Ever wonder who’s at the helm of your favorite open source Identity platform, Zitadel? I recently spent time talking with Florian Forster, CEO and recorded his insights on [Zitadel's YouTube channel](https://youtu.be/m-Tg-KRqYlA).

<div className="mt-8" style={{ marginBottom: '-3.5rem' }}>
  <YouTubeExtended
    videoId={"m-Tg-KRqYlA"}
    containerClassName={"youtube-container"}
		stopList={[]}
  />
</div>

Looking for a quick read instead? We also transcribed the conversation.
### Getting to know Florian 
Florian shares with us his technical background that has helped drive his entrepreneurial spirit as he operates as Zitadel’s CEO. His vision for Zitadel’s positive impact on organizations helps drive the future course of the company.

### Early Days: The Founding Story of Zitadel
Florian teamed up with Fabienne Buhler, Maximilian Panne, Stefan Benz, Silvan Reusser, Elio Bischof, Livio Armstutz, Max Peintner, and founded Zitadel in 2019. The idea came to fruition when this group was working at a public sector company in Switzerland. Identifying the market gap for a developer-focused identity solution that supports both self-hosting and multi-tenancy, they set out to create and deliver this tool to the community.

### Day in the life of the Zitadel CEO
Florian chuckles that his daily rhythm varies based on which global office he is working from. In Switzerland, his day unfolds at a measured pace, whereas starting in San Francisco means an immediate deluge of over 100 notifications. Despite his systematic approach to triage, priorities, and essential meetings, Florian always carves out time to engage with the Zitadel community and participate in GitHub discussions. He particularly values his diverse interactions with team members, customers, and the broader developer ecosystem. As a dedicated family man, Florian ensures that regardless of his professional commitments, he reserves quality time with his wife and young children before the day concludes.

### Key Identity Management Challenges That Organizations Should Navigate
Florian challenges the tendency to either oversimplify or overcomplicate identity management. Often dismissed as a simple login, he emphasizes how identity fundamentally shapes your entire software security posture. The true challenge lies in accurately assessing risks and implementing appropriate security measures that protect users without creating friction.. Custom-built or homegrown solutions often fall short — developing robust identity systems requires specialized expertise, not a quick implementation.  Engaging with industry experts and specialists provides invaluable peace of mind and enhances your organization’s security outcomes.

### Zitadel’s Market Advantage
Zitadel distinguishes itself with a developer-centric approach that addresses gaps left by the legacy identity solutions.  The platform offers exceptional flexibility, allowing it to adapt to your infrastructure requirements. This pairs well with Zitadel's modern self-hosting solution, which has seen an acceleration in adoption and growth over the recent years.

### Multi-tenancy in Practice
Florian shares how most systems across the internet are inherently multi-tenant. He illustrates this with an e-commerce example where customers and employees require  different roles and permissions.  This complexity, Florian notes, rapidly intensifies as organizations grow. When multi-tenancy is built into  the system’s foundational architecture, it provides sustainable scalability benefits  This intentional design allows administrators to implement distinct security policies — such as customized two-factor authentication requirements — for different groups across tenants.

### How Zitadel Enables Data Residency
Florian highlights two key dimensions of Zitadel’s approach to data residency:
The first addresses geographic hosting requirements through the strategic regional deployments of Zitadel Cloud across the United States, Australia, European Union, and Switzerland, allowing customers to meet their compliance needs.
The second offers complete flexibility through Zitadel’s self-hosting option, giving organizations complete control over database location, instance deployment, and access management according to their requirements.
 
### The Shift to Self-Hosting Solutions
Florian notes that historical data breaches from third-party suppliers have created lasting concern among organizations. A significant segment of customers now prioritizes maintaining complete control over their data, viewing access management as a critical defensive strategy. He also highlights that technical teams have regained confidence in managing essential workloads internally, largely due to operational enablement from technologies like Kubernetes. 

### Evolution of Zitadel’s Licensing Model
Zitadel initially launched under the Apache 2.0 license, which effectively supported its distribution and helped build the community. Florian explains that over the past 18 months, while usage increased significantly, there wasn’t a proportional reciprocity with meaningful contributions back to the community, whether in the form of code contributions or financial support.  The transition to the AGPL 3.0 license has enabled Zitadel to safeguard the substantial  investment made by the core team and the broader community. This strategic licensing shirt ensures Zitadel can maintain its fundamental commitment to open source principles.

*Note: Learn more about the AGPL 3.0 licensing change in [this blog post](https://zitadel.com/blog/zitadel-v3-announcement)*.

### Zitadel’s Strategic Vision for 2025 & Beyond
While Florian proudly acknowledges Zitadel’s exceptional login experience, he emphasizes that the company’s  mission extends far beyond authentication. 

He identifies three strategic pillars driving Zitadel’s future:
**1. Identity Transactions:** The authentication component of user login workflows represents Zitadel's foundational strength.  With over 80% market coverage in this area, Florian is confident in the substantial value this functionality delivers to organizations.
**2. Integrations and Workflows:** This growing focus area recognizes that while customers can already build plugins for third-party applications, Zitadel aims to significantly enhance this capability.  By expanding APIs and improving extensibility, Zitadel will provide developers with even greater flexibility and powerful incentives for adoption.
**3. Analytics and Intelligence:** This pillar, positioned to have the most transformative long-term impact, comprises three critical components:
	* Audit and Forensics Reporting: Enabling customers to comprehensively track and analyze user activities
	* Aggregation Reporting: Providing administrators with deeper insights into identity infrastructure performance through metrics on user behaviors, login failures, and other usage patterns
	* Threat Detection and Mitigation: Empowering security teams with advanced tools to better understand and rapidly respond to potential attacks

### Zitadel Establishes American Presence
Florian recounts that while Zitadel was born and initially flourished in Switzerland, maintaining strong Swiss heritage, the company's expanding footprint in the North American market naturally led to establishing a US headquarters. This strategic expansion positions Zitadel to better serve its growing American and global customer base and address its evolving recruitment requirements.

### “If Not Tech…”: Alternative Career Paths
Florian reveals that if he was not securing identity in the Tech industry, there were several alternative career paths he would have pursued. 

Initially, becoming a helicopter pilot captured his imagination, though he eventually dismissed this path, seeking to make a more substantial impact.

Following his military service, Florian considered joining the close protection field as a security operative.  However, after careful consideration, he determined the inherent risks didn’t align with his personal values and life goals.

Surprisingly, citrus farming ultimately emerged as his most compelling alternative career path. Florian believes that through data-driven approaches and thoughtful agricultural practices, the field offers fascinating opportunities for innovation.

*While the world might have gained an innovative orange juice producer, the Zitadel team remains grateful to have Florian’s leadership in his current role 😁.
*


Zitadel’s CEO Florian Forster shares the company’s values and vision for 2025 and some of the common challenges when approaching IAM. 

“The WHY behind Zitadel” with Florian Forster, Co-Founder & CEO

Delegated access management

Hosted Login

Multifactor Authentication

Passwordless Authentication

Audit Trail

Identity Brokering

Platform

Service Accounts

Features

Easy integration

B2B (Business to Business)

Self Service

Existing identities

Secure authentication

Use Cases

Learn how to install, setup, and use ZITADEL.

Documentation

ZITADEL Cloud

Self-hosting

Trust center

Examples and Guides

Github Repository

Develop

Get Started

Contribute

Roadmap

Changelog

About Us

Jobs

Contact

Company

Read the blog

Sign up

Login

Pricing

Blog

## What is Identity and Access Management?
In today’s digital world, securing your organization’s resources is non-negotiable.  Identity and Access Management (IAM) serves as the cornerstone of modern security infrastructure, yet many find it intimidating.  At its core, IAM answers two critical questions:
* Is this user who they claim to be?
* Which resources should this user be allowed to access?

IAM is the foundation of digital trust that enables secure collaboration in our interconnected business landscape.

## Evolution of Identity Solutions
### The Past: Custom In-House Solutions
Organizations, regardless of size, historically invested heavily in building custom IAM platforms in house.  The reasons:
* Solutions can be tailored precisely to organizational needs
* Ability to achieve complete control over data residency and sovereignty
* Freedom from vendor lock-in and associated costs
However, this approach eventually created more problems than it solved. Security vulnerabilities, astronomical maintenance costs, and technical debt quickly transformed these “ideal” custom solutions into unwieldy legacy systems hindering innovation rather than enabling it.  

### The Present: Specialized IAM Solutions
Today’s landscape features purpose-built IAM solutions built by identity specialists.  These platforms offer:
* Industry-leading security expertise out-of-the-box
* Continuous updates to counter evolving threats
* Significantly reduced implementation timelines and costs
Zitadel stands out by offering flexible deployments and extensive integration options through our open-source multi-tenant platform, combining the best of both worlds.

💡We recently wrote an article on the [pros and cons of “build vs. buy” approaches of IAM platforms](https://zitadel.com/blog/build-vs-buy)💡

## Evolution of Identity Infrastructure for Cloud-Native Architectures
### First Wave: Virtual Machine-Based Identity (2005-2015)
Early cloud adoption simply migrated traditional identity infrastructure to virtual machines (VMs). Organizations lifted-and-shifted their directory services and authentication systems to cloud VMs, maintaining the same architecture but changing the hosting model. This approach provided minimal cloud advantages while carrying over legacy limitations.
### Second Wave: Identity-as-a-Service Emergence (2015-2020)
As cloud adoption accelerated, specialized IDaaS (Identity-as-a-Service) providers emerged, offering streamlined authentication services through APIs and managed services. These solutions introduced:
* Standardized OAuth and OIDC implementations
* Developer-friendly SDKs and APIs
* Reduced operational overhead
However, most solutions remained proprietary with limited customization options, creating new forms of vendor lock-in.
### Third Wave: Cloud-Native Identity (2020-Present)
Today's cloud-native identity infrastructure embraces key cloud principles:
* Containerization and microservices architecture
* Infrastructure-as-code deployment models
* API-first design philosophy
* Kubernetes-native operation
Modern platforms like Zitadel are designed to deploy anywhere — from managed cloud services to on-premises Kubernetes clusters — while maintaining consistent security postures across environments. This approach enables true hybrid and multi-cloud identity strategies without sacrificing security or developer experience.

### Future Trends: Decentralized and Portable Identity
The emerging horizon includes:
* Self-sovereign identity models giving users more control
* Portable identity credentials functioning across organizational boundaries
* Zero-trust architectures replacing perimeter-based security
* Increased use of biometrics and behavioral analytics
Organizations embracing cloud-native identity solutions today are best positioned to adopt these innovations as they mature.

## Business/B2B Use Cases for Open Source Identity Solutions
Business-to-business identity management presents unique challenges. Zitadel's comprehensive feature set addresses these needs through: 
* **Transparency of Open Source** : With open source software accessible to the entire developer community, projects benefit from rapid advancement. Improvements span  security fixes, package updates, and feature enhancements, ensuring  full transparency and reduced costs.
* **Multi-tenancy**: Today’s complex business ecosystems require seamless resource sharing. Whether connecting with business partners or managing tenants, robust multi-tenancy capabilities bridge organizational boundaries securely. 
* **Flexible deployment**: Open Source Identity platforms like Zitadel offer data sovereignty benefits of custom solutions without the maintenance burden. Organizations have the ability to choose between the convenience of Zitadel Cloud’s zero-maintenance approach or the complete control of self-hosting in your own infrastructure.
* **Faster Time to Market**: Implementing production-ready IAM solutions accelerates deployment timelines dramatically.  Projects that would take months or years to develop in-house can be operational in weeks or even days with open source IAM solutions, allowing you to
	* Launch core products faster
	* Implement security enhancements rapidly
	* Focus development resources on your unique value proposition
	* Realize return-on-investment sooner

* **Enable Developers**: Leverage open source IAM offerings with robust  API capabilities like Zitadel to automate repetitive tasks.  This eliminates the need to architect authentication systems from scratch, saving both  on employee resources and infrastructure costs.   
* **Self-management**: Organizations experience constant change.  Effective IAM solutions must scale with your needs, whether accommodating promotions, new hires, or departmental reorganizations.  Self-service capabilities for role management makes all the difference. 
* **Enhanced Security through Consolidation**: By implementing  SSO and MFA, organizations significantly  increase their security posture while decreasing account exposure and management overhead.

## Let’s Transform Your Identity Management Experience!
Modernize your organization’s authentication and access control infrastructure with Zitadel. Our team will work with you to:
* Assess your current identity needs and challenges
* Design a tailored implementation strategy aligned with your business goals
* Create a scalable roadmap that grows with your organization
* Implement best practices for maximum security and usability

Book a consultation today to begin your journey towards simplified, secure identity management that enables, rather than restricts your business growth.

<CTA
	label={'Book a Consultation'}
	href={'https://meetings-eu1.hubspot.com/jason-burkhead/zitadel-discovery-call'}
	external={false}
	layout={'primary'}
	noreferrer={false}
	align={'center'}
/>



Get started in understanding the basics of the Identity and Access Management ecosystem.

