8
link: {type: "doc", id: "guides/start/quickstart"},10
"guides/start/quickstart",
15
"examples/login/angular",
16
"examples/login/flutter",
18
"examples/login/java-spring",
19
"examples/login/nextjs",
20
"examples/login/python-django",
21
"examples/login/react",
22
"examples/login/symfony",
27
href: "https://github.com/smartive/zitadel-net",
36
"examples/secure-api/go",
37
"examples/secure-api/java-spring",
38
"examples/secure-api/python-django",
39
"examples/secure-api/python-flask",
40
"examples/secure-api/nodejs-nestjs",
41
"examples/secure-api/pylon",
45
href: "https://github.com/smartive/zitadel-net",
54
label: "Examples & SDKs",
55
link: {type: "doc", id: "sdk-examples/introduction"},58
type: "autogenerated",
59
dirName: "sdk-examples"
64
href: "https://github.com/smartive/zitadel-dart",
69
href: "https://github.com/maennchen/zitadel_api",
74
href: "https://next-auth.js.org/providers/zitadel",
79
href: "https://www.npmjs.com/package/@zitadel/node",
84
href: "https://github.com/smartive/zitadel-net",
89
href: "https://github.com/buehler/node-passport-zitadel",
94
href: "https://github.com/smartive/zitadel-rust",
99
href: "https://github.com/getcronit/pylon",
112
type: "generated-index",
114
slug: "guides/manage/cloud/overview",
116
"Our customer portal is used to manage all your ZITADEL instances. You can also manage your subscriptions, billing, newsletters and support requests.",
119
"guides/manage/cloud/start",
120
"guides/manage/cloud/instances",
121
"guides/manage/cloud/billing",
122
"guides/manage/cloud/users",
123
"guides/manage/cloud/support",
131
id: "guides/manage/console/overview",
134
"guides/manage/console/overview",
135
"guides/manage/console/default-settings",
136
"guides/manage/console/organizations",
137
"guides/manage/console/projects",
138
"guides/manage/console/roles",
139
"guides/manage/console/applications",
140
"guides/manage/console/users",
141
"guides/manage/console/managers",
142
"guides/manage/console/actions",
150
type: "autogenerated",
151
dirName: "guides/manage/customize",
159
"guides/manage/user/reg-create-user",
160
"guides/manage/customize/user-metadata",
161
"guides/manage/customize/user-schema",
164
"guides/manage/terraform-provider",
172
"guides/migrate/introduction",
173
"guides/migrate/users",
179
"guides/migrate/sources/zitadel",
180
"guides/migrate/sources/auth0",
181
"guides/migrate/sources/keycloak",
190
type: "generated-index",
192
slug: "guides/integrate",
194
"Integrate your users and application with ZITADEL. In this section you will find resource on how to authenticate your users, configure external identity providers, access the ZITADEL APIs to manage resources, and integrate with third party services and tools.",
199
label: "Login Users",
201
type: "generated-index",
202
title: "Login users with ZITADEL",
203
slug: "guides/integrate/login",
205
"Sign-in users and application with ZITADEL. In this section you will find resources on how to authenticate your users by using the hosted login via OpenID Connect and SAML. Follow our dedicated guides to build your custom login user interface, if you want to customize the login behavior further.",
208
"guides/integrate/login/login-users",
211
label: "OpenID Connect",
214
type: "generated-index",
215
title: "Authenticate users with OpenID Connect (OIDC)",
216
slug: "guides/integrate/login/oidc",
218
"This guide explains how to utilize ZITADEL for user authentication within your applications using OpenID Connect (OIDC). Here, we offer comprehensive guidance on seamlessly integrating ZITADEL's authentication features, ensuring both security and user experience excellence. Throughout this documentation, we'll cover the setup process for ZITADEL authentication, including the recommended OIDC flows tailored to different application types. Additionally, we'll provide clear instructions on securely signing out or logging out users from your application, ensuring data security and user privacy. With our guidance, you'll be equipped to leverage ZITADEL's authentication capabilities effectively, enhancing your application's security posture while delivering a seamless login experience for your users.",
