fabienne
ZZITADEL
•Created by fabienne on 5/23/2025 in #product-feedback-requests
Call for Insights: Shaping Zitadel's Threat Detection Framework
Hello everyone,
We're beginning to build out a robust Threat Detection framework within Zitadel, leveraging the data we have available. To ensure we create a truly valuable and effective solution, we're seeking your insights into your specific needs and expectations in this critical area.
We're particularly interested in understanding:
- Different use cases you envision for threat detection within your identity and access management system.
- How you would ideally like to identify potential threat vectors. What indicators or data points are most relevant to your security concerns?
- What actions should be triggered within Zitadel when suspicious activity is detected? (e.g., alerts, temporary account lockout, requiring multi-factor authentication, etc.)
- Can you share any past security problems or incidents you've experienced that you wish you could have identified and analyzed earlier? Understanding these scenarios will be invaluable in shaping our proactive detection capabilities.
- Are there any specific analysis or reporting features you would find beneficial for investigating potential threats?
If you have experiences or insights related to Threat Detection that you'd be willing to share, please book a call with me using the following link, or share your insights below in this thread: https://calendar.app.google/5aF3BSXLDZY1udoE7
When booking, please specify that you'd like to discuss Thread Detection. Your input will directly contribute to the development of a powerful and tailored security framework within Zitadel.
Thank you!
1 replies
ZZITADEL
•Created by fabienne on 5/14/2025 in #product-feedback-requests
Call for Insights: Understanding the Crucial Need for Hierarchies and Groups in IAM
Hi everyone,
We're continuing our exploration into Hierarchies and Groups within identity and access management, and we're particularly interested in understanding why this functionality is becoming increasingly crucial for your organizations. We've observed various potential use cases, and we want to delve deeper into the core motivations and benefits you seek.
Specifically, we'd like to understand why hierarchies and groups are essential for you. For example, is it to:
- Streamline permission and role management at a group level?
- Configure branding or authentication options based on organizational units or teams?
- Provide essential group information to your business applications for operational purposes?
- Address other critical needs we haven't yet considered?
- What are the different ways you envision using hierarchies or groups within your organization? (e.g., organizational structure, project teams, access levels, geographical regions, etc.)
- What problems are you currently trying to solve or what benefits are you hoping to achieve by implementing hierarchical structures or advanced group management?
I am eager to learn about the specific problems you are trying to solve or the significant advantages you anticipate gaining through the effective use of hierarchies and groups. Understanding these crucial drivers will help us ensure Zitadel provides the most impactful solutions.
If you can share your insights on why Hierarchies and Groups are critical for your IAM strategy, please book a call with me using the following link, or share your insights below in this thread: https://calendar.app.google/5aF3BSXLDZY1udoE7
When booking, please specify that you'd like to discuss Hierarchies/Groups. Looking forward to get your insights!
Thank you!
1 replies
ZZITADEL
•Created by fabienne on 5/5/2025 in #product-feedback-requests
Call for Insights: Fine-Grained Authorization Needs
Hello everyone,
We're currently focusing on the growing need for fine-grained authorization among our customers. We've observed an increasing demand for more granular control over access to avoid potential security risks associated with providing users with overly broad permissions.
To better understand your specific use cases and needs in this area, and to explore how Zitadel can best address them, we'd love to hear from you. We are particularly interested in learning about:
- Specific scenarios where fine-grained authorization is critical for your organization.
- The challenges you currently face with managing access control.
- Your ideal requirements and expectations for a fine-grained authorization solution.
- Any existing tools or methods you are currently using or evaluating.
- Any regulations or compliance requirements that influence your authorization needs.
If you're interested in discussing your experiences and providing valuable feedback on fine-grained authorization, please book a call with me using the following link, or share your insights below in this thread: https://calendar.app.google/5aF3BSXLDZY1udoE7
When booking, please specify that you'd like to discuss Fine-Grained Authorization. Your input is greatly appreciated and will be instrumental in shaping how Zitadel can empower you with more precise and secure access control.
Thank you!
10 replies
ZZITADEL
•Created by fabienne on 2/3/2025 in #product-feedback-requests
SCIM 2.0 Server
SCIM (System for Cross-domain Identity Management) is a standard that allows the exchange of user identity information between different systems, such as when a new employee is onboarded and needs to be provisioned to various applications. For more detailed information read the section about the User Resource Schema in the RFC7643.
As a long requested feature, the first version of our SCIM 2.0 Server implementation is now ready to test. 🥳 The implementation is compliant with the standard and includes all requests for the user resource and the discovery endpoints.