Understanding Identity and Access Management basics

# Meet Gigi the Giraffe: The Towering Personality Behind Zitadel!
Ever spotted that long-necked charmer popping up throughout Zitadel’s [documentation](https://zitadel.com/docs)?  Wonder no more.  Today, we are diving into the delightful story of Gigi the Giraffe, Zitadel’s head-above-the-rest mascot, with none other than Florian Forster, Zitadel’s CEO and Co-Founder.

<div className="mt-8" style={{ marginBottom: '-3.5rem' }}>
  <YouTubeExtended
    videoId={"pCXXuYNUzvY"}
    containerClassName={"youtube-container"}
		stopList={[]}
  />
</div>

**Prefer skimming to streaming?** We got you covered!  Here is the transcribed version of the conversation for your reading pleasure.

### The Tall Tale of Gigi’s Beginnings
As it turns out, Gigi wasn’t born with mascot status!  Florian revealed that before Zitadel existed, the co-founders worked at another organization where they developed a rather elevated reward system—giraffe stickers for standout contributions!  Talk about reaching new heights of recognition!

The giraffe love reached spectacular proportions when Florian received a human-sized giraffe plushie for his birthday.  And just like that, Gigi was born!  The team has been neck-deep in giraffe appreciation ever since.  While Gigi typically lounges in Florian’s home office, our spotted friend is currently safely packed away for Florian’s move to the US—first-class accommodations, we presume!

### Standing Tall in Company Culture
With that famously long neck, Gigi naturally has quite the perspective on Zitadel’s future (someone’s always looking ahead!).  Florian shared how Gigi’s playful spirit reflects the team’s culture—proving that even serious security solutions can have a splash of fun. 

**Ready to join the herd?** Gallop over to our [Discord community](https://zitadel.com/chat) today and enjoy our collection of Gigi-themed emojis!  Because who says identity management cannot be both secure AND adorable? 



Find out more about Zitadel’s mascot, Gigi, the Giraffe, and where he came from!

Meet Gigi, Zitadel’s Mascot

Since its launch in May 2021, the Zitadel Identity and Access Management (IAM) Platform has served over 150 customers.  We are honored by their continued confidence in our solution. As a company committed to continuous innovation, our primary focus remains delivering exceptional user experiences while expanding our platform's capabilities and features. 
## 1. Developer-first Multi-tenancy:
Our users often face the challenging task of building and maintaining complex multi-tenant identity infrastructure.  From customers standardizing authentication across development platforms with multi-tenant support to those requiring both internal and customer-facing authentication allowing clients to manage their own users, the pain points typically gravitate towards requiring a turnkey [multi-tenant IAM platform](https://zitadel.com/docs/guides/solution-scenarios/b2b) that reduces development complexity while maintaining enterprise-grade security.  

Zitadel’s comprehensive feature set—including social login options, OIDC and SAML 2.0 support, custom logins, and an API-first approach—establishes our platform as a truly developer-first multi-tenant identity solution.
> 💡 Read: [The Complexities and Pitfalls of Multi-Tenant Identity and Access Management](https://zitadel.com/blog/navigating-pitfalls-of-multitenancy) 💡
💡 [Feature Highlight](https://zitadel.com/features#brokering): Explore how Zitadel enables users to self-manage identity brokering and link multiple external identity providers to their identity 💡

## 2. Cloud or Self-Hosted Deployment
Before choosing Zitadel, our customers consistently expressed concerns about vendor lock-in, data control, and compliance requirements. Whether they needed control over identity infrastructure while maintaining security and compliance, or flexibility between [self-hosted and cloud deployment options](https://zitadel.com/docs/guides/overview#cloud-or-self-hosting), the feedback was clear. We purposefully built the Zitadel platform as an enterprise-grade solution that offers freedom in deployment model selection.

**Customers who begin their Zitadel journey in the Cloud prefer:**
* A ready-to-do turnkey solution with a free tier and a true pay-as-you-go pricing
* Global scalability without management complexity
* Data-residency compliance capabilities 

**Customers who choose the self-hosted path require:**
* Complete control over all components and data
* The ability to run Zitadel in air-gapped or regulated environments
 * Flexibility in update deployment schedules

> 💡 Read: [SaaS vs. Self-Hosted: How to Choose the Right Deployment Option](https://zitadel.com/blog/saas-vs-self-hosted) 💡
## 3. Extensibility and Integrations
The [Zitadel Identity and Access Management platform](https://zitadel.com/features#platform) is built for cloud-native deployments requiring multi-tenant solutions with seamless, turnkey integrations into existing infrastructure stacks.  With our API-first philosophy, Zitadel offers extensive functionality through robust APIs. When creating projects, you can rely on [Zitadel's APIs](https://zitadel.com/docs/apis/introduction) to handle the complex work of access and identity management.
## 4. Committed to Community and Open Source
With a strong dedication to the [open source community](https://zitadel.com/opensource) and collaborative development, we founded Zitadel with one clear mission – to build an open source IAM platform tailored for the cloud era. Our commitment to open source means:
* Building trust through transparency by providing access to our source code
* Giving users the flexibility to customize and add features needed for their specific use cases
* Incorporating feedback and input from the community to build the best possible solution
* Creating a collaborative ecosystem where improvements benefit everyone
* Ensuring long-term sustainability through community-driven development
The project is actively maintained and developed by both [the Zitadel team](https://zitadel.com/team) and our community. We welcome and appreciate all [contributions](https://github.com/zitadel) as we continue to advance the platform.

> ⭐️ Become a stargazer: https://github.com/zitadel/zitadel ⭐️
## 5. Accessible and Actionable Usage Metrics 
Security incidents are often detected too late. By the time an incident is identified, log files may be deleted or lack context. The Zitadel IAM platform provides a [comprehensive built-in audit trail](https://zitadel.com/features#audit) that tracks all changes over an unlimited period. This enables you to review any modifications to all your resources over extended timeframes, including changes to policies and settings, as well as user interactions such as login attempts, authenticator replacements, or profile data updates.
## Conclusion
As we move through 2025, we want to thank you for your continued trust in Zitadel. As summarized in our [end of year wrap-up blog post](https://zitadel.com/blog/end-of-year-product-wrap-up), our focus for 2025 centers on three key areas:
* Creating a Seamless Onboarding Journey
* Delivering Enterprise-Grade Performance and Scalability
* Providing Proactive System Insights

We are excited about making 2025 a successful year and I look forward to hearing your feedback.  Please feel free to connect with us anytime through our [Zitadel Discord Server](https://zitadel.com/chat) or [Bluesky](https://bsky.app/profile/zitadel.bsky.social), [Linkedin](https://www.linkedin.com/company/zitadel/), [GitHub](https://github.com/zitadel/zitadel), or our [website](https://zitadel.com/contact). 

Zitadel Identity and Access Management (IAM) platform is best suited for cloud-native users looking for an open-source, multi-tenant, and developer-first solution that is available to self-host or as a cloud offering.

5 Reasons Why You Should Choose Zitadel IAM

When exploring a new application, one of the first touchpoints a user encounters is the login experience. While a simple, generic screen can be an effective and efficient way to approach the beginning of your user flow, building out a custom login interface allows you to deliver a branded, seamless, memorable experience that aligns with your app’s functionality, user interface (UI), user experience (UX), and design. 

For scenarios where a simple username/password and  'forgot your password?' buttons aren't enough, Zitadel offers a robust, API-driven solution that supports advanced authentication methods, including passkeys, multi-factor authentication (MFA), and enterprise or social login integrations, allowing you to create and smoothly integrate a fully customized login UI.
## Custom Login: The Use Case
While we provide a [powerful built-in authentication flow](https://zitadel.com/docs/guides/integrate/login/hosted-login) compatible with OIDC & SAML standards, we recognize that some organizations require more flexibility to create more customized and advanced workflows that align with specific business logic, compliance requirements, security policies, or user experience needs. This is why we support customized logins where you have the ability to integrate your system while using our robust authentication and authorization capabilities. This gives you complete  control of branding, user experience, and flows without compromising security.

Your login page isn't just a gateway to your app; it is an opportunity to present a strong first impression. By using our customizable APIs, you will improve the aesthetic experience and tailor authentication to meet your needs. Whether you are managing [multi-factor authentication](https://zitadel.com/docs/guides/integrate/login-ui/mfa), [adding external login capabilities](https://zitadel.com/docs/guides/integrate/login-ui/external-login), or even exploring [integrating passkeys](https://zitadel.com/docs/guides/integrate/login-ui/passkey) into your workflow, Zitadel makes it easier to implement advanced authentication flows while ensuring a smooth user journey.

Below is an example of a login flow implementation shown in our [TypeScript repository](https://zitadel.com/docs/guides/integrate/login-ui/typescript-repo), which provides all of the packages and components you need to build your own branded login user interface using Zitadel's APIs.

![](https://cdn.sanity.io/images/y3uu7rkl/production/fbbb86dfe32182ba8aa326c127f96c12b5568e4a-2544x825.png)


## How does Zitadel Support Custom Logins?
	
With Zitadel, you can implement custom logins through our [session](https://zitadel.com/docs/apis/resources/session_service_v2) and user APIs. These APIs allow you to authenticate users through various methods, including traditional username/password, passkeys, or external Identity Providers (IDPs). 
You have full  control over the session lifecycle, starting from initiating the login process to managing user sessions after authentication. This includes configuring session expiration, integrating multi-factor authentication (MFA), and deploying any additional security mechanisms that strengthen the user verification process while maintaining compliance with authentication standards.
### Exploring How Our Users Leverage Custom Logins
Building out your custom login with Zitadel is use-case-agnostic. Our users utilize custom logins with Zitadel in a variety of approaches. 

Here are two examples:

**Example 1: Exploring authentication and accessibility**

One of our users, [Melvin Weiershäuser](https://github.com/mweiershaeuser), was exploring authentication methods and accessibility for his academic thesis. For this project, he required a custom login to compare traditional authentication and passkey methods to assess their impact on accessibility and the development of more accessible user experiences. Initially, he evaluated both Zitadel and Keycloak and ultimately chose Zitadel due to the flexibility in integrating a custom login interface. To complete the project, he built his solution with Zitadel and Next.js, with the implementation supporting both multi-factor authentication (MFA) and passkeys. Key features included passkey registration, service user integration for login control, and session management. By leveraging Zitadel’s authentication capabilities, he was able to provide valuable insights into how login methods can influence accessibility and usability while maintaining a smooth authentication experience. The project is [publicly available on GitHub](https://github.com/mweiershaeuser/sso) for those interested in exploring it further.

**Example 2: Designing a secure login for a banking app**

Security is key when developing a user authentication flow for a mobile application for fintech companies. One such fintech company, an IT and digitalization partner for leading financial and insurance service providers, set out to provide a more seamless and branded login process that integrated better with their own application.  They built out a custom login using Swift and Android Java while integrating a .NET backend with our session API to ensure a secure, device-bound auth process. By customizing their login experience with Zitadel, they were able to enable multi-user handling, token rotation, and enhance security through session revocation. This addressed their need for heightened protection, paired with a frictionless user experience. 
## Looking Ahead
We are committed to further enhancing our API and SDK offerings and make it easier for developers to implement custom logins. We  recently launched our ready-to-use [TypeScript-based login system](https://zitadel.com/blog/typescript-login) that reduces development time and effort for our users. 

Start building your custom login UI today, and join a growing community of developers shaping the future of authentication. If you have any  questions as you are building out a custom login and integrating it with Zitadel, contact us through [our community](http://zitadel.com/chat). 






Learn more about building out your own login UI integrated with Zitadel and explore real-world approaches building out secure custom login flows.

Designing a Login Flow That Fits with Zitadel

A common task for many developer and security-centric teams is to provide an identity and access management (IAM) service.  Whether that component only consists of a sign-up form and a login page or a more complex infrastructure, the number one priority is always to provide a seamless functionality for your users.  Failure in implementation can have severe consequences. To reduce your risk and feel confident in your IAM platform, partnering seasoned professionals in the space ensures success.

Companies looking for authentication servers have the option to consider the solutions available in the market or build it themselves.  As each option presents its own set of benefits and drawbacks, teams are often overwhelmed to make the right choice.  In this article, we will cover the key pros and cons of each of the two options that help companies make the right decision for both short-term and long-term benefits.

