Invite User first login without password
Hello, i wanted to ask if its possible to invite users and in the invite email send a link where the user can verify his email adress and set a password. For now i have to set a temporary password and the user has to log in with that password to then change the password. i wanna get rid of the temporary password and he should directly set a password over the link.
ai bot gave me this link: https://github.com/zitadel/zitadel/issues/8310
is this working? and how can i use because on c# rest api i could not do it
47 Replies
Hi @boblack_zocker, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
Yes, this functionality is available in ZITADEL. You can invite users without requiring a temporary password by using the invite code workflow (1) (2) .
When creating a new user, you have the option to "Send an invitation E-Mail for authentication setup and E-Mail verification" (1) . This allows the user to receive an email and set up their authentication method (password, passkey, or external SSO) without needing a temporary password .
The invite code functionality uses the V2 User API endpoint:
(2)
The verification process requires a
verificationCode parameter that gets generated during the invite code request . This will set the user's email to a verified state and allow them to set up their first authentication method .
For C# REST API implementation, you would make a POST request to the verify invite code endpoint with the user ID and verification code. The GitHub issue you referenced confirms this feature was implemented and is working (3) .
If you want to use the hosted login, when using ZITADEL Login V2, the user has the option to choose their authentication method (password, passkey, identity provider) based on the organization's configuration (1) .
ā
To learn more, see the sources I considered:
[1] Onboard Users
[2] Verify an invite code for a user
[3] Invite User Link
ā
Feel free to tag @Ask Inkeep with additional questions.@Ask Inkeep can i use this endpoint
https://$CUSTOM-DOMAIN/v2/users/new without setting a password for the new user so when he verifies his email he has to set a password
Thanks for the follow-up, @boblack_zocker. I'll get back to you soon.
Answer
I wasn't able to find a direct answer about the
/v2/users/new endpoint in the available sources, but here are some relevant sources that might help:
1. Create an invite code for a user : This explains how to create invite codes for users to initialize their first authentication method.
2. Custom registration flow : This discusses implementing custom registration flows using invite codes where users can set their password after verification.
Would you like me to provide a general answer based on my knowledge of ZITADEL instead? Alternatively, you might want to click the "Ask for help" button to tag a team member for more specific guidance about the /v2/users/new endpoint.
Feel free to tag @Ask Inkeep with additional questions.hey @boblack_zocker yes you can do that
https://zitadel.com/docs/guides/manage/user/reg-create-user#with-passwordless
you, and incase if that endpoint fails, you can still use the deprecated create user endpoint that still works atm š pls let me know if this helps. Thanks
hey @Rajat. Are you talking about this one here? https://zitadel.com/docs/apis/resources/mgmt/management-service-add-passwordless-registration
no I meant this https://zitadel.com/docs/apis/resources/user_service_v2/user-service-add-human-user, you can skip the password field and it will do verification and password setting on first login I believe
ah this is the deprecated version right?
we switched to the new one for adding new users
ZITADEL Docs
Create a new human or machine user in the specified organization.
this is the new one right
I never asked you but I am assuming you are self hosted correct?
yes
i call the zitadel api over my c# api. where in the call can find this attribute and add it?
and do i call this on this api call ?
https://$CUSTOM-DOMAIN/v2/users/new
hey @boblack_zocker I didnt understood the error you got while running it in c#
there is no error i just try to understand how i can do this one š
if i click on the link "Add Passwordless Registration" i get redirected to this one here:
and from here i have no idea where to find how i can add passwordless registration to the user
maybe the link is not redirecting correctly i dont know
you know what i mean @Rajat ?
hey @boblack_zocker I think it could be a bug, which link is it
ZITADEL Docs
The ZITADEL API has different possibilities to create users.
this is the url where u get redirected -> https://zitadel.com/docs/apis/resources/mgmt
ZITADEL Docs
The management API is as the name states the interface where systems can mutate IAM objects like, organizations, projects, clients, users and so on if they have the necessary access rights. To identify the current organization you can send a header x-zitadel-orgid or if no header is set, the organization of the authenticated user is set.
but i think at the end this is not what i was searching for. i'll explain my case in detail.
this is the case right now:
i create a new user with this endpoint -> https://zitadel.com/docs/apis/resources/user_service_v2/user-service-create-user
in this endpoint i set a temporary password that is required to change.
ZITADEL Docs
Create a new human or machine user in the specified organization.
This is the case i want:
I want to create a user with this or another endpoint -> https://zitadel.com/docs/apis/resources/user_service_v2/user-service-create-user
i dont want to set a password but instead the user should get a link via email where he can make his own password directly. first registration should be with a link
ZITADEL Docs
Create a new human or machine user in the specified organization.
hey @boblack_zocker you can do this
and when you send a request, you will also get an email and set password
i am not sure if you are self hosted or cloud btw, but it should work regardless
do i have to set a password in the api call?
because this is the exact call i use right now. and i have to set a password else it wont work
and also if i make changerequired true the link only verifies the email but cant change the password directly
additionally i want the link to change the password sent to my api as a respond and not directly to the email of the user because we customize those emails
no, as you can see I am not passing the password
you set the password via clicking the link in your email, can you pls share your request?.
i use the grpc in c#
if i do this call without password i run into a exception
wdym sent to my api? It will send the link to the email mentioned on the call
yes i know. but my question is if there is a way not to send the email from zitadel to the user but instead i get the link in the api and there on i can send the email by my self
like a recovery link to reset the password as workaround or something like that
because with the current zitadel api call i assume this wont work
no you cannot do that
you do not get a registration link in the response of an api
yes i know. thats why i ask for another way š
I see your point but no, there's no workaround I cna think of that will let you do that š
i thought maybe there is like a password reset link i could get from the zitadel api to do that
something similair like this: https://zitadel.com/docs/apis/resources/mgmt/management-service-add-passwordless-registration
like where u get a link from the api and the user can change his password over the link. i've seen this alot on other plattform so i thought maybe it possible here too with zitadel
I am trying this, apologies that I never checked it out as it was never needed
no worries. just need some clearance on possibilities and what i could do instead š
oh wow, I am hitting a not found š® , will check witrh the team
alright thanks š
try this š
it actually worked
i tried this but with this link you cannot set a new password
only paswordless logins
and i need a set password here for the user
I dont think its possible to do what you are trying to achive, you can either do
passwordless/_link or create a password via link sent on email, but like above to what you said, generating a new password over a link from an api