user is authorized to be part of by either passing the useId or user email. Is that possible?
To be specific in explaining the use case, we would want to get the organization details in order to check if the MFA is enabled or not and for that case we want to pass the user id and get all the orgs to which this user belongs to and based on these orgs decide if the MFA is required or not.
Currently we do not find a way to get org details by passing the User id.
please let me know if this is possible
to be more specific the API's the you have shared are only to get the details for the Org Members Roles (Managers) , but in our case these user are just authorized to the org.
Also for our use case since we will call the API before the user logs in so we only have the user email address with us for now (which we can use to get the user id) so essentially the only detail we have is user id/user email....
We have a default organization created adn the users are added to that org. Now we create multiple other orgs and authorize these users to be part of these organizations.
The requirment for us is to get the list of all the organization the user is authorized to be part of by either passing the useId or user email. Is that possible?
To be specific in explaining the use case, we would want to get the organization details in order to check if the MFA is enabled or not and for that case we want to pass the user id and get all the orgs to which this user belongs to and based on these orgs decide if the MFA is required or not.
Currently we do not find a way to get org details by passing the User id.
please let me know if this is possible
to be more specific the API's the you have shared are only to get the details for the Org Members Roles (Managers) , but in our case these user are just authorized to the org.
Also for our use case since we will call the API before the user logs in so we only have the user email address with us for now (which we can use to get the user id) so essentially the only detail we have is user id/user email....
RHey there @2isprime :gigipixel: Our B2B example might actually be a good fit in terms of your use case. Can you take a look through our B2B doc and let me know if it's insightful based on your scenario?
https://zitadel.com/docs/guides/solution-scenarios/b2b
https://zitadel.com/docs/guides/solution-scenarios/b2b
2Hi @Raccine , thanks for sharing
However, i don't think , this helps to solve our use case.
Since we are looking for a way to identify the user organization to which this user is authorized to by just passing in the userId or user email as this is what we want to do before letting the user login in order to fetch the MFA settings and redirect user to MFA screen if it is enabled.
We need to get these details first because one user can be part of different organizations and we would want to know that he belongs to which all orgs
However, i don't think , this helps to solve our use case.
Since we are looking for a way to identify the user organization to which this user is authorized to by just passing in the userId or user email as this is what we want to do before letting the user login in order to fetch the MFA settings and redirect user to MFA screen if it is enabled.
We need to get these details first because one user can be part of different organizations and we would want to know that he belongs to which all orgs
FHei @2isprime we do have one api endpoint in the auth api, so this can be requested by the authenticated user, to get a list of organizations where the user has permission. this is in the context of the project that does make the request. https://zitadel.com/docs/apis/resources/auth/auth-service-list-my-project-orgs
Returns a list of the organizations where the authenticated user has any authorizations/user grants. The request is made in the context of the requested project. This request can be used in multi-tenancy applications to show the user a tenant switcher.
Fif you do need it across all projects, we do not have a specific call for that, you could use the list authorizations/grants, where you get the org id, but you will have to get the orgnames then specifically: https://zitadel.com/docs/apis/resources/auth/auth-service-list-my-user-grants
Returns a list of the authorizations/user grants the authenticated user has. User grants consist of an organization, a project and 1-n roles.
2Thanks @fabienne
Although would want to understand how we can solve the problem to know if the user who is going to login would need to do MFA
Since our user is part of the default org and is authorized to be the part of multiple orgs , in a scenario where the user is going to login to org A where MFA is enabled , how would we be able to get that forceMFA flag value if we do not have the users bearer token as the user has not yet logged in
Although would want to understand how we can solve the problem to know if the user who is going to login would need to do MFA
Since our user is part of the default org and is authorized to be the part of multiple orgs , in a scenario where the user is going to login to org A where MFA is enabled , how would we be able to get that forceMFA flag value if we do not have the users bearer token as the user has not yet logged in
FZITADEL is designed on an org base. This means the user always belongs to one orgnaization, but can have roles/permissions to multiple other organizations. That said, the authentication mechanism always comes from the owner org. So if you send the resourceowner scope, you will get the resourceowner/organization in the token back. with that you can read the login policy of that organization