Read the full description of the API in our SCIM API Docs or our guide about managing users with SCIM 2.0.
Testing Period: till 31. March 2025
Testing Objectives:
- Did you encounter problems or bugs?
- Which SCIM 2.0 clients did you test? Did you have any problems with it?
- Have you identified any areas of non-compliance with the standard?
- Any input or feedback on how we implemented the feature?
How to test:
You can either send your API requests with curl or a rest Client, or use your existing system which has implemented a SCIM 2.0 client, to manage the users.
Some example curl requests can be found in our API docs.
Zitadel Version: >=v2.69.0
Known Bugs / Limitations:
You can find all limitations listed in our SCIM 2.0 Guide.
Note: Be aware that this feature is currently in a preview state and will be put behind a commercial license once it is fully available.
Test the SCIM 2.0 server and add improvement or bug reports to the github repository or let us know your general feedback below!
6 replies
ZZITADEL
•Created by fabienne on 1/30/2025 in #product-feedback-requests
API Design and Documentation - Poll
Hi everyone,
We're looking for your feedback on our API design and documentation.
Currently, most of our APIs are available as REST and gRPC APIs, but the documentation is only provided as OpenAPI documentation. This can lead to confusion for our customers because not everything can be documented correctly, and we have some missing or wrong documentation because of some limitations on how REST is generated from the gRPC APIs.
We're considering switching fully to gRPC with connect RPC from API version 2 and removing the OpenAPI implementation. For the API/Client we would use buf registry (we already rely on buf to generate the stubs). Some APIs like OIDC, SAML and SCIM are excluded from this. ConnectRpc allows you to still query the apis with a simple curl command and we can easily show examples in our guides. This would allow us to provide more accurate and complete documentation.
Having reached a good level of maturity since joining CNCF in June 2024, connect RPC is now a robust solution, making this the ideal time to adopt it.
Connect RPC curl example:
curl \
--header 'Content-Type: application/json' \
--data '{"sentence": "I feel happy."}' \
https://demo.connectrpc.com/connectrpc.eliza.v1.ElizaService/Say
We'd like to know your thoughts on this. Please take a moment to answer the poll below, and describe the reason for your answer in the chat below.
Thanks for your feedback!35 replies
ZZITADEL
•Created by fabienne on 1/27/2025 in #product-feedback-requests
Token Exchange / Impersonation - Beta Feature
The Token Exchange grant implements RFC 8693, OAuth 2.0 Token Exchange and can be used to exchange tokens to a different scope, audience or subject. Changing the subject of an authenticated token is called impersonation or delegation.
A typical use case is when customer support uses the token exchange to temporarily access a user’s account, allowing them to troubleshoot issues without needing the user’s password.
The whole documentation including some examples can be found in our Impersonation and delegation using Token Exchange guide.
Testing Period: till 31. March 2025
Testing Objectives:
- Did you encounter problems or bugs?
- Is the current permission model suitable? Do you need more?
- General feedback on feature enhancements
How to test:
- Enable the feature flag: https://zitadel.com/docs/guides/integrate/token-exchange#feature-api
- Follow the simple Token Exchange example: https://zitadel.com/docs/guides/integrate/token-exchange#simple-token-exchange-examples
- Or follow the impersonation example: https://zitadel.com/docs/guides/integrate/token-exchange#impersonation-examples
Known Bugs / Limitations:
At the moment token exchange is only implemented for your own applications, but not for getting access to a Zitadel Manager account.
Token exchange works for Zitadel created Tokens currently, in the future the possibility for external services will be added as well. Track the state in the corresponding issue.
Test the token exchange and add improvement or bug reports directly to the github repository or let us know your general feedback below!
8 replies
ZZITADEL
•Created by fabienne on 1/24/2025 in #product-feedback-requests
Proto and Client Package for Typescript - Beta Feature
We have released two new packages from our typescript repository.
The client package is a TypeScript and JavaScript client library for interacting with all available Zitadel APIs. It allows developers to easily integrate their applications for authentication, authorization, and user management in Node.js and browser environments.
The proto package provides Zitadel’s type definitions to use with the client package and interact with Zitadel’s gRPC APIs in any TypeScript or JavaScript application.
Testing Period: till 31. March 2025
Testing Objectives:
- Did you encounter problems or bugs?
- General feedback on feature enhancements
- Do you miss any features in the package?