### Benefits of a Custom-built Platform
1.  Built to your needs: Custom-built IAM platforms can be tailored to your organization's specific requirements.  With a custom solution, you have complete control over the user experience and the technology choices. You can design authentication flows that align with your brand and user journey, creating a seamless experience that doesn't feel disconnected from the rest of your application. This customization extends to crucial workflows like user onboarding, password resets, and permission management—all of which can be optimized for your specific use cases rather than following a generic approach.
2. Enterprise Integrations: Enterprise environments often present complex integration challenges that off-the-shelf IAM solutions struggle to address effectively. A custom-built IAM platform can be architected from the ground up to integrate seamlessly with your existing technology ecosystem, regardless of its complexity or uniqueness.
Legacy systems present a particular advantage for custom solutions. While many modern IAM platforms have limited support for older technologies or protocols, a custom solution can be built to bridge these gaps. Whether you're dealing with mainframe applications, custom LDAP schemas, or proprietary single sign-on systems developed in-house decades ago, a custom solution can be tailored to interface with these systems without compromise.
3. Control Over Data and Infrastructure: A custom-built IAM platform puts you in the driver's seat when it comes to data sovereignty and infrastructure decisions. This complete control means your organization retains ownership of user credentials, access patterns, and authentication logs—data that is often among the most sensitive your company manages.
For organizations in regulated industries such as healthcare, finance, or government, this control can become crucial. Custom solutions allow you to construct specific data residency requirements, ensuring user information never leaves particular geographic boundaries or jurisdictions. You can also implement custom encryption schemes that go beyond standard offerings, creating multiple layers of protection for particularly sensitive identity data.
4. No Vendor Lock-in: Building your own IAM platform frees your organization from the constraints of vendor dependencies. This independence means you're not tied to a particular company's business decisions, product roadmap, or pricing strategies. If a vendor decides to sunset a feature your business relies on or dramatically increases licensing costs, organizations using off-the-shelf solutions may find themselves scrambling to adapt.
Custom solutions also shield you from the impacts of acquisitions and mergers in the IAM market, which can often lead to discontinued products or significant changes in service quality and support. With your own platform, you maintain continuity regardless of market fluctuations.
5. Customized Compliance Implementation: Regulatory compliance requirements for identity management vary significantly across industries and regions. A custom IAM platform allows you to design compliance features that precisely address your specific regulatory landscape without unnecessary overhead.
For example, a custom platform can be built with GDPR's right to be forgotten as a core architectural principle rather than an afterthought. Healthcare organizations can design authentication workflows that inherently enforce HIPAA requirements. Financial institutions can implement multi-factor authentication schemas that directly align with specific banking regulations in their operating regions.
### Drawbacks of a Custom-built IAM Platform
While the benefits of custom-built IAM solutions are compelling, they come with significant challenges that organizations must carefully consider. The reality is that identity management is a specialized field requiring deep expertise in security, performance optimization, and regulatory compliance. Building your own platform means taking on the full burden of these complexities—often pulling focus and resources away from your core business objectives. The following drawbacks highlight why many organizations ultimately find that the apparent freedom of a custom solution can become a costly constraint.
1. Security Issues: A significant risk of building your own authentication server lies in its generally higher probability of security issues, which is usually due to a disproportionate time spent on building and not security implementation. Since keeping your users’ data safe is among the greatest responsibilities of the platform and the primary task of an IAM , it is essential to make sure an adequately established security system is given. One of the most obvious advantages specialized vendors have over DIY developers is the possession of a dedicated team with cybersecurity and software engineering expertise. The members of these teams can utilize their knowledge to create the best possible security system based on their diverse experiences.
IAM vendors commonly offer advanced security features, such as support for multi-factor authentication (MFA) and security keys (Yubikey etc.). Another security aspect where third-party IAM solutions prevail is pattern recognition: they can prevent attacks more easily due to their large user base, whereas a custom-made solution does not possess enough data to recognize suspicious patterns.
Keeping up with authentication best practices and standards becomes another insurmountable task for custom-built platforms, whereas IAM vendors can ensure compliance and adherence to standards.
2. Cost of Maintenance: Contrary to popular belief, you will likely find that building your own authentication server is not cheaper in the long run. While you might initially save money, that will quickly be compensated by the cost of development, maintenance, troubleshooting, upgrades, and the resources themselves that are needed for these procedures. Furthermore, you might find that unexpected expenses arise later on in your software’s lifetime: while initially you will likely implement a simple username + password login system, due to the high security requirements of a well-functioning authentication solution, you will most likely need to expand it with more complex features (f.e. Multi-Factor-Authentication, passwordless login options and more social logins).  Also, since your primary business is likely in an unrelated field to the IAM itself, the inevitable shift in your working context would entail additional costs. When considering a custom-built solution, it is therefore beneficial to evaluate if the needed investments over the lifetime of your product are ultimately less than the amount you would have to pay for the one-time fee of the purchasable alternative.  
Add in the scale by a factor of (n) to address a multi-tenancy requirement for each customer with their own settings, and the cost of maintenance grows exponentially.
3. Expensive, in all aspects: When creating anything from scratch, you should probably reckon with a lengthy production process. This not only delays the “time to value” of your business-critical applications as you first need to build the IAM platform before you can make your application available to your users.  This also applies to developing a service; given that authentication solutions require lots of API programming and complicated security features, fully building one might take at least a year as a full-time job. Since this service will handle sensitive data, the development of an adequately functioning security system also involves constant testing and optimizing, which should not be neglected to save time. The need for custom features also extends to the product phases well beyond the initial development: keeping your application functional and up to date requires you to additionally establish a maintenance system that will serve this purpose. Using an already established IAM solution would therefore likely save you several years of time, and money spent on essential resources.

![](https://cdn.sanity.io/images/y3uu7rkl/production/deeec64e2aa7e46f68c8de9addac4090ae2f3c80-2940x1656.png)
*Calculations based on our analysis*
### Benefits of Buying an IAM Platform
While custom-built IAM solutions offer some advantages, after examining the complex challenges of building one, it becomes clear why many organizations ultimately choose to purchase a dedicated IAM platform from specialized vendors. These purpose-built solutions offer numerous advantages that directly address the pain points of custom development.
1. Industry-Leading Security Expertise: Specialized IAM vendors focus exclusively on identity security, employing teams of security experts who dedicate their careers to staying ahead of emerging threats. This concentrated expertise translates into robust security practices that would be difficult for most organizations to replicate internally. Professional IAM solutions typically offer:
Regular security audits and penetration testing with third party partners
Rapid response and mitigation of vulnerabilities
Advanced threat detection and prevention capabilities
Compliance with the latest security standards and best practices and certifications
2. Faster Time to Market: Implementing a pre-built IAM solution dramatically accelerates your deployment timeline. What can typically take months or years to develop in-house can often be set up in weeks or even days with a vendor solution. This quick implementation means:
Your core products and services launch faster
Security enhancements reach your users more quickly
Development resources stay focused on your business differentiators
You realize return on investment sooner
3. Reduced Total Cost of Ownership: While the upfront licensing costs of purchased IAM solutions are visible line items in your budget, they typically represent a fraction of the total cost of building and maintaining a custom platform especially if you factor in the development time. A comprehensive IAM solution hence eliminates:
* Development costs for initial implementation of the security features
* Ongoing expenses for security updates and patching
* Infrastructure and operational overhead, especially for SaaS users
* Costs associated with specialized security talent acquisition and retention
* Expenses related to compliance certification and auditing

![](https://cdn.sanity.io/images/y3uu7rkl/production/6b2ba627a001746cc86e4499c29d15ae5f898fc1-2940x1648.png)

4. Continuous Innovation Without Internal Resources: Professional IAM vendors continuously improve their platforms, incorporating new authentication methods, security enhancements, and usability features as they emerge in the market. This ongoing innovation happens without draining your internal resources, allowing you to:
* Benefit from industry advancements automatically
* Support new standards and protocols without additional development
* Offer cutting-edge security features to your users
* Stay competitive with larger organizations that have more resources
5. Scalability and Reliability: Enterprise-grade IAM platforms are built from the ground up to handle massive scale with exceptional reliability. These solutions typically offer:
* High-availability architectures with redundancy built in
* Elastic scaling to handle usage spikes
* Global distribution for performance optimization
* Proven reliability under extreme load conditions
* Comprehensive monitoring and alerting options
6. Simplified Compliance Management: Managing compliance across multiple regulations (GDPR, HIPAA, SOC2, ISO27001, etc.) requires significant expertise and ongoing attention. Dedicated IAM platforms typically:
* Maintain compliance certifications so you don't have to
* Provide detailed audit logs and reporting
* Offer pre-built compliance frameworks for various industries
* Stay updated with evolving regulatory requirements
* Simplify your compliance audits with ready documentation
7. Professional Support and Expertise On-Demand: When issues arise (as they inevitably do), having access to specialized support can mean the difference between minor inconvenience and major business disruption. Established IAM vendors provide:
* 24/7 technical support from identity specialists
* Comprehensive documentation and implementation guides
* Professional services for complex deployments
* User community and knowledge sharing
* Training and certification programs


![](https://cdn.sanity.io/images/y3uu7rkl/production/18106bcce85f266ce752a3e24d3d7cba3b115fd6-2940x1654.png)

### Bringing the Best of Both Worlds with Zitadel 
Zitadel delivers enterprise-grade identity and access management without the development overhead of building your own solution from scratch. Unlike custom-built IAM systems that require significant engineering resources, ongoing maintenance, and security expertise, Zitadel provides a battle-tested, comprehensive solution out of the box. 
With Zitadel, organizations gain immediate access to modern authentication protocols, multi-tenancy support, robust user management, and authorization controls —all while avoiding the hidden costs, security vulnerabilities, and compliance challenges that often plague homegrown IAM implementations. By choosing Zitadel, your team can focus on core business objectives rather than reinventing complex identity infrastructure.
1. Developer-first, multi-tenant platform: As a developer-first multi-tenant platform, Zitadel gives you custom-level control with turnkey implementation - offering intuitive APIs, comprehensive SDKs, and detailed documentation that drastically reduces development resources while supporting complex multi-organization structures that would typically require months of custom coding. You can even build your own custom login UI using Zitadel's APIs while relying on its battle-tested security and standards implementation behind the scenes.
2. Flexible deployment: Zitadel offers the data sovereignty of custom solutions without the infrastructure burden. You have the ability to choose between the convenience of Zitadel Cloud with its zero-maintenance approach or the control of self-hosting in your own infrastructure - either way, you maintain full ownership of your identity data without the ongoing operational costs of a custom-built IAM platform.
3. Extensibility and Enterprise Integrations: Zitadel delivers adaptability at the level of a custom-built solution without the associated complexity of a custom-built IAM solution. Its extensive extensibility and enterprise integrations ensure seamless connection to your existing ecosystem through webhooks, actions, and pre-built connectors for enterprise systems, allowing for the same customization you get from building in-house without forking code, managing separate codebases, or compromising security.
### Get Started
Get started with  Zitadel, the comprehensive, ready-to-deploy Identity and Access Management platform  rather than building one from scratch. We offer the ideal authentication platform with flexible pricing, a variety of deployment options, extensive features, enterprise-grade security, and unlimited identities across all instances.

Have questions about authentication or anything else? Connect with us on the [Zitadel Discord Server](https://zitadel.com/chat). You can also find us on [LinkedIn](https://www.linkedin.com/company/zitadel/), [GitHub](https://github.com/caos/zitadel), [Bluesky](https://bsky.app/profile/zitadel.com), [Twitter](https://twitter.com/zitadel) or through our [website](https://zitadel.com/).

If you appreciate our work, please consider [giving us a star on GitHub](https://github.com/zitadel/zitadel). We value your support!

The Zitadel Identity and Access Management (IAM) platform offers a turnkey enterprise-grade platform for cloud-native organizations looking to move away from a custom-built IAM platform with modules that are expensive to maintain.

Stop Building and Maintaining Frankenstein IAM Platforms

When choosing the right authentication provider for your application it can be hard to narrow down one that works not just for your organization internally but also for your customer and partners. Recognizing the diverse needs of a modern identity management system that is both flexible and secure can become an overwhelming task, especially in a market that offers a plethora of alternatives. That’s why it is important to understand the value proposition of the vendor offerings and evaluate how they fit your organizational requirements.

In this article, we will compare and contrast two open source alternatives - Keycloak and Zitadel.

## What is Keycloak and Zitadel
### Keycloak
Keycloak is an Open Source Identity and Access Management platform built for the foundational commercial solution “Red Hat Single Sign-On” that serves both the Business to Business (B2B) and Business to Consumer (B2C) markets. Keycloak was initially developed by WildFly, a division of Red Hat and was adopted to the [Cloud Native Computing Foundation](https://www.cncf.io/projects/keycloak/) (CNCF) on April 10, 2023 as an incubation project. Keycloak has been maintained by the CNCF community ever since. It brings functions like identity-brokering, multi-factor / passwordless authentication, access management, OpenID Connect, OAuth 2.0, SAML 2.0, and to some degree, multi-tenancy.

### Zitadel
Zitadel is an API-first identity platform that is built for developers. It offers easier integration into your tech stack to support the authentication, authorization, and self-service needs.  Extended as an open source and a commercial solution, it also provides a long-term audit trail out-of-the-box to ensure the security and compliance posture for your organization. Zitadel provides free and cloud subscription tiers, along with a self-hosted version for organizations that require complete data ownership. Zitadel’s comprehensive identity platform supports business-to-business (B2B) use cases including multi-tenancy, identity brokering, multi-factor or passwordless authentication, delegated access management, and in-context audit trail. Zitadel supports the standard integration protocols such as OpenID Connect, SAML 2.0, and OAuth 2.0.

## Main Differences
### Source Code
Keycloak leverages the open source friendly Apache 2.0 license on their platform repository. This license is catered towards community support and common across the open source  landscape. Up to version 2, Zitadel leveraged the Apache 2.0 license but will transition to the GNU Affero General Public License v3.0 (AGPL-3.0) with the upcoming version 3. The AGPL license ensures that any modifications to Zitadel need to be made available to the community. This creates a more reciprocal relationship between Zitadel and organizations that leverage and build upon our platform. It protects the open nature of our project while encouraging contributions back to the community.

