Call for Insights: Shaping Zitadel's Threat Detection Framework
Hello everyone,
We're beginning to build out a robust Threat Detection framework within Zitadel, leveraging the data we have available. To ensure we create a truly valuable and effective solution, we're seeking your insights into your specific needs and expectations in this critical area.
We're particularly interested in understanding:...
Call for Insights: Understanding the Crucial Need for Hierarchies and Groups in IAM
Hi everyone,
We're continuing our exploration into Hierarchies and Groups within identity and access management, and we're particularly interested in understanding why this functionality is becoming increasingly crucial for your organizations. We've observed various potential use cases, and we want to delve deeper into the core motivations and benefits you seek.
Specifically, we'd like to understand why hierarchies and groups are essential for you. For example, is it to:...
Call for Insights: Fine-Grained Authorization Needs
Hello everyone,
We're currently focusing on the growing need for fine-grained authorization among our customers. We've observed an increasing demand for more granular control over access to avoid potential security risks associated with providing users with overly broad permissions.
To better understand your specific use cases and needs in this area, and to explore how Zitadel can best address them, we'd love to hear from you. We are particularly interested in learning about:...
SCIM 2.0 Server
SCIM (System for Cross-domain Identity Management) is a standard that allows the exchange of user identity information between different systems, such as when a new employee is onboarded and needs to be provisioned to various applications. For more detailed information read the section about the User Resource Schema in the RFC7643.
As a long requested feature, the first version of our SCIM 2.0 Server implementation is now ready to test. 🥳 The implementation is compliant with the standard and includes all requests for the user resource and the discovery endpoints.
Read the full description of the API in our SCIM API Docs or our guide about managing users with SCIM 2.0....
API Design and Documentation - Poll
Hi everyone,
We're looking for your feedback on our API design and documentation.
Currently, most of our APIs are available as REST and gRPC APIs, but the documentation is only provided as OpenAPI documentation. This can lead to confusion for our customers because not everything can be documented correctly, and we have some missing or wrong documentation because of some limitations on how REST is generated from the gRPC APIs....
Token Exchange / Impersonation - Beta Feature
The Token Exchange grant implements RFC 8693, OAuth 2.0 Token Exchange and can be used to exchange tokens to a different scope, audience or subject. Changing the subject of an authenticated token is called impersonation or delegation.
A typical use case is when customer support uses the token exchange to temporarily access a user’s account, allowing them to troubleshoot issues without needing the user’s password.
The whole documentation including some examples can be found in our Impersonation and delegation using Token Exchange guide....
Proto and Client Package for Typescript - Beta Feature
We have released two new packages from our typescript repository.
The client package is a TypeScript and JavaScript client library for interacting with all available Zitadel APIs. It allows developers to easily integrate their applications for authentication, authorization, and user management in Node.js and browser environments.
The proto package provides Zitadel’s type definitions to use with the client package and interact with Zitadel’s gRPC APIs in any TypeScript or JavaScript application....
Web Keys - Beta Feature
Web Keys are used to verify and sign JWT tokens in the OIDC standard. Listening to the feedback of the community we have changed the handling of web keys. Previously they were automatically generated by Zitadel once the first token had been created and rotated automatically afterwards. This caused problems for some providers as the key's endpoint did not return any key till that point.
With the new implementation you can manage the keys yourself, which also gives you the ability to rotate them at your convenience.
You can find the full documentation here: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys
...
Caches - Beta Feature
Improving the performance of Zitadel has been a big topic over the last couple of months. Among other things we have implemented caches, which speed up the lookup of frequently used objects.
The implementation is currently done for Instances, Organizations and Milestones and will be further expanded in the future.
Testing Period: till 28. February 2025
Testing Objectives: ...
(NEW!) Typescript Login - Beta Feature
We've developed a new TypeScript-based login system to streamline the authentication process. This solution offers a flexible, customizable, and self-hostable login experience. By providing a ready-to-use login solution, we aim to reduce development time and effort.
Our immediate goal is to enable customers to self-host the login system. In the future, we plan to fully integrate this new login system into our cloud offering.
The new TypeScript login system offers several key improvements:...