How to test:
You can find the installation and usage instructions in the following links:
- Zitadel Client
- Zitadel Proto
Test the packages and add improvement or bug reports directly to the github repository or let us know your general feedback below!
70 replies
ZZITADEL
•Created by fabienne on 1/24/2025 in #product-feedback-requests
Web Keys - Beta Feature
Web Keys are used to verify and sign JWT tokens in the OIDC standard. Listening to the feedback of the community we have changed the handling of web keys. Previously they were automatically generated by Zitadel once the first token had been created and rotated automatically afterwards. This caused problems for some providers as the key's endpoint did not return any key till that point.
With the new implementation you can manage the keys yourself, which also gives you the ability to rotate them at your convenience.
You can find the full documentation here: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys
Testing Period: till 31. March 2025
Testing Objectives:
- Did you have any problems with the configuration?
- Did you encounter problems or bugs?
- Any objections to not fully migrate to the new implementation, and keep the old handling of web keys?
How to test:
- Enable the feature flag for webKey https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
- The first two keys is created automatically by Zitadel
- After that you can manage the keys yourself: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys#web-key-management
Known Bugs / Limitations:
- Only implemented for Instances, Organizations and Milestones at the moment.
- Zitadel as generic OIDC idp doesn’t work at the moment, as it can’t handle the new implementation
Test the web keys and add improvement or bug reports directly to the github repository or let us know your general feedback below!
3 replies
ZZITADEL
•Created by fabienne on 1/24/2025 in #product-feedback-requests
Caches - Beta Feature
Improving the performance of Zitadel has been a big topic over the last couple of months. Among other things we have implemented caches, which speed up the lookup of frequently used objects.
The implementation is currently done for Instances, Organizations and Milestones and will be further expanded in the future.
Testing Period: till 28. February 2025
Testing Objectives:
- Did you have any problems with the configuration?
- Did you encounter problems or bugs?
- Does it help with the performance of your system?
- Where should we add more caches?
- Do you want to see some other connectors?
How to test: You can find the configurations and how to test the caches in our documentation: https://zitadel.com/docs/self-hosting/manage/cache
Known Bugs / Limitations:
- Only implemented for Instances, Organizations and Milestones at the moment.
- Redis Cacha: circuit breaker immediately opens https://github.com/zitadel/zitadel/issues/9150
- JWK Verify has limited algorithm support https://github.com/zitadel/zitadel/issues/9068
Pre-Requirements: This can only be tested on self-hosting environments
Test the caches and add improvement or bug reports directly to the github repository or let us know your general feedback below!
3 replies
ZZITADEL
•Created by fabienne on 1/17/2025 in #product-feedback-requests
(NEW!) Typescript Login - Beta Feature
We've developed a new TypeScript-based login system to streamline the authentication process. This solution offers a flexible, customizable, and self-hostable login experience. By providing a ready-to-use login solution, we aim to reduce development time and effort.
Our immediate goal is to enable customers to self-host the login system. In the future, we plan to fully integrate this new login system into our cloud offering.
The new TypeScript login system offers several key improvements:
- Leverages Modern Technology: By utilizing our newly developed session APIs, we've significantly enhanced the security and performance of the authentication process.
- Enhanced Features: The system introduces new features such as user invitation flows and passkey-only authentication, providing greater flexibility and convenience for our users.
- Improved Developer Experience: The use of TypeScript, a widely adopted language in frontend development, makes the codebase more accessible and easier to contribute to. This encourages community involvement and fosters rapid development.
You can find everything you need on our docs page
https://zitadel.com/docs/guides/integrate/login/hosted-login#hosted-login-version-2-beta
Testing Period: till 31. March 2025
Testing Objectives:
- Did you encounter problems or bugs?
- How to enhance Customizations?
- Do you encounter any problems in regards to performance?
How to test: https://zitadel.com/docs/guides/integrate/login/hosted-login#beta-testing
Known Bugs / Limitations: https://zitadel.com/docs/guides/integrate/login/hosted-login#limitations
If you have any suggestions for improvement or bug reports please open an issue in the typescript repository, any other feedback we'd love to hear in this thread. 😃
57 replies
ZZITADEL
•Created by fabienne on 9/26/2022 in #questions-help-bugs
Chinese
Hei @GeorgeKing, I changed some of the texts in the login flow, to avoid technical words and make it more clear to the customers. I translated the Chinese Texts with deepl and am not sure if they are correct. Would you mind checking them? https://github.com/zitadel/zitadel/pull/4425/files
3 replies