For most of Zitadel’s community, this change will have minimal impact:

* **For end-users**: If you are only using Zitadel as an identity platform, the license change doesn't affect you.
* **For contributors**: Your future contributions will be licensed under AGPL-3.0 and we will introduce a contributor license agreement (CLA).
* **For service providers**: If you modify Zitadel and provide it as a service to others, you'll need to make your modifications available under the AGPL-3.0 license.
* **For developers**: If you are using our Examples, Libraries, SDKs, APIs, do not worry we will keep those under their existing license.

Our commercial licensing options remain available for organizations that require different terms. Please reach out to us if you have any questions about licensing, we have compiled a detailed [blog post](https://zitadel.com/blog/apache-to-agpl) and an [FAQ](https://zitadel.com/license-faq) for you.

### Operating Model
Self-hosting is easy with either Keycloak and Zitadel. While choosing a platform is important, both solutions have the ability to use custom-built operators for Kubernetes to install and operate the Identity and Access Management (IAM) solution. 

In addition, Zitadel offers the ability to run your instance in the cloud, managed by Zitadel directly. There is a wide range of managed service providers for Keycloak from managed instances to extensions.

If you are evaluating between cloud or self-hosting options, we recently wrote a blog post laying out the pros and cons of the [self-hosting and cloud approaches](https://zitadel.com/blog/cloud-or-selfhosted).

### Pricing
With open source as a driving force for Keycloak and Zitadel, the code is freely available on GitHub. However in the case of Keycloak, the community is the only contributor to their product ecosystem. Red Hat does offer a paid service “Red Hat Single Sign-On” leveraging Keycloak. 

Zitadel’s pricing model is tailored to your organization’s needs, focusing on three core elements: Support Level Agreements (SLA), Daily Active Users (DAUs), and Technical Account Management (TAM). We include essential features such as multifactor authentication and passkeys at no additional cost, and we don’t charge based on the total number of users stored in your system.

### Project Structure
Zitadel has a unique way to group clients that belong to the same security context into what we call “Project”. Projects help users bundle together clients, for example a web-application and a mobile-application, that share the same authorization mechanics. This ensures developers see consistent results across all clients without needing to manually configure audience scopes. The project allows you to delegate the access control and permission management to a third party. More details on how our “project grants” work [are here](https://zitadel.com/docs/apis/resources/mgmt/project-grants).

Keycloak historically has used a tenancy model that was constructed around the idea of realms as means of separation of concern for close to all resources, including users, clients, roles, policies and so on. In the summer of 2024, Keycloak announced a change in their project structure with the addition of [Organizations](https://www.keycloak.org/2024/06/announcement-keycloak-organizations). This enables support for multi-tenancy through the Organization management model and its inherent members.

### Self-service
Keycloak and Zitadel both offer extensive self-service capabilities including user profile management, access control delegation, and the ability for business customers to configure their own identity providers.

### Data Residency
Both Zitadel and Keycloak empower organizations with data residency through their self hosted solutions. With Zitadel, enterprise customers choose self-hosted deployments to maintain maximum control over their infrastructure and data governance. 

For strict data residency requirements, Zitadel supports regional cloud hosting and self-hosted deployments, giving organizations complete control over their data location and security protocols. Zitadel offers flexible data residency options with hosting regions in the United States, Europe, Switzerland, or Australia. Keycloak also has unaffiliated third parties that offer cloud hosting for prospective customers.

### Location Of Incorporation
Keycloak is a CNCF steered project which is not incorporated per se. They rely on their distributed developer community to maintain and drive their open source project forward. With headquarters in the United States and a principal office in Switzerland, Zitadel provides flexible contracting options through its dual-entity structure. Organizations serving European Union customers can contract through Zitadel's Swiss entity, leveraging Switzerland's data protection adequacy status granted by the European Commission. This simplifies EU data transfer compliance compared to the more complex requirements for US-based providers.

### Extensibility
Keycloak’s extensibility relies on Service Provider Interfaces (SPI) to fill customers' technical needs; otherwise custom code becomes a necessity.  This creates the risk of maintaining and upgrading Keycloak's environment.

Zitadel’s event-driven architecture enables organizations to customize workflows by responding to any authentication or audit event. The Zitadel platform’s [Session API](https://zitadel.com/docs/apis/v2) and Login Experience features offer extensive customization options for both functionality and branding to align with your organization’s requirements. As a fast-growing open-source company, Zitadel rapidly incorporates customer feedback through strategic partnerships and contributions on GitHub.

![](https://cdn.sanity.io/images/y3uu7rkl/production/e49d52a11a0387798a318d1eabcaf8d2d25adea4-1024x768.png)

## What’s Next for Zitadel: Development Priorities for 2025
Zitadel maintains a [public product roadmap](https://zitadel.com/roadmap) and operates with full transparency as an open-source platform. It includes significant feature releases planned for platform development and performance optimization in 2025.

* **Performance Optimization**: Comprehensive platform-wide performance enhancements that focus on core authentication service response times, API endpoint optimization across new and existing services, enhanced resource management efficiency, and improved system scalability. 
* **TypeScript Login with OIDC**: A new, highly customizable login interface for our customers, built in with [TypeScript and OpenID Connect](https://zitadel.com/blog/typescript-login) support. Self-hosting customers will soon be able to use the hosted login option with OIDC.
* **User Schema Management**: This feature offers [advanced user profile customization](https://github.com/zitadel/zitadel/issues/8140) enabling granular control over field management permissions between users and administrators. 
* **Configurable Caching System**: Beta release of [flexible caching](https://zitadel.com/docs/self-hosting/manage/cache) infrastructure supporting Redis integration for improved object lookup performance.
*  **SCIM Interoperability**: This is [the implementation](https://github.com/zitadel/zitadel/issues/8140) of System for Cross-domain Identity Management (SCIM) protocol for automated user provisioning, synchronization, and lifecycle management across external systems. 
*  **Actions Framework v2**: This feature offers [enhanced extensibility framework](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=50259306&issue=zitadel%7Czitadel%7C7235) supporting custom triggers and executions through API endpoints for advanced workflow customization. 
*  **User Group Authorization**: The implementation of [user group management](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=48898543&issue=zitadel%7Czitadel%7C5822) capabilities enable efficient authorization management at scale, expanding beyond individual user permissions. 

## Decision Framework: Selecting Zitadel for your Identity Needs
Zitadel is particularly suitable for organizations that prioritize these capabilities:

**Security and Control**:
Your organization requires complete control over infrastructure through self-hosting options, and you need robust data protection measures. Zitadel’s staff publish and fix security issues across the Zitadel ecosystem. Unlike Keycloak which is reliant on the good will of the community members. This presents the opportunity to feel confident in Zitadel's comprehensive audit trails that provide detailed long-term tracking of all authentication and authorization activities.

**Business Architecture**:
Zitadel excels in multi-tenant environments, making it ideal for organizations managing multiple client organizations or separate business units. Zitadel’s B2B-focused approach is designed to handle complex organizational relationships and hierarchies.

**Technology Philosophy**:
If your organization values open-source solutions, Zitadel offers full transparency and the ability to customize the platform to your needs. It is built on cloud-native and serverless principles, making it a natural fit for modern, scalable architectures.

**Community Engagement**:
As an open-source platform, Zitadel welcomes direct contributions from its user community. This means you can actively participate in improving the platform and adapting it to meet emerging needs in identity management.

## Let’s Make Your Identity Management Easier!
Transform your organization’s authentication and access control with Zitadel. Connect with our team to:
* Assess your current identity infrastructure needs
* Design a tailored implementation strategy
* Learn how to scale seamlessly as your organization grows

Book a consultation today to start your journey towards simplified, secure identity management.
<CTA
	label={'Book a Consultation'}
	href={'https://meetings-eu1.hubspot.com/jason-burkhead/zitadel-discovery-call'}
	external={false}
	layout={'primary'}
	noreferrer={false}
	align={'center'}
/>

*Please [share your feedback](mailto:hi@zitadel.com) to ensure this guide remains accurate and valuable for the community. Your insights help us maintain the quality and relevance of our documentation.*



Understanding why Zitadel best fits your organization in comparison to Keycloak will ensure a streamlined deployment and authentication experience for your organization and customers.

Zitadel vs. Keycloak: What makes Zitadel the best Keycloak alternative

Last week marked an incredible milestone for our team and community:
* We announced [Zitadel Version 3](https://zitadel.com/blog/zitadel-v3-announcement) 
* 🎉⭐️Zitadel crossed  10,000 stars on GitHub! 🎉⭐️ 

Achieving 10,000 stars on GitHub is more than just a number to us—it represents the trust, support, and enthusiasm of thousands of developers who believe in our vision for a modern identity platform.

Zitadel is the leading provider of cloud-native identity infrastructure solutions.  Its platform offers a comprehensive suite of tools for multi-tenant, authentication, authorization, and user management.  Designed for scalability, flexibility, and security, Zitadel empowers organizations to protect their cloud infrastructure and applications across the globe. 
### Our Journey to the first 10,000 stars
When we first launched Zitadel as an open-source project, we already embarked on a clear mission: to create a secure, scalable, and developer-friendly identity and access management platform that would simplify authentication and identity management for modern applications especially in multi-tenant scenarios. What began as a small team's passion project has blossomed into a thriving ecosystem of contributors, users, and advocates.
Our journey hasn't always been straightforward. From our initial commit to reaching our first 100 stars took a lot of dedication and persistence and we fully celebrated our first 1,000 stars as a major achievement, never imagining we'd be here today, announcing this new milestone that puts us among the top open-source identity projects globally.

![](https://cdn.sanity.io/images/y3uu7rkl/production/2acac30edb656e48d5734613f9a992662f9750ad-3628x940.png)

### Community Spotlight
None of this would have been possible without our incredible community. From the developer who fixed that critical bug at 2 AM to the companies that have built their entire identity infrastructure on Zitadel, every contribution has mattered for our ongoing success.

![](https://cdn.sanity.io/images/y3uu7rkl/production/4b0ce733f8e6d6f37ad78c9e772ce6e27afe9ecb-2116x1144.png)

-----

*“Zitadel powers our lab initiative by enabling rapid, secure prototyping with its modern, open source identity management platform. Its multi-tenant design and expansive ecosystem make it the ideal partner for testing our next-generation SaaS solutions, positioning itself as a dynamic alternative to traditional giants like Azure Active Directory. Backed by an engaged community and a forward-thinking team, Zitadel not only safeguards our ideas but also accelerates innovation across the board, ensuring that security remains our top priority. There is just no excuses to not using it :-)”
Florent Cenedese, Principal Solution Architect*

*“Zitadel’s domain expertise drives effortless scaling for startups and enterprises. Its event-driven, event-sourced architecture delivers robust scalability, extensibility, reliability, and thorough auditability—supported by a sustainable business model for the free and open source community”
Yordis Prieto, Principal Software Engineer*

-----

### Technical Evolution
Our codebase and architecture has evolved significantly since our initial release.  Our platform has transformed into a highly scalable, cloud-native platform that can handle millions of authentication requests while maintaining sub-100ms response times and we see this proven in customer hosting multiple millions of tenants in Zitadel.

Some of the most impactful technical achievements:
* Transitioning to resources based APIs for easier integration
* Implementing event sourcing as the basis for robust audit trails and event driven integrations with actions
* Updating actions into an extensibility framework that allows customer full control over each http request and event 
* Expanding our protocol support beyond OIDC and OAuth2 to include SAML, WebAuthn, SCIM and LDAP
* Building a comprehensive set of API that developers can even use to build their own login ui

We made all these improvements while maintaining our commitment to security—undergoing regular penetration testing and security audits to ensure we're providing a solution our users can trust with their most sensitive data.
### Lessons Learned
Building an open-source project at this scale has taught us valuable lessons:
* **Documentation matters deeply.** Some of our most appreciated contributions haven't been code but clear, thorough documentation that makes complex identity concepts accessible.
* **Community feedback is gold.** Our best features often came from community suggestions, and our most significant improvements stemmed from user feedback.
* **Balancing innovation with stability is an art.** We've learned to maintain a stable core while allowing for experimentation in new features.
* **Security is never "done."** We've built security into every aspect of our development process, from design to deployment.
* **Open source is about people, not just code.** Building relationships with our contributors and users has been as important as building the product itself.
### Looking Forward
Reaching this milestone matters beyond the satisfaction of seeing a big number on GitHub.  A developer-first, open-source identity solution is the future; it enables enterprises with a choice.  A choice between self-hosted or cloud solution, a choice between open source and commercial offering, and a choice between building and managing a custom-build platform vs. buying one that offers flexibility and control without the burden of engineering efforts.

In the identity space, this achievement puts Zitadel in the top tier of open-source projects—a significant accomplishment for a specialized security tool in a field dominated by much broader infrastructure projects.

