Managing Passwords Across Multi-Tenant Users in Zitadel
We use a multi-tenancy model in our self-hosted Zitadel environment. Zitadel restricts users to a single organization, preventing direct movement between tenants (Uniqueness of Users). To work around this, users share the same email across tenants, resulting in different user IDs per tenant. We retrieve user details via email using Zitadel APIs.
We seek an API, configuration setting, or event-driven approach to:
Thank you!
Requirement
Our goal is to ensure users can use the same password across tenants while addressing the following challenges:- Forced Password Reset on Initial Login
- Setting an initial password via the backend forces a reset on first login.
- Question: Can this requirement be bypassed?
- When a user updates their password in one tenant, we want it updated in all tenants linked to the same email.
- Question: Is there an API or trigger to sync passwords across tenants?
- If no sync API exists, is there a way to retrieve a user's password using their email?
We seek an API, configuration setting, or event-driven approach to:
- Prevent the forced password reset on first login.
- Synchronize passwords across tenants.
- Manage user passwords efficiently across tenants.
Thank you!