221
"guides/integrate/login/oidc/login-users",
222
"guides/integrate/login/oidc/oauth-recommended-flows",
223
"guides/integrate/login/oidc/device-authorization",
224
"guides/integrate/login/oidc/logout",
225
"guides/integrate/login/oidc/webkeys",
229
"guides/integrate/login/saml",
234
label: "Onboard Customers and Users",
236
type: "generated-index",
237
title: "Onboard Customers and Users",
238
slug: "/guides/integrate/onboarding",
240
"When building your own application, one of the first questions you have to face, is 'How do my customers onboard to my application?'\n" +
241
"These guides will explain the built-in solution for onboarding new tenants, customers, and users and how you can handle more advanced onboarding use cases. ",
245
"guides/integrate/onboarding/b2b",
246
"guides/integrate/onboarding/end-users",
251
label: "Token Introspection",
255
type: "autogenerated",
256
dirName: "guides/integrate/token-introspection",
260
"guides/integrate/token-exchange",
263
label: "Service Users",
266
id: "guides/integrate/service-users/authenticate-service-users",
271
type: "autogenerated",
272
dirName: "guides/integrate/service-users",
278
label: "Role Management",
280
items: ["guides/integrate/retrieve-user-roles"],
284
label: "Build your own Login UI",
286
type: "generated-index",
287
title: "Build your own Login UI",
288
slug: "/guides/integrate/login-ui",
290
"In the following guides you will learn how to create your own login UI with our APIs. The different scenarios like username/password, external identity provider, etc. will be shown.",
294
"guides/integrate/login-ui/session-validation",
295
"guides/integrate/login-ui/username-password",
296
"guides/integrate/login-ui/external-login",
297
"guides/integrate/login-ui/passkey",
298
"guides/integrate/login-ui/mfa",
299
"guides/integrate/login-ui/select-account",
300
"guides/integrate/login-ui/password-reset",
301
"guides/integrate/login-ui/logout",
302
"guides/integrate/login-ui/oidc-standard",
303
"guides/integrate/login-ui/typescript-repo",
308
label: "Login users with SSO",
311
id: "guides/integrate/identity-providers/introduction",
315
"guides/integrate/identity-providers/google",
316
"guides/integrate/identity-providers/azure-ad-oidc",
317
"guides/integrate/identity-providers/azure-ad-saml",
318
"guides/integrate/identity-providers/github",
319
"guides/integrate/identity-providers/gitlab",
320
"guides/integrate/identity-providers/apple",
321
"guides/integrate/identity-providers/ldap",
322
"guides/integrate/identity-providers/openldap",
323
"guides/integrate/identity-providers/okta-oidc",
324
"guides/integrate/identity-providers/okta-saml",
325
"guides/integrate/identity-providers/keycloak",
326
"guides/integrate/identity-providers/linkedin-oauth",
327
"guides/integrate/identity-providers/mocksaml",
328
"guides/integrate/identity-providers/jwt_idp",
329
"guides/integrate/identity-providers/migrate",
330
"guides/integrate/identity-providers/additional-information",
335
label: "ZITADEL APIs",
338
id: "guides/integrate/zitadel-apis/access-zitadel-apis",
343
type: "autogenerated",
344
dirName: "guides/integrate/zitadel-apis",
352
type: "generated-index",
353
title: "Integrate ZITADEL with your Favorite Services",
354
slug: "/guides/integrate/services",
356
"With the guides in this section you will learn how to integrate ZITADEL with your services.",
361
type: "autogenerated",
362
dirName: "guides/integrate/services",
366
label: "Bold BI (boldbi.com)",
367
href: "https://support.boldbi.com/kb/article/13708/how-to-configure-zitadel-oauth-login-in-bold-bi",
371
label: "Cloudflare workers",
372
href: "https://zitadel.com/blog/increase-spa-security-with-cloudflare-workers",
376
label: "Firezone (firezone.dev)",
377
href: "https://www.firezone.dev/docs/authenticate/oidc/zitadel",
382
href: "https://zitadel.com/blog/zitadel-as-sso-provider-for-selfhosting",