While we're taking a moment to celebrate, we're even more excited about what's next in 2025:
* **Performance Optimization:** Comprehensive platform-wide performance enhancements that focus on core authentication service response times, API endpoint optimization across new and existing services, enhanced resource management efficiency, and improved system scalability. 
* **TypeScript Login with OIDC:** A new, highly customizable login interface for our customers, built in with [TypeScript and OpenID Connect](https://zitadel.com/blog/typescript-login) support. Self-hosting customers will soon be able to use the hosted login option with OIDC.
* **User Schema Management:** This feature offers [advanced user profile customization](https://github.com/zitadel/zitadel/issues/8140) enabling granular control over field management permissions between users and administrators. 
* **Configurable Caching System:** Beta release of [flexible caching](https://zitadel.com/docs/self-hosting/manage/cache) infrastructure supporting Redis integration for improved object lookup performance.  
* **SCIM Integration:** This is [the implementation](https://github.com/zitadel/zitadel/issues/8140) of System for Cross-domain Identity Management (SCIM) protocol for automated user provisioning, synchronization, and lifecycle management across external systems. 
* **Actions Framework v2:** This feature offers [enhanced extensibility framework](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=50259306&issue=zitadel%7Czitadel%7C7235) supporting custom triggers and executions through API endpoints for advanced workflow customization. 
* **User Group Authorization:** The implementation of [user group management](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=48898543&issue=zitadel%7Czitadel%7C5822) capabilities enable efficient authorization management at scale, expanding beyond individual user permissions.

Our vision remains consistent: to be the most developer-friendly, secure identity platform that grows with your needs from side project to scale-up.
### Thank You!
This milestone belongs to everyone who has been part of the Zitadel journey:
* Our 54 code contributors who have submitted everything from typo fixes to major feature implementations
* The companies who have sponsored development or provided resources
* The thousands of developers who have chosen Zitadel for their projects
* The investors who continue to support Zitadel’s growth and success 
* Everyone who has reported bugs, suggested improvements, or simply spread the word

### Join Us As We Build the Future of Identity
If you are not yet part of the Zitadel community, there has never been a better time to join:
* [Star us](https://github.com/zitadel/zitadel) on GitHub (if you haven't already!)
* Check out our [documentation](https://docs.zitadel.com/) to get started
* Join our [Discord community](https://zitadel.com/chat) to connect with other users and our team
* [Contribute](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md) to the codebase—we welcome contributions of all sizes
* Join our [upcoming AMA](https://discord.gg/jRA3nhv8?event=1344022255759528027) with our CEO, Florian Dorster, on Discord

![](https://cdn.sanity.io/images/y3uu7rkl/production/494896893ec4af602036b3dae7b88f51050b0f05-800x320.png)

Whether you are building a personal project or enterprise-scale software, we are honored to help secure your applications and manage your users' identities.

Here's to the next 10,000 stars and beyond! 🚀

![](https://cdn.sanity.io/images/y3uu7rkl/production/ceb66bc9ab5d1dbc9bcc6b6183a73dcc2f16ae10-1200x627.png)




Zitadel Identity and Access Management (IAM) platform celebrates the milestone for the open source project reaching 10,000 github stars.

Thank you for 10,000 Stars!

At Zitadel, open source is more than just a development model; it's fundamental to our identity. We firmly believe in the power of community-driven development and the unparalleled innovation that it fosters. Our commitment to open source is unwavering, and as our project experiences significant growth, we are proactively adapting our approach to ensure Zitadel's enduring vibrancy and sustainability.

Today, we are sharing our decision to transition Zitadel to the GNU Affero General Public License (AGPL) 3.0. This decision reflects our dedication to providing a secure and transparent identity management platform while ensuring the project's long-term sustainability.
#### Why Open Source?
We strongly believe that the open source ethos provides significant value through increased transparency and security.  Unlike "security by obscurity," open source allows for inspection and verification.

Inspection allows you to thoroughly examine the code, verify the build pipeline, and ensure that the artifacts running in your environment originate from the authentic source while verification allows you to conduct "open-box" security testing, similar to the approach taken by G.E. ([1](https://github.com/zitadel/zitadel/security/advisories/GHSA-f3gh-529w-v32x), [2](https://github.com/zitadel/zitadel/security/advisories/GHSA-hr5w-cwwq-2v4m), [3](https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr)), without needing to navigate complex hurdles.

To maintain these benefits and ensure Zitadel's continued development, we have chosen AGPL 3.0.  We often describe our philosophy as "Code or Contribution": to build a valuable project for everyone, we need either community contributions of time and effort, or the resources to hire people to invest their time. The AGPL 3.0 license allows us to strike a crucial balance by:
* Protecting our investment: It ensures that those who commercially leverage Zitadel, especially when offering it as a managed service, contribute back to the community by sharing their modifications.
* Encouraging community engagement: It keeps the core of Zitadel free and open source, actively promoting collaboration and innovation within our growing community.
#### Embracing Sustainability Through Reciprocity
Open source thrives when there is a healthy ecosystem of contribution.  After careful consideration, we believe AGPL 3.0 helps us foster this balance by strengthening the commons and supporting community collaboration.

Strengthening the commons ensures that improvements to Zitadel—especially when offered as a service, flow back to the community, and enriches the ecosystem for everyone.  And supporting community collaboration ensures that Zitadel remains free and open source, continuing to foster the collaborative spirit that has driven our growth.

We see this as embodying the spirit of "Code or Contribution"—recognizing that a healthy open source ecosystem needs either code contributions or support that enables us to sustain development.
#### What is Changing?
Core (our backend), Console, and the Hosted-Login are moving to AGPL 3.0

Proto Service Definitions, APIs, and SDKs remain under Apache 2.0 to avoid virality concerns

Examples, Docs, Helm-chart, Terraform remain under Apache 2.0, with documentation potentially moving to CC-BY-SA4

Contributor License Agreement (CLA): We will implement a CLA to ensure legal clarity.
#### What Remains the Same: Enhanced Security and Transparency
The value you receive from Zitadel remains the same: a secure and transparent product. 

With open source and the AGPL 3.0, you will continue to benefit from:
* **Enhanced Security:** Open source fosters a community-driven approach to identifying and addressing potential vulnerabilities. You aren't relying on "security by obscurity" but on the power of collaborative scrutiny. You can inspect the code, the pipeline, and verify the artifacts.
* **Transparency and Trust:** You have the freedom to inspect the codebase, ensuring that what you deploy is exactly what was built. This transparency builds trust and empowers you to conduct thorough security assessments. You can also do an "open-box" security testing approach without obstacles.
#### Choosing the License
We gave considerable thought to various licensing options before zeroing in on AGPL 3.0.
1. **Apache 2.0:** While this license has served us well and fostered wide adoption, we observed that it sometimes creates an imbalance where commercial use doesn't always lead to reciprocal contribution.
2. **Open Core:** While popular, this approach often creates complex boundaries between open and proprietary features.  Even mature projects like GitLab have faced challenges with this model.
3. **Source-available:** These licenses limit certain freedoms that we believe are important to our mission of providing accessible security tools.
4. **Proprietary:** This would fundamentally conflict with our open source values and community focus.

AGPL 3.0 provides a balanced path forward that preserves the openness we value while encouraging a sustainable ecosystem around Zitadel.
#### Why Now?
2024 has been a remarkable year for Zitadel's growth, both as an open source project and as a solution for organizations of all sizes.  This success brings responsibility—to ensure that Zitadel can continue to evolve and innovate for years to come.

We observed that our current licensing approach sometimes enables using Zitadel's value without corresponding contribution back to its sustainability.  This transition aims to create a balanced relationship that ensures Zitadel's long-term health for everyone's benefit.
#### Understanding AGPL 3.0 in Practice
We want to be clear about how we interpret AGPL 3.0:
* **API usage:** Using Zitadel's APIs without modifying the code doesn't trigger reciprocal requirements.
* **Derivative works:** Creating derivatives using AGPL 3.0 components requires sharing those works under the same license.
* **Distribution:** Sharing unmodified Zitadel is generally permissible.
*Disclaimer: This information is not legal advice. We encourage consulting with your legal counsel for your specific use case.*
#### Commercial Licensing Options
We understand that AGPL 3.0 may not align with every organization's needs.  For those scenarios, we are offering commercial licensing options with additional flexibility, including a free tier.  Please [contact us](mailto:product@zitadel.com) to discuss these alternatives.

We believe this evolution will help Zitadel flourish as a sustainable open-source project, continuing to provide robust and secure identity management solutions that benefit the entire community.
#### The How
We are committed to a thoughtful and transparent transition through clear communication and gradual implementation. 

We will keep our community informed throughout the process with clear and consistent communications.  We will continue to update these [FAQs](https://zitadel.com/license-faq); however, you can also contact us [via email](mailto:product@zitadel.com), on [GitHub](https://github.com/zitadel/zitadel/discussions/9529), or on [Discord](http://zitadel.com/chat) at any time.

With gradual implementation, only new code contributions will use AGPL 3.0 while existing code remains under its original license.

Our goal is to ensure that your questions and concerns are resolved and you have a clear transition path to adopt the license change.
#### Timeline
The license change will take effect with the official release of Zitadel v3.0, scheduled for March 31, 2025.  All previous versions will maintain their original licensing terms.
#### Questions and Support
We will continue to publish and update a Q&A resource during our transition to address common questions about how this might affect different projects and use cases. Please [reach out to us](mailto:product@zitadel.com) with any questions at any time.

I will also be [hosting an AMA (ask me anything) session](https://discord.com/events/927474939156643850/1344022255759528027) on Discord on **March 25 at 15:00 UTC |  08:00 US Pacific** to help answer questions from the community.

We are committed to ensuring Zitadel's long-term sustainability as a leading open-source identity management platform. This license change is a significant step toward that goal, allowing us to continue delivering a secure, transparent, and innovative product.

Zitadel aims to build a sustainable ecosystem and business as it continues to stay committed to open with a license change from Apache 2.0 to AGPL 3.0.

Strengthening Our Open Source Foundation: Moving to AGPL 3.0

## Introduction
As Zitadel continues to evolve, we are excited to announce several significant changes coming with the release of Zitadel v3.  Our team has been working diligently to enhance Zitadel’s sustainability, performance, and developer experience.  

Today, we are sharing three major updates: 
1. Our transition to AGPL 3.0 license
2. A completely streamlined release process
3. Discontinuation of CockroachDB support

All these changes reflect our ongoing commitment to maintaining a robust, open-source identity and access management (IAM) platform while ensuring its long-term sustainability and focusing our resources where they deliver the most value.
### License Change
With Zitadel v3, we are transitioning from Apache 2.0 to the GNU Affero General Public License v3.0 (AGPL-3.0). This decision was not made lightly, but after careful consideration, we believe AGPL better aligns with our vision for Zitadel's future.
#### Why AGPL 3.0?
The AGPL license ensures that any modifications to Zitadel used to provide a service need to be made available to the community.  This creates a more reciprocal relationship between Zitadel and organizations that leverage and build upon our platform.  It protects the open nature of our project while encouraging contributions back to the community.
#### What This Means for You
For most users and contributors, this change will have minimal impact:
* **For end-users:** If you are only using Zitadel as an identity platform, the license change doesn't affect you.
* **For contributors:** Your future  contributions will be licensed under AGPL-3.0 and we will introduce a contributor license agreement (CLA).
* **For service providers:** If you modify Zitadel and provide it as a service to others, you'll need to make your modifications available under the AGPL-3.0 license.
* **For developers:** If you are using our Examples, Libraries, SDKs, APIs, do not worry we will keep those under their existing license.

Our commercial licensing options remain available for organizations that require different terms. Please reach out to us if you have any questions about licensing.

If you have more questions we compiled a detailed [blog post](https://zitadel.com/blog/apache-to-agpl) and an [FAQ](https://zitadel.com/license-faq) for you.

I will also be hosting a Community Office Hours session on [Discord](https://discord.com/events/927474939156643850/1344022255759528027) on **March 25 at 15:00 UTC |  08:00 US Pacific** to help answer questions from the community.

### Release Streamlining
We are excited to announce a completely revamped “fast release” process that will bring new Zitadel features to you more quickly and make updates more manageable for our users.
#### What’s Changing
We are introducing a process that's more agile and responsive to user needs.  Instead of our current approach that can result in larger releases with many changes at once, we are moving to:
* Major releases (v3, v4, etc.) every 3 months
* New minor releases (v3.1.0, v3.2.0, etc.) every 2 weeks
* Patch releases  (v3.0.1, v3.1.1, etc.) whenever needed, particularly for bug fixes
* Release candidates (RC) before each major release that you can test before production
* Creation of a new release branch after each release while approved PRs are merged into the main branch for the next release
* Backward compatibility between minor releases
#### Benefits
These improvements translate to tangible benefits:
* Features are available fast for testing while the release schedule clearly indicates when a version is ready for production deployments
* Opportunity to test release candidates in your environment before production releases
* More predictable planning for your upgrade cycles
* Faster security patches and bug fixes when needed

For organizations using Zitadel in production, this means less operational overhead and more reliable planning for upgrades.

_This process is also detailed in [this GitHub announcement](https://github.com/zitadel/zitadel/discussions/9417) in our repo._
### Discontinuing CockroachDB Support
After careful consideration, we have made the decision to discontinue support for CockroachDB in Zitadel v3 and beyond.

