Managing Passwords Across Multi-Tenant Users in Zitadel
We use a multi-tenancy model in our self-hosted Zitadel environment. Zitadel restricts users to a single organization, preventing direct movement between tenants (Uniqueness of Users). To work around this, users share the same email across tenants, resulting in different user IDs per tenant. We retrieve user details via email using Zitadel APIs.
- Question: Can this requirement be bypassed?
- Question: Is there an API or trigger to sync passwords across tenants?
- Prevent the forced password reset on first login.
- Synchronize passwords across tenants.
- Manage user passwords efficiently across tenants.
Any guidance on achieving this within Zitadel would be appreciated.
Thank you!
Requirement
Our goal is to ensure users can use the same password across tenants while addressing the following challenges:1. Forced Password Reset on Initial Login
- Setting an initial password via the backend forces a reset on first login.- Question: Can this requirement be bypassed?
2. Password Synchronization Across Tenants
- When a user updates their password in one tenant, we want it updated in all tenants linked to the same email.- Question: Is there an API or trigger to sync passwords across tenants?
3. Retrieving User Password by Email
- If no sync API exists, is there a way to retrieve a user's password using their email?Expected Outcome
We seek an API, configuration setting, or event-driven approach to:- Prevent the forced password reset on first login.
- Synchronize passwords across tenants.
- Manage user passwords efficiently across tenants.
Any guidance on achieving this within Zitadel would be appreciated.
Thank you!