386
label: "Netbird (netbird.io)",
387
href: "https://docs.netbird.io/selfhosted/identity-providers",
391
label: "Psono (psono.com)",
392
href: "https://doc.psono.com/admin/configuration/oidc-zitadel.html",
396
label: "Zoho Desk (zoho.com)",
397
href: "https://help.zoho.com/portal/en/kb/desk/user-management-and-security/data-security/articles/setting-up-saml-single-signon-for-help-center#Zitadel_IDP",
405
type: "generated-index",
406
title: "Integrate ZITADEL with your Tools",
407
slug: "/guides/integrate/tools",
409
"With the guides in this section you will learn how to integrate ZITADEL with your favorite tools.",
416
href: "https://argo-cd.readthedocs.io/en/latest/operator-manual/user-management/zitadel/",
418
"guides/integrate/tools/apache2",
419
"guides/integrate/authenticated-mongodb-charts",
420
"examples/identity-proxy/oauth2-proxy",
423
"guides/integrate/external-audit-log",
428
label: "Solution Scenarios",
430
type: "generated-index",
431
title: "Solution Scenarios",
432
slug: "guides/solution-scenarios/introduction",
434
"Customers of an SaaS Identity and access management system usually have all distinct use cases and requirements. This guide attempts to explain real-world implementations and break them down into solution scenarios which aim to help you getting started with ZITADEL.",
438
"guides/solution-scenarios/b2c",
439
"guides/solution-scenarios/b2b",
440
"guides/solution-scenarios/saas",
441
"guides/solution-scenarios/domain-discovery",
442
"guides/solution-scenarios/configurations",
443
"guides/solution-scenarios/frontend-calling-backend-API",
444
"guides/solution-scenarios/restrict-console",
452
type: "generated-index",
453
title: "Concepts and Features",
456
"This part of our documentation contains ZITADEL specific or general concepts required to understand the system or our guides.",
465
type: "autogenerated",
466
dirName: "concepts/structure",
476
type: "autogenerated",
477
dirName: "concepts/features",
482
type: "autogenerated",
483
dirName: "concepts/knowledge",
489
label: "Architecture",
492
"concepts/architecture/software",
493
"concepts/architecture/solution",
494
"concepts/architecture/secrets",
495
"concepts/principles",
498
label: "Event Store",
501
"concepts/eventstore/overview",
502
"concepts/eventstore/implementation",
512
"support/software-release-cycles-support",
513
"support/troubleshooting",
516
label: "Technical Advisory",
519
id: "support/technical_advisory",
524
type: "autogenerated",
525
dirName: "support/advisory",
536
label: "Core Resources",
540
id: "apis/apis/index",
545
label: "V1 (Generally Available)",
548
type: "generated-index",
549
title: "APIs V1 (GA)",
550
slug: "/apis/services/",
552
"APIs V1 organize access by context (authenticated user, organisation, instance, system), unlike resource-specific V2 APIs.",
557
label: "Authenticated User",
559
type: "generated-index",
561
slug: "/apis/resources/auth",
563
"The authentication API (aka Auth API) is used for all operations on the currently logged in user. The user id is taken from the sub claim in the token.",
565
items: require("./docs/apis/resources/auth/sidebar.ts"),569
label: "Organization Objects",
571
type: "generated-index",
572
title: "Management API",
573
slug: "/apis/resources/mgmt",
575
"The management API is as the name states the interface where systems can mutate IAM objects like, organizations, projects, clients, users and so on if they have the necessary access rights. To identify the current organization you can send a header x-zitadel-orgid or if no header is set, the organization of the authenticated user is set.",
577
items: require("./docs/apis/resources/mgmt/sidebar.ts"),581
label: "Instance Objects",
583
type: "generated-index",
585
slug: "/apis/resources/admin",
587
"This API is intended to configure and manage one ZITADEL instance itself.",
589
items: require("./docs/apis/resources/admin/sidebar.ts"),593
label: "Instance Lifecycle",
595
type: "generated-index",
597
slug: "/apis/resources/system",
599