While CockroachDB is an excellent distributed SQL database, supporting multiple database backends has increased our maintenance burden and complicated our testing matrix. By focusing on a single primary database technology, we can:
* Deliver well optimized performance
* Provide more database-specific features
* Simplify our codebase and reduce potential bugs
* Concentrate our resources on core feature development

_This has been detailed in [this GitHub issue](https://github.com/zitadel/zitadel/issues/9414)._
#### Alternatives and Migration Path
Moving forward, Zitadel will standardize on PostgreSQL as our recommended database backend. For existing CockroachDB users, we have prepared a [migration guide](https://zitadel.com/docs/self-hosting/manage/cli/mirror) to help you transition smoothly.  We will provide more detailed instructions specific to the CockroachDB to PostgreSQL migration in our documentation following the release of Zitadel Version 3.
#### Support During Transition
We understand this change may impact your operations. To ease the transition, CockroachDB support will continue in maintenance mode for Zitadel v2.x until September 30, 2025.  Our team is ready to assist with migration questions; please feel free to respond to [this GitHub issue](https://github.com/zitadel/zitadel/issues/9414) or post a question on [Discord](https://zitadel.com/chat).
### What Do These Changes Mean?
#### Immediate Actions
If you're currently using Zitadel, here's what you should do:
1. Review our licensing [FAQ](https://zitadel.com/license-faq) to learn if and how the license change to AGPL 3.0  affects your use case
2. If you are using CockroachDB, start [planning your migration](https://zitadel.com/docs/self-hosting/manage/cli/mirror) to PostgreSQL
3. Test the v3 release candidates in your non-production environments when available
#### Long-term Benefits
These changes, while significant, set the foundation for Zitadel's continued growth and improvement with a more sustainable open-source model, fast and plannable development cycles, improved performance and reliability, and simplified maintenance and upgrades.
#### Looking Forward
Zitadel v3 represents more than just these changes—it is a significant step forward for our platform.  With these foundational improvements in place, we are excited to focus on new capabilities:
* Enhanced developer experience with improved APIs and SDKs
* More advanced authentication options
* Deeper integration capabilities
* Expanded compliance certifications
* Improved performance and scalability

We are also expanding opportunities for community involvement. If you are interested in contributing to Zitadel, now is an [excellent time to get involved](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md)!
### Conclusion
The changes announced today—our move to AGPL-3.0, streamlined release process, and focused database support—represent our commitment to building a sustainable, high-quality identity platform that meets the needs of modern organizations.

We deeply appreciate your support as we continue to evolve Zitadel. Your feedback and contributions have been invaluable in shaping our direction.
For more information about these changes, please visit our documentation, join our community Discord, or reach out to our team directly. We're here to answer your questions and help ensure a smooth transition to Zitadel v3.
Thank you for being part of the Zitadel community!

Have questions or concerns? Join the discussion on [Discord](https://discord.com/channels/927474939156643850/1349516328867729498) or [contact us](mailto:product@zitadel.com) directly.

As Zitadel continues to evolve, the team announced several significant changes coming with the release of Zitadel v3, including a licensing update, streamlined releases, and standardization on PostgreSQL

Zitadel v3: AGPL License, Streamlined Releases, and Platform Updates

When choosing the right authentication provider for your application it can be hard to narrow down one that works not just for your organization internally but also for your customer and partners. Recognizing the diverse needs of a modern identity management system that is both flexible and secure can become an overwhelming task, especially in a market that offers a plethora of alternatives. That’s why it is important to understand the value proposition of the vendor offerings and evaluate how they fit your organizational requirements.

In this article, we will do a quick comparison of the two alternatives - Auth0 by Okta and Zitadel.

# Introduction: Auth0 (by Okta) and Zitadel
## Auth0 by Okta
Auth0 by Okta (referred to as Auth0 in the rest of the article), is a well-reputed Identity and Access Management solution. It historically has had a strong developer focus and supports a variety of use-cases and integrations. Auth0 is a pure SaaS-oriented, closed-source platform. You have the option to get dedicated setups referred to as "private cloud" that reside on popular hyperscalers. The pricing is oriented around tiers and monthly active users with a free tier for small scale developer projects. Auth0 supports the standard integration protocols like OpenID Connect, SAML 2.0 and WS-Fed.
## Zitadel
Zitadel is an API-first identity platform that is built for developers. It offers easier integration into your tech stack to support the authentication, authorization, and self-service needs.  Offered as an open source and a commercial solution, it also provides a long-term audit trail out-of-the-box to ensure the security and compliance posture for your organization. Zitadel is offered in free and cloud subscription tiers, along with a self-hosted version for organizations that require complete data ownership. Zitadel’s comprehensive identity platform supports business-to-business (B2B) use cases including multi-tenancy, identity brokering, multi-factor or passwordless authentication, delegated access management, and in-context audit trail. Zitadel supports the standard integration protocols such as OpenID Connect, SAML 2.0, and OAuth 2.0.
## Core Differences
### Source Code
Auth0 and Zitadel have quite a big difference in regard to their position of publicizing their source code. Auth0 is closed source project and Zitadel is an open source project. Up to version 2, Zitadel leveraged the Apache 2.0 license but will  transition to the GNU Affero General Public License v3.0 (AGPL-3.0) with the upcoming version 3. The AGPL license ensures that any modifications to Zitadel need to be made available to the community. This creates a more reciprocal relationship between Zitadel and organizations that leverage and build upon our platform. It protects the open nature of our project while encouraging contributions back to the community.

For most of Zitadel’s community, this change will have minimal impact:

**For end-users**: If you are only using Zitadel as an identity platform, the license change doesn't affect you.
**For contributors**: Your future contributions will be licensed under AGPL-3.0 and we will introduce a contributor license agreement (CLA).
**For service providers**: If you modify Zitadel and provide it as a service to others, you'll need to make your modifications available under the AGPL-3.0 license.
**For developers**: If you are using our Examples, Libraries, SDKs, APIs, do not worry we will keep those under their existing license.

Our commercial licensing options remain available for organizations that require different terms. Please reach out to us if you have any questions about licensing, we have compiled a detailed [blog post](https://zitadel.com/blog/apache-to-agpl) and an [FAQ](https://zitadel.com/license-faq) for you.
### Operating Model
While Auth0 operates in a SaaS model with the option to get a private cloud system on one of the well-known hyperscalers, Zitadel operates under an [Open SaaS ideology](https://digitalassetmanagementnews.org/features/the-rise-of-open-saas-and-its-implications-for-digital-asset-management/) (SaaS built with OSS). As an open-source solution, Zitadel can be self-hosted, giving organizations complete control over their data and infrastructure. Zitadel also offers the ability to run a dedicated instance or support to our customers who are in need to self host. If you are trying to decide between cloud or self-hosting, we recently wrote a blog post laying out the pros and cons of [self-hosting and a cloud approach](https://zitadel.com/blog/cloud-or-selfhosted). 
### Pricing
Auth0 offers by default a “Monthly Active User” pricing strategy. A common frustration for customers is that Auth0 bases its billing on peak usage rather than actual real-time consumption, which usually results in unanticipated costs. This, in combination with the need to pay extra for security features like multi-factor authentication makes it a costlier option. The user-based pricing offers an easier starting point but the fact that critical security features are only available in higher tiers hides the true cost for production-ready scenarios.

Zitadel’s pricing model is tailored to your organization’s needs, focusing on three core elements: Support Level Agreements (SLA), Daily Active Users (DAUs), and Technical Account Management (TAM). We include essential features such as multifactor authentication and passkeys at no additional cost, and we don’t charge based on the total number of users stored in your system. 
### Project Structure
Zitadel has a unique way to group clients that belong to the same security context into what we call “Project”. Projects help users bundle together clients, for example a web-application and a mobile-application, that share the same authorization mechanics. This ensures developers see consistent results across all clients without needing to manually configure audience scopes. The project allows you to delegate the access control and permission management to a third party. More details on how our “project grants” work [are here](https://zitadel.com/docs/apis/resources/mgmt/project-grants). 

Auth0 currently lacks functionality to manage applications as a cohesive group.
### Self Service
While Auth0 provides authentication interfaces for sign-up, login and password reset, it lacks broader self-service capabilities such as user profile page or ability to manage users as business partners. In contrast, Zitadel offers comprehensive  self-service capabilities including user profile management, access control delegation, and the ability for business customers to configure their own identity providers.
### Data Residency
When creating an Auth0 tenant, you must select one of four geographic regions for data storage:  US, Europe, Japan, or Australia. Auth0’s region selection is not easily modifiable after initial setup, and this single-region architecture may increase latency for customers accessing services from other geographic regions.

Zitadel offers flexible data residency options with hosting regions the United States, Europe, Switzerland, or Australia. Organizations can deploy multiple instances across different regions to optimize global coverage. For strict data residency requirements, Zitadel supports regional cloud hosting and self-hosted deployments, giving organizations complete control over their data location and security protocols. Many of our enterprise customers choose self-hosted deployments to maintain maximum control over their infrastructure and data governance. 
### Location of Incorporation
Auth0, incorporated in the United States, was acquired in 2021 by Okta which is also incorporated in the United States. With headquarters in the United States and a principal office in Switzerland, Zitadel provides flexible contracting options through its dual-entity structure. Organizations serving European Union customers can contract through Zitadel's Swiss entity, leveraging Switzerland's data protection adequacy status granted by the European Commission. This simplifies EU data transfer compliance compared to the more complex requirements for US-based providers.
### Extensibility
Zitadel and Auth0 both have Actions to support extensibility through debugging and logging capabilities. Zitadel’s event-driven architecture enables organizations to customize workflows by responding to any authentication or audit event. The Zitadel platform’s Session API and Login Experience features offer extensive customization options for both functionality and branding to align with your organization’s requirements. As a fast-growing open-source company, Zitadel rapidly incorporates customer feedback through strategic partnerships and contributions on GitHub.
![](https://cdn.sanity.io/images/y3uu7rkl/production/e912fbcd18d080b3749cc3646171bdb1e8714f55-1024x768.png)

## What’s Next for Zitadel: Development Priorities for 2025
Zitadel maintains a [public product roadmap](https://zitadel.com/roadmap) and operates with full transparency as an open-source platform. It includes significant feature releases planned for platform development and performance optimization in 2025.  
### Performance Optimization:
Comprehensive platform-wide performance enhancements that focus on core authentication service response times, API endpoint optimization across new and existing services, enhanced resource management efficiency, and improved system scalability. 
### TypeScript Login with OIDC: 
A new, highly customizable login interface for our customers, built in with [TypeScript and OpenID Connect](https://zitadel.com/blog/typescript-login) support. Self-hosting customers will soon be able to use the hosted login option with OIDC.
### User Schema Management: 
This feature offers [advanced user profile customization](https://zitadel.com/blog/end-of-year-product-wrap-up#:~:text=informed%20through%20our-,GitHub%20Product%20Roadmap%20Epic,-.) enabling granular control over field management permissions between users and administrators. 
### Configurable Caching System: 
Beta release of [flexible caching infrastructure](https://zitadel.com/docs/self-hosting/manage/cache) supporting Redis integration for improved object lookup performance.  
### SCIM Integration: 
This is the [implementation](https://github.com/zitadel/zitadel/issues/8140) of System for Cross-domain Identity Management (SCIM) protocol for automated user provisioning, synchronization, and lifecycle management across external systems. 
### Actions Framework v2: 
This [feature](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=50259306&issue=zitadel%7Czitadel%7C7235) offers enhanced extensibility framework supporting custom triggers and executions through API endpoints for advanced workflow customization. 
### User Group Authorization: 
The implementation of [user group management](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=48898543&issue=zitadel%7Czitadel%7C5822) capabilities enable efficient authorization management at scale, expanding beyond individual user permissions. 
## Decision Framework: 
Zitadel is particularly suitable for organizations that prioritize these capabilities:
### Security and Control:
Your organization requires complete control over infrastructure through self-hosting options, and you need robust data protection measures. Zitadel’s comprehensive audit trails provide detailed long-term tracking of all authentication and authorization activities.

### Business Architecture:
Zitadel excels in multi-tenant environments, making it ideal for organizations managing multiple client organizations or separate business units. Zitadel’s B2B-focused approach is designed to handle complex organizational relationships and hierarchies.

### Technology Philosophy:
If your organization values open-source solutions, Zitadel offers full transparency and the ability to customize the platform to your needs. It is built on cloud-native and serverless principles, making it a natural fit for modern, scalable architectures.

### Community Engagement:
As an open-source platform, Zitadel welcomes direct contributions from its user community. This means you can actively participate in improving the platform and adapting it to meet emerging needs in identity management.
## Take Control of your Identity Infrastructure
Transform your organization’s identity, authentication, and access control with Zitadel.  Connect with our team to:
* Assess your current identity infrastructure needs
* Design a tailored implementation strategy
* Learn how to scale seamlessly as your organization grows

Book a consultation today to start your journey towards simplified, secure identity management.
<CTA
	label={'Book a Consultation'}
	href={'https://meetings-eu1.hubspot.com/jason-burkhead/zitadel-discovery-call'}
	external={false}
	layout={'primary'}
	noreferrer={false}
	align={'center'}
/>

Please [share your feedback](mailto:hi@zitadel.com) to ensure this guide remains accurate and valuable for the community. Your insights help us maintain the quality and relevance of our documentation.



