Proxy external IDP identities
Is there any mechanism to have no local database/user management and instead specify external IDP identities and some regex magic on how to rewrite/reissue them as local zitadel provider identities so user@example.com might be rewritten as user@example.org but keep the SAML/OIDC content the same otherwise as provided by the external IDP?
Also, is there any mechanism for limiting the trusted identities issued by an external IDP? So I can have Apple and Google issue identities, but only for specific domains so google can't issue identities managed by apple, and apple can't issue identities managed by google as a general means of preventing external idp identity spoofing when federated?
Also, is there any mechanism for limiting the trusted identities issued by an external IDP? So I can have Apple and Google issue identities, but only for specific domains so google can't issue identities managed by apple, and apple can't issue identities managed by google as a general means of preventing external idp identity spoofing when federated?
