Restrict user from accessing Zitadel user page
Hi Zitadel, team I am exploring Zitadel self-hosted, actually our authentication is in production right now, everything is working as planned, one think I noticed recently is user can reset password through the login page, he receives an email (we setup STMP) then when re is on the
set password page whenever he go next is fine the authentication proceeds to our app, but some users are clicking on the arrow and going back to the login popup without passing through our app, so they end up login to Zitadel, and we'd like to avoid that.
I followed this doc
https://zitadel.com/docs/guides/solution-scenarios/restrict-console
I think the uri_redirect would solve the problem, but it only works if I set on a default level, I tried to change on a Org level that would solve the problem, but each instance have several orgs with different URIs so the default uri_redirect won't work. Is there anything you suggest me?
Much thanksZITADEL Docs
ZITADEL includes a console that allows Managers to configure all resources. All uses, including end-users, by default, view and manage their profile information.
1 Reply
Hi @Avlambertucci, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. ZITADEL Default Settings (1) : This covers the Default Redirect URI configuration at both instance and organization levels, including how it functions as a fallback when there's no authorization request.
2. In which situations is the "Default Redirect URI" used? (2) : This GitHub discussion specifically addresses the behavior you're experiencing—when users click password-related email links, they may end up in the console rather than your app, and explores the limitations of configuring different redirect URIs per organization.
To learn more, see the sources I considered:
[1] ZITADEL Default Settings
[2] In which situations is the "Default Redirect URI" used?
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.