Understanding why Zitadel is the best Auth0 (by Okta) alternative and how it best fits your organization in comparison to Auth0 will ensure a streamlined deployment and authentication experience for your organization and customers.

Zitadel vs Auth0: The Definitive Comparison for Enterprise Identity Infrastructure


At Zitadel every customer is granted their own virtual instance with unlimited identities that allows them to fully configure their instance to their needs. This includes choosing a deployment option which is most suitable for the unique needs, security requirements, budget, and resources of each individual organization.

Unlike most Identity and Access Management (IAM) offerings available today (such as Auth0 by Okta, Keycloak, etc.) Zitadel officially offers flexible deployment options – to deploy in Zitadel Cloud or to self-host in your preferred location. In this article, we will discuss our Cloud and self-hosted options to help you find the right solution for your project or business.

## Convenience and Speed-to-Market: Zitadel Cloud

### Pros:

Our public cloud option is ideal for any user who is intrigued by the idea of a hosted deployment model that is ready-to-use the moment you obtain it. Unlike the self-hosted alternative, Zitadel Cloud is pre-configured and automated, saving you the time and money spent on implementing, managing, and maintaining your platform. A virtual instance will automatically upgrade with new product improvements and security fixes without your intervention.

You also do not have to worry about expanding your infrastructure when your service gains new customers or sees usage spikes. Zitadel Cloud can help scale and handle resource allocation for you. A notable benefit also lies in the possibility of choosing a region that works best for your project to stay close to your users. The Zitadel platform is built to manage traffic from a global audience or constrain data to only a certain location, depending on your organization's needs. Both scenarios are possible through Zitadel Cloud, while we optimize and guarantee low latencies and high availability.

With the Zitadel Cloud, you also benefit from the operational security aspects, such as Distributed Denial of Service (DDoS) attack protection and automated certificate management. Zitadel is an open source platform and has the same open source releases available to both our cloud and self hosted environments. We take security seriously and go above-and-beyond so we take pride in publishing the results of our [penetration tests](https://zitadel.com/blog/pentest-results-h1-2021) done by external auditors, as soon as we mitigate issues.

As a “cherry on top”, we offer a true pay-as-you-go subscription method to keep the total cost of ownership (TCO) affordable to even strict budgets.

### Cons:

There are certain weaknesses relying on a Cloud deployment, which are easily outweighed by the convenience of a pay-as-you-go subscription for most customers. While most customers are satisfied with our infrastructure in terms of cloud provider and data location options, some want to choose their own infrastructure providers or data location. In this case self-hosting is the best option (we also partner with managed service providers in some areas if a dedicated instance of Zitadel is the preferred option). Both options are also viable in case a customer requires more flexibility of upgrade cycles or backup frequencies.

A common weakness in today's software is supply chain risk, where our open source model provides extraordinary transparency of code, dependencies, and processes, yet a customer relies on the quality of our technical and organizational measures to manage information security. We are continuously improving our information security and are ISO27001 certified. If your organization requires complete control over the technical and organizational measures, you should choose to self-host Zitadel.

Another challenge in a Cloud deployment lies in its less flexible options out of the box. While companies mostly offer a wide variety of templates to choose from, their number can't compete with the infinite customization possibilities that come with building your own platform. We do not recommend building your own identity management system, rather we promote our platform approach where customers can easily extend functionality of the platform by loosely coupling new components. This is supported by [Zitadel’s API-first approach](https://zitadel.com/docs/apis/introduction), SDK's in [various languages](https://zitadel.com/docs/sdk-examples/introduction), and programmatic extensibility through [Zitadel Actions](https://zitadel.com/docs/guides/manage/console/actions).

The summed-up benefits of Zitadel Cloud include:

- Receive a pre-configured and implemented platform – no need to bother with updates, backups, maintenance, and troubleshooting
- Operational security provided
- Automated backups and updates
- Availability guarantees and automatic scaling
- “Pay as you go” model with low total cost of ownership
- Choose the region that works best for you
- Technical support from the creators - we are here to help

## Complete Control: Self-hosted

### Pros:

Unlike Zitadel Cloud, the self-hosted version is hosted by you on your infrastructure. In the case of Zitadel, companies or individuals can deploy Zitadel on their preferred cloud provider or install it as an on-premise solution; Both of these options allow our customers to take full control over all aspects, instead of having to rely on our infrastructure and our technical and organizational processes. Zitadel is based on cloud-native principles and is designed to be deployed as containers, which makes it straightforward to run and operate on almost any platform.

Self-hosting is a great choice if you have the resources to set up and host your own Zitadel instances on custom infrastructure with your company's needs in mind. If implemented correctly, the features of a self-hosted platform even have the potential to surpass the security possibilities of Zitadel Cloud, making it an ideal alternative for firms working with sensitive data.

The key benefits of self-hosting include:

- Manage your platform with full control in your own cloud or hardware
- Be in control of your technical and organizational measures
- Fully customizable platform
- Self-hosting organizations can get commercial technical support with an SLA
- Highest possible security, if implemented accordingly

### Cons:

The setup cost and maintenance are often downsides of self-hosting, we recommend choosing this solution if your company already possesses internal resources to handle the hosting and is ready to pay the investment and upkeep. While we at Zitadel are happy to help with any issues, “support” still needs to be considered especially around the technical aspects of self-hosting. The responsibility of adequately hosting the platform lies solely in the hands of the company.

We also tend to discourage self-hosting your identity platform without an in-depth IT-knowledge. As the security measures must be manually installed and maintained, mistakes in the implementation can potentially lead to inadequate protection from intruders.

<figure>
  <img
    src="/blog/2025-02-04-zitadelcloudvsselfhosting.png"
    width="100%"
    alt="Figure 1: Benefits of Zitadel Cloud vs. Zitadel Self-Hosted"
  />
</figure>

## Which option to choose?

While both deployment options have their respective advantages, the self-hosted alternative will most likely benefit companies that aim to fulfill some very specific requirements or compliance goals. If your organization lacks internal staff with in-depth IT knowledge, the serious dangers of faulty implementation are not worth risking. The advantages of Zitadel Cloud outweigh those of self-hosted options for most organizations and are therefore generally the recommended path to take. For easier decision-making, we created this simplistic chart as a guide:

<figure>
  <img
    src="/blog/2025-02-04-cloudselfhostdecisionchart.png"
    width="100%"
    alt="Figure 2:  Handy Reference Chart to Decide if Zitadel Cloud or Zitadel Self-Hosted is the Right Choice"
  />
</figure>

Whether you choose to use Zitadel Cloud or host Zitadel yourself, Zitadel ensures the best possible deployment experience with its flexible pricing options, comprehensive set of features, guaranteed high security, and unlimited identities for all options. In the future, you can also decide to migrate from Zitadel Cloud to hosting it yourself.

Should you have questions regarding Zitadel Cloud, self-hosting, or any other related (or unrelated) topics, feel free to contact us anytime on our Zitadel [Discord Server](https://zitadel.com/chat), our [Bluesky](https://bsky.app/profile/zitadel.bsky.social), [Twitter](https://twitter.com/zitadel), [Linkedin](https://www.linkedin.com/company/zitadel/) or [GitHub](https://github.com/zitadel/zitadel) pages, or on our [Website](https://zitadel.com/contact).

As you find the project helpful, please be sure to [give us a star over on GitHub](https://github.com/zitadel/zitadel/stargazers).


A blog post detailing the use cases that best suit a self-hosted vs. cloud model for an IAM Platform while demonstrating the flexibility offered by Zitadel

Zitadel Self-Hosted vs. Cloud: Making the Right Choice


We've developed a new TypeScript-based login system to streamline the authentication process for our customers. This solution offers a **flexible**, **customizable**, and **self-hostable** login experience.

By providing a ready-to-use login solution, we aim to reduce development time and effort for our customers. The open-source nature of the project allows for easy customization and adaptation to specific business needs.

Our immediate goal is to enable customers to self-host the login system. In the future, we plan to fully integrate this new login system into our cloud offering, providing a more robust and secure authentication experience. We plan to initiate the first cloud integration by the end of February. New customers will be automatically provisioned with the new cloud-based login. Existing customers will have the flexibility to migrate their entire instance or individual applications at their preferred time.

The new TypeScript login system offers several key improvements:

- **Leverages Modern Technology**: By utilizing our newly developed [session APIs](https://zitadel.com/docs/apis/resources/session_service_v2), we've significantly enhanced the security and performance of the authentication process.
- **Enhanced Features**: The system introduces new features such as user invitation flows and passkey-only authentication, providing greater flexibility and convenience for our users.
- **Improved Developer Experience**: The use of TypeScript, a widely adopted language in frontend development, makes the codebase more accessible and easier to contribute to. This encourages community involvement and fosters rapid development.

## Current State

Our primary goal for the TypeScript login system is to fully replace the existing login functionality within the current Zitadel version, which is shipped with Zitadel default. This will allow us to leverage the benefits of the new system, including its modular architecture and enhanced security features.

To achieve this, we are actively working on implementing the core features currently available in Zitadel, such as:

- **Authentication Methods**:
  - Username and Password
  - Passkeys
  - Multi-Factor Authentication (MFA)
  - External Identity Providers (OIDC, SAML, etc.)
- **OpenID Connect (OIDC) Compliance**: Adherence to the OIDC standard for seamless integration with various identity providers.
- **Customization**:
  - Branding options to match your organization's identity.
  - Flexible configuration settings to tailor the login experience.

The full feature list can be found [here](https://github.com/zitadel/typescript?tab=readme-ov-file#features-list).

As we continue to develop the TypeScript login system, we will provide regular updates on its progress and new capabilities.

<figure>
  <img
    src="/blog/2025-01-21-typescript-login-01.png"
    width="100%"
    alt="Login UI with authentication method loginname, Apple, Google OIDC, Google and GitLab"
  />
</figure>

## Limitations

For the first release we have excluded the following features:

- SAML 2.0 ([IdP](https://zitadel.com/docs/apis/saml/endpoints) & [SP](https://zitadel.com/docs/guides/integrate/identity-providers/mocksaml))
- [Generic JWT IDP](https://zitadel.com/docs/guides/integrate/identity-providers/jwt_idp)
- [LDAP IDP](https://zitadel.com/docs/guides/integrate/identity-providers/ldap)
- [Device Authorization Grants](https://zitadel.com/docs/guides/integrate/login/oidc/device-authorization)
- Timebased features
  - [Lockout Settings](https://zitadel.com/docs/guides/manage/console/default-settings#lockout)
  - [Password Expiry Settings](https://zitadel.com/docs/guides/manage/console/default-settings#password-expiry)
  - [Login Settings - Multifactor init prompt](https://zitadel.com/docs/guides/manage/console/default-settings#login-behavior-and-access)
  - [Force MFA on external authenticated users](https://zitadel.com/docs/guides/manage/console/default-settings#login-behavior-and-access)
- [Passkey](https://zitadel.com/docs/guides/manage/console/default-settings#passwordless)/[U2F Setup](https://zitadel.com/docs/guides/manage/console/default-settings#multifactor-mfa)
  As passkey and u2f is bound to a domain, it is important to notice, that setting up the authentication possibility in the ZITADEL management console (Self-service), will not work if the login runs on a different domain
- [Custom Login Texts](https://zitadel.com/docs/guides/manage/console/default-settings#login-interface-texts) configurations are not used in the typescript login, if you want to customize them, fork the repository and change the texts to you liking

## Beta Testing

The TypeScript login system is currently in the beta testing phase. Your feedback is highly valuable in helping us refine and improve this new solution.

At your convenience please open any issues faced on our [Typescript Login GitHub repository](https://github.com/zitadel/typescript) to report bugs or suggest enhancements while more general feedback can be shared directly to the [corresponding discord thread](https://discord.com/channels/927474939156643850/1329100936127320175/threads/1329827099606782093).
Your contributions will play a crucial role in shaping the future of our login system.
Thank you for your support!

### Steps to start testing

The simplest way to deploy the new login for yourself is by using the [“Deploy” button in our repository](https://github.com/zitadel/typescript?tab=readme-ov-file#deploy-to-vercel) to deploy the login directly to your Vercel.

