Zitadel uninvited user can login to app?
Hi so vaguely speaking if I have an app in a project where a user is not granted via Authorization should the user be able to login to that app or is there some scoping that typically needs to be done to limit this?
3 Replies
Per default a user that exists in Zitadel can login, as we differ between authentication and athorization.
Login is only about who is the user.
There is an option on the project settings where you can set, if the user should only be allowed to login when an authorization for that project exists:
be aware, that this is checked in the login ui, and not in the backend of zitadel