"This API is intended to manage the different ZITADEL instances within the system.\n" +
601
"Checkout the guide how to access the ZITADEL System API.",
603
items: require("./docs/apis/resources/system/sidebar.ts"),609
label: "V2 (Generally Available)",
618
label: "User Lifecycle",
620
type: "generated-index",
621
title: "User Service API",
622
slug: "/apis/resources/user_service_v2",
624
"This API is intended to manage users in a ZITADEL instance.\n"
626
items: require("./docs/apis/resources/user_service_v2/sidebar.ts"),630
label: "Session Lifecycle",
632
type: "generated-index",
633
title: "Session Service API",
634
slug: "/apis/resources/session_service_v2",
636
"This API is intended to manage sessions in a ZITADEL instance.\n"
638
items: require("./docs/apis/resources/session_service_v2/sidebar.ts"),642
label: "OIDC Lifecycle",
644
type: "generated-index",
645
title: "OIDC Service API",
646
slug: "/apis/resources/oidc_service_v2",
648
"Get OIDC Auth Request details and create callback URLs.\n"
650
items: require("./docs/apis/resources/oidc_service_v2/sidebar.ts"),654
label: "Settings Lifecycle",
656
type: "generated-index",
657
title: "Settings Service API",
658
slug: "/apis/resources/settings_service_v2",
660
"This API is intended to manage settings in a ZITADEL instance.\n"
662
items: require("./docs/apis/resources/settings_service_v2/sidebar.ts"),666
label: "Feature Lifecycle",
668
type: "generated-index",
669
title: "Feature Service API",
670
slug: "/apis/resources/feature_service_v2",
672
'This API is intended to manage features for ZITADEL. Feature settings that are available on multiple "levels", such as instance and organization. The higher level instance acts as a default for the lower level. When a feature is set on multiple levels, the lower level takes precedence. Features can be experimental where ZITADEL will assume a sane default, such as disabled. When over time confidence in such a feature grows, ZITADEL can default to enabling the feature. As a final step we might choose to always enable a feature and remove the setting from this API, reserving the proto field number. Such removal is not considered a breaking change. Setting a removed field will effectively result in a no-op.\n'
674
items: require("./docs/apis/resources/feature_service_v2/sidebar.ts"),678
label: "Organization Lifecycle",
680
type: "generated-index",
681
title: "Organization Service API",
682
slug: "/apis/resources/org_service/v2",
684
'This API is intended to manage organizations for ZITADEL. \n'
686
items: require("./docs/apis/resources/org_service_v2/sidebar.ts"),690
label: "Identity Provider Lifecycle",
692
type: "generated-index",
693
title: "Identity Provider Service API",
694
slug: "/apis/resources/idp_service_v2",
696
'This API is intended to manage identity providers (IdPs) for ZITADEL.\n'
698
items: require("./docs/apis/resources/idp_service_v2/sidebar.ts"),704
label: "V3 (Preview)",
713
label: "User Schema Lifecycle (Preview)",
715
type: "generated-index",
716
title: "User Schema Service API (Preview)",
717
slug: "/apis/resources/user_schema_service",
719
"This API is intended to manage data schemas for users in a ZITADEL instance.\n" +
721
"This project is in Preview state. It can AND will continue breaking until the service provides the same functionality as the v1 and v2 user services.",
723
items: require("./docs/apis/resources/user_schema_service_v3/sidebar.ts"),727
label: "User Lifecycle (Preview)",
729
type: "generated-index",
730
title: "User Service API (Preview)",
731
slug: "/apis/resources/user_service_v3",
733
"This API is intended to manage users with your own data schema in a ZITADEL instance.\n" +
735
"This project is in Preview state. It can AND will continue breaking until the service provides the same functionality as the v1 and v2 user services.",
737
items: require("./docs/apis/resources/user_service_v3/sidebar.ts"),741
label: "Action Lifecycle (Preview)",
743
type: "generated-index",
744
title: "Action Service API (Preview)",
745