1. [Create a service user (ZITADEL_SERVICE_USER_ID) with a PAT](https://zitadel.com/docs/guides/integrate/service-users/personal-access-token#create-a-service-user-with-a-pat) in your instance
2. Give the user IAM_LOGIN_CLIENT Permissions in the default settings (YOUR_DOMAIN/ui/console/instance?id=organizations)
   [https://zitadel.com/docs/guides/manage/console/managers](https://zitadel.com/docs/guides/manage/console/managers)
3. Deploy login to Vercel: You can do so, be directly clicking the “Deploy” button at the bottom of the readme in our [repository](https://github.com/zitadel/typescript)
   <figure>
     <img src="/blog/2025-01-21-typescript-login-02.png" width="100%" alt="Deploy to vercel button" />
   </figure>
4. If you have used the deploy button in the steps before, you will automatically be asked for this step. Enter the environment variables in Vercel
   - ZITADEL_SERVICE_USER_ID
   - PAT
   - ZITADEL_API_URL (Example: https://my-domain.zitadel.cloud, no trailing slash)
5. Add the domain where your login UI is hosted to the [trusted domains](https://zitadel.com/docs/apis/resources/admin/admin-service-add-instance-trusted-domain) in ZITADEL (Example: my-new-zitadel-login.vercel.app)
6. Use the new login in your application. To implement the new login, choose one of the following options:
   1. Enable the new login in your application configuration: Add the URL of your new login UI to your application’s settings. Zitadel will automatically redirect users to the new login if they attempt to use the old one.
   2. Enable the loginV2 feature on the instance:Activate the LoginV2 feature in your Zitadel instance and specify the URL of your new login. This will apply the new login for all applications configured under your Zitadel instance. Example: https://my-new-zitadel-login.vercel.app. More details: [Zitadel Documentation](https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features)
   3. Update the issuer URL in your application configuration: Change the issuer domain in your application configuration to match the new login domain.

For more information read our [Login V2 documentation](https://zitadel.com/docs/guides/integrate/login/hosted-login#hosted-login-version-2-beta)

## Important Notes

- **User Creation**: The new TypeScript login utilizes the Session and User V2 APIs. Note that the User V2 API introduces some changes compared to the V1 API. Ensure you create users using the new V2 API to maintain compatibility.
- **External Identity Providers (IDPs)**: To enable login with external identity providers, such as Google or Apple, follow our existing setup guides. Ensure that you use the following redirect URL: $YOUR-DOMAIN/idps/callback.
- **Passkey/U2F Authentication**: These authentication methods are domain-bound. Since your new login operates on a different domain than the previous one, existing passwordless authentication (e.g., fingerprint, Face ID) and U2F methods cannot be reused. Additionally, when managed through the Zitadel console, they will be tied to the old domain. Note: To avoid this issue, consider running the new login on a subdomain of your current instance (e.g., myinstance.zitadel.cloud and login.myinstance.zitadel.cloud).

## Customization / Feature requests

If you have specific customization needs beyond the current capabilities of the Typescript login offering, please follow one of these two options:

1. **Fork the Repository**: By forking the [Typescript Login](https://github.com/zitadel/typescript) repository on GitHub, you can directly modify the source code to implement your desired features. This offers maximum flexibility and control over the login system.
2. **Build Your Own Login UI**: For full customization control, you can leverage our Session API to build your own login interface. This allows you to create a fully tailored experience that aligns perfectly with your application's design and functionality. A detailed guide on how to use the Session API is available [here](https://zitadel.com/docs/guides/integrate/login-ui).

## Future plans

Our roadmap for the TypeScript login includes several exciting developments:

### Short-term Goals

- **Feature Parity**: We will continue to implement the missing features listed above to ensure seamless migration.
- **Multi-tenancy**: We will enable multi-tenancy to support our cloud offering, allowing new users to directly access the new login experience while existing customers can migrate at their own pace.

### Long-term Vision

- **Self-Service Components**: We plan to introduce self-service components for the users like profile management, making it easier for you to integrate these functionalities into your applications without relying on our full-fledged management console.
- **Enhanced Customization**: We will explore options to further customize the appearance of the login page, allowing you to tailor it to your specific branding and design preferences.

By focusing on these areas, we aim to provide a powerful, flexible, and customizable login solution that empowers your applications.

Now it’s your turn. Do you have any suggestions for [improvement](https://github.com/zitadel/typescript/issues/new?template=improvement.yaml) or [bug reports](https://github.com/zitadel/typescript/issues/new?template=bug.yaml)? Explore the [repository](https://github.com/zitadel/typescript) and share your feedback in our [discord thread](https://discord.com/channels/927474939156643850/1329100936127320175/threads/1329827099606782093).


We've developed a new TypeScript-based login system to streamline the authentication process for our customers.

Introducing our New TypeScript Login


As the snow falls outside here in Switzerland creating a winter wonderland, I am filled with pride looking at the past year’s milestones.  Zitadel has grown in such exciting ways — the features that have been deployed, the product roadmap, the collaboration with our vibrant developer community, partnering with customers from every walk of life, and last but not the least, getting incredible support from our investors.  Each person, team, GitHub comment to the pull requests, Discord discussion have shaped the path to where we stand today!  A heartfelt thank-you to everyone involved.   To say I am thrilled about our next growth phase in 2025 is an understatement! 
 
As we near the last few weeks of 2024, I want to take a minute to reflect and review some of the milestones that made this year one of our best yet!

Before I get to it, I wanted to share our upcoming Discord event on the Back-Channel Logout feature.  If you want to see how it can help you manage your user sessions throughout your identity infrastructure, [register and join us in Discord on December 11th](https://discord.gg/bnuAe2RX?event=1308899625041924127) where [Livio Spring](https://www.linkedin.com/in/liviospring/), Engineer and Co-founder, Zitadel, will give a live demo.

## Zitadel in 2024: Highlights 

- We are [proud to announce](/blog/zitadel-the-future-of-identity-infrastructure) our $9 Million Series A  round of funding in collaboration with Nexus Ventures and Floodgate to advance Cloud-Native Identity Infrastructure.

- We achieved our [ISO 27001 certification](/blog/zitadel-iso-27001-certified) further reinforcing our commitment to security through this internationally recognized standard that confirms our dedication to maintaining the highest levels of security for our customers' data. 

- Zitadel has grown to serve over 150 customers this year such as Klaviyo, Open Systems, Vector Solutions,  and Kaspar&!

- [Zitadel’s Discord Community](https://discord.gg/szfmzC2M) has grown by 93% in 2024 from 1,527 to 2,953 members

- [Zitadel’s Github Repository](https://github.com/zitadel/zitadel) continues to make traction with a 57% increase to 9,100+ Github Stars and another 57% increase of individual contributors to 220+ collaborators across all the Zitadel repositories. 

- Continuing to be a remote-first team, we came together twice this year — in [Italy](/blog/team-retreat-bologna) and [Switzerland](/blog/team-retreat-zurich) — for team get-togethers and planning forward as we level up Zitadel’s future!

## Zitadel in 2024: Product

Looking over the past year we released key features that helped customers across the board in the way they manage their identity infrastructure. 

- **Performance Improvements:** We prioritized stability and scalability enhancements in 2024 to set a solid foundation for our Self-Hosted and Cloud customers.  With some of our customers deploying as many as 2.3 million tenants to manage their identity infrastructure, performance is key.  These enhancements include latency, [benchmark testing](/docs/apis/benchmarks), and reliability on services such as token endpoint and new generation APIs like the [improvedPerformance](/docs/apis/resources/feature_service_v2/feature-service-set-instance-features) field.

- **Easier Integrations:** This allows admins to set up an application in their [framework and programming language of choice](/docs/sdk-examples/introduction) quickly.  Zitadel simplifies the process for the admin’s deployment process of client applications by enabling the use of default settings!

- **Using external SAML IdPs:** This enables admins to level up using external identity providers by defining the preferred nameID format and configuring user mapping in Zitadel based on attributes received from the external IdP.  [Learn more](/docs/guides/integrate/identity-providers/mocksaml) about building using external SAML IdPs.

- **Setting up Email Providers:** This was accelerated greatly thanks to our open source community.  This feature makes it easier to configure email delivery even faster within Zitadel through SMTP provider templates.  [These templates](/docs/guides/manage/console/default-settings#smtp) offer pre-defined settings for popular email service providers (ESPs) like Amazon SES, Mailgun, Mailjet, Postmark, Sendgrid, and a Generic SMTP option.

- **Managing OpenID Connect Signing Web Keys:** This became much easier with Zitadel taking the lead to create keys without expiry for each instance.  Now users can create, rotate, and disable signing Keys via API at your discretion as [documented here](/docs/guides/integrate/login/oidc/webkeys).

- **Organizational Metadata:** This allows developers to use the org’s metadata in the [complement token flow](/docs/apis/actions/complement-token) in Actions as well as include a user’s organization metadata into tokens that can be read by receiving applications. 

- **New Password Expiry:** Policies came out in mid-2024 to aid organizations to require users to change their passwords on a routine basis. [This feature](/docs/guides/manage/console/default-settings#password-expiry) can be used quickly through the Console UI at both instance and organization levels. 

- **New Sample Apps:** We prioritized building out sample apps in [VueJS](https://github.com/zitadel/zitadel-vue), [PHP](https://github.com/zitadel/example-symfony-oidc), and [Java](https://github.com/zitadel/zitadel-java) in the beginning of 2024 to make getting started with authentication and authorization easier with these specific examples and guides.

- **Back-Channel Logout:** This is a feature that resides on the server-side and does not require the user agent to be involved. Through [back-channel logout’s](/docs/guides/integrate/login/oidc/logout#back-channel-logout) ability it has the user logged out from all clients in the event that the authenticated session gets terminated. 

- **Four New Translations added to the Zitadel platform** with **Hungarian**, **Indonesian**, **Swedish**, and the latest being **Korean** thanks to the recent addition from our community contributor [Kim JeongHyeon](https://github.com/KimTibber)!

- **New Translations added to Upcoming Typescript Login** to include **German**, **Spanish**, **Italian**, and **English**.  If you’re not seeing the language of your choice, please request or collaborate with us directly on our [GitHub](https://github.com/zitadel/typescript/tree/main/apps/login/locales).

## Zitadel in 2025: Vision

For 2025, we are focusing on three key areas to enhance the Dev and SecOps experience:

- **A Seamless Onboarding Journey:**  Our goal is to make your first integration with Zitadel as smooth as possible.  We are working on intuitive APIs, comprehensive examples and SDKs, flexible user management tailored to your use case, and streamlined deployment and maintenance processes.

- **Enterprise-Grade Performance and Scalability:** We are committed to making Zitadel a highly scalable and performant identity infrastructure.  This includes linear scalability to meet your growing needs, easy upgrades for business continuity, and efficient user management with group administration and standardized provisioning/deprovisioning capabilities.

- **Proactive System Insights:** We empower you with the tools to proactively monitor and manage your Zitadel environment.  This includes seamless integration with your SOC/SIEM systems, real time system health insights, and user analytics to identify potential issues before they impact your customers.

## Zitadel in 2025: Product 

As we look to the future, we’ve got a wide range of exciting new features on the horizon! 

- **Performance Improvements:** This remains a top priority for the team as we continue to strengthen Zitadel’s core authentication capabilities, the platform’s existing & new API endpoints, and resource management across the board. 

- **New Typescript Login including OIDC:** This allows admins to enhance their Zitadel instance with a ready-to-deploy login that is highly customizable.  [Read the GitHub Product Roadmap Epic here](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=50833557&issue=zitadel%7Ctypescript%7C46).

- **User Schemas:** This feature offers flexibility when managing user details from user- and admin- perspective by allowing to define the fields that are allowed to be managed by a user and the ones that are to be managed by admin.  Stay informed through our [GitHub Product Roadmap Epic](https://github.com/zitadel/zitadel/issues/6433).

- **Configurable Cache Options:** This was the last beta feature of 2024 that enables speedy lookup of objects that are often needed by storing them in cache, like Redis.  [Take it for a spin](/docs/self-hosting/manage/cache) before it becomes generally available in 2025 and [share your feedback](https://discord.com/channels/927474939156643850/1309157792292012063/1309158011469692958).

- **SCIM (System for Cross-domain Identity Management):** This is the standard for inbound user-provisioning so other systems can automatically provision and manage users within Zitadel.  This allows creation, update, and deletion of users based on user data changes in the external system and streamlines user management across systems ensuring consistent user states. To dig deeper into this feature, read the [GitHub Product Roadmap Epic here](https://github.com/zitadel/zitadel/issues/8140).

- **Actions v2:**   This feature will allow you to extend Zitadel with custom executions and triggers through API endpoints as you look to make the most out of your Zitadel instance.  Check out the [GitHub Product Roadmap Epic](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=50259306&issue=zitadel%7Czitadel%7C7235) to find out more.

- **User Group Authorizations:** Through this feature Zitadel expands past the managing users individually and now offers groups to enable authorizations as a wider scale for user management. To follow along on this feature delivery in 2025, review the [GitHub Product Roadmap Epic](https://github.com/orgs/zitadel/projects/6/views/1?pane=issue&itemId=48898543&issue=zitadel%7Czitadel%7C5822).

## Community & Feedback Opportunities

As always, we appreciate and welcome your feedback.  It helps us shape our product roadmap and build a robust platform that caters to your needs: 

- If you are interested in a sneak peek at our User Schemas update, and would like to share your feedback, please email [Jim@Zitadel.com](mailto:Jim@Zitadel.com)

- Please share your feedback and experiences with our Community team by [scheduling some time here](https://calendar.app.google/UgTzLndLKKMk7BYp8)

- If you are using Zitadel today, please add yourself to the [Adopters](https://github.com/zitadel/zitadel/blob/main/ADOPTERS.md) list with a short description of your use case by opening a pull request and adding a section describing your usage of Zitadel.

- If you are interested in contributing to Zitadel, please review our [Contributing Guide](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md) to collaborate with us.

Have a look at our great product enhancements of 2024 and what is ahead for 2025.