slug: "/apis/resources/action_service_v3",
747
"This API is intended to manage custom executions and targets (previously known as actions) in a ZITADEL instance.\n" +
749
"This project is in Preview state. It can AND will continue breaking until the services provide the same functionality as the current actions.",
751
items: require("./docs/apis/resources/action_service_v3/sidebar.ts"),755
label: "Web key Lifecycle (Preview)",
757
type: "generated-index",
758
title: "Web Key Service API (Preview)",
759
slug: "/apis/resources/webkey_service_v3",
761
"This API is intended to manage web keys for a ZITADEL instance, used to sign and validate OIDC tokens.\n" +
763
"This project is in preview state. It can AND will continue breaking until a stable version is released.",
765
items: require("./docs/apis/resources/webkey_service_v3/sidebar.ts"),773
items: ["apis/assets/assets"],
779
label: "Sign In Users ",
784
label: "OpenID Connect & OAuth",
787
"apis/openidoauth/endpoints",
788
"apis/openidoauth/authrequest",
789
"apis/openidoauth/scopes",
790
"apis/openidoauth/claims",
791
"apis/openidoauth/authn-methods",
792
"apis/openidoauth/grant-types",
799
items: ["apis/saml/endpoints"],
808
"apis/actions/introduction",
809
"apis/actions/modules",
810
"apis/actions/code-examples",
811
"apis/actions/internal-authentication",
812
"apis/actions/external-authentication",
813
"apis/actions/complement-token",
814
"apis/actions/customize-samlresponse",
815
"apis/actions/objects",
822
items: ["apis/actionsv2/introduction", "apis/actionsv2/execution-local"],
826
label: "gRPC Status Codes",
827
id: "apis/statuscodes",
831
label: "Observability",
833
items: ["apis/observability/metrics", "apis/observability/health"],
837
label: "Rate Limits (Cloud)",
838
href: "/legal/policies/rate-limit-policy",
847
"self-hosting/deploy/overview",
848
"self-hosting/deploy/linux",
849
"self-hosting/deploy/macos",
850
"self-hosting/deploy/compose",
851
"self-hosting/deploy/devcontainer",
852
"self-hosting/deploy/knative",
853
"self-hosting/deploy/kubernetes",
854
"self-hosting/deploy/loadbalancing-example/loadbalancing-example",
855
"self-hosting/deploy/troubleshooting/troubleshooting",
863
"self-hosting/manage/production",
864
"self-hosting/manage/productionchecklist",
865
"self-hosting/manage/configure/configure",
869
label: "Reverse Proxy",
872
id: "self-hosting/manage/reverseproxy/reverse_proxy",
875
"self-hosting/manage/reverseproxy/traefik/traefik",
876
"self-hosting/manage/reverseproxy/nginx/nginx",
877
"self-hosting/manage/reverseproxy/caddy/caddy",
879
"self-hosting/manage/reverseproxy/cloudflare/cloudflare",
880
"self-hosting/manage/reverseproxy/cloudflare_tunnel/cloudflare_tunnel",
881
"self-hosting/manage/reverseproxy/zitadel_cloud/zitadel_cloud",
884
"self-hosting/manage/custom-domain",
885
"self-hosting/manage/http2",
886
"self-hosting/manage/tls_modes",
887
"self-hosting/manage/database/database",
888
"self-hosting/manage/updating_scaling",
889
"self-hosting/manage/usage_control",
892
label: "Command Line Interface",
896
id: "self-hosting/manage/cli/overview",
898
items: ["self-hosting/manage/cli/mirror"],
906
label: "Legal Agreements",
909
type: "generated-index",
910
title: "Legal Agreements",
913
"This section contains important agreements, policies and appendices relevant for users of our websites and services. All documents will be provided in English language.",
916
"legal/terms-of-service",
917
"legal/data-processing-agreement",
918
"legal/subprocessors",
919
"legal/annex-support-services",
922
label: "Service Description",
925
type: "generated-index",
926
title: "Service description",
927
slug: "/legal/service-description",
929
"Description of services and service levels for ZITADEL Cloud and Enterprise subscriptions.",
933
type: "autogenerated",
934
dirName: "legal/service-description",
943
type: "generated-index",
945
slug: "/legal/policies",
947
"Policies and guidelines in addition to our terms of services.",
951
type: "autogenerated",
952
dirName: "legal/policies",