8 Exciting New Features Coming to ZITADEL in 2023

This post is more than a year old. The contents and recommendations in this blog could be outdated.

Last month, we said goodbye to the old year by reflecting on the many ways ZITADEL improved in 2022. Now that that is all said and done, it is time to take a peek at the horizon.

As a company that always strives for innovation in an ever-changing digital world, our biggest goal is to provide our customers with the best possible user experience and the most value for their money by constantly keeping ZITADEL up to date. This article showcases the most significant features scheduled to launch in the year 2023.

1. Configurable Social/Enterprise Login Templates

After lengthy anticipation, the new social login options for ZITADEL are just around the corner!

Social login, and more generally identity brokering, is an authentication method that utilizes users’ pre-existing social media identities to facilitate sign-ups on third-party platforms. This popular alternative for the standard username-password login does not require completing a registration form, thus saving you valuable time and the hassle of remembering yet another password.

Whereas thus far, ZITADEL has exclusively supported OIDC-compliant identity providers, this restriction will soon be completely removed to provide a wider range of options - ensuring that both you and your customers can seamlessly log in using your preferred social media profiles.

Our new identity providers include:

  • Google
  • Github
  • Gitlab
  • and Azure AD

2. Fully customizable Login UI

Ever since the launch of the platform, ZITADEL has enabled businesses to seamlessly authenticate their users with a customizable hosted login and registration page: a fixed authentication endpoint that is secure by default. Whereas so far, you have had the option to disable the hosted registration page and build your onboarding process from scratch, a custom login API was not yet implemented. While the hosted login page offers various personalization options for branding purposes - such as colors, logo, and typography – the range of potential alterations is ultimately limited. 

Within the course of 2023, we would like to give businesses with specific needs the option to replace the default hosted login page and build their own login User Interface (UI). While this alternative will completely lift the limitation on the scope of aesthetic personalization, the core functionality of the custom login UI will remain unchanged to satisfy the highest security standards.

3. New Event Audit Log – Filters and Threat Detection

Thousands of modifications are performed on ZITADEL instances every minute, ranging from minor adjustments like adding a user nickname to prominent ones like an improved password policy. Every crucial information about these so-called “events” is collected and stored in a log - including the event’s date, description, and the user who initiated it.

With the introduction of the new ZITADEL event audit log, every action and modification performed on an organization will be accessible and reviewable directly in the console or via our APIs. Users may utilize a variety of filters to quickly and efficiently sort and find specific events. Having this report readily available will not only facilitate general surveillance, but also troubleshooting security investigations, and compliance reporting. Should you detect a suspicious event (such as unauthorized access), the audit log allows you to flag and report it right away.

Furthermore, the log will provide developers the opportunity to create an action using custom code for each possible ZITADEL event, enabling them to construct unique workflows.

4. Client Credentials as JWT & PAT Alternative

In the year 2022, ZITADEL’s service accounts could authenticate by using a JSON Web Token (JWT)-Profile or directly generate a Personal Access Token (PAT) for authorization. While the former method is undoubtedly the more secure path to take, it is not universally supported. As a response, PATs were introduced to authenticate service users that have trouble integrating their accounts with JWT Profile.

Since both of these options come with their respective weaknesses in terms of compatibility and usability, we have decided to implement a 3rd alternative to authenticate service accounts: Client Credential Grant. By using this grant type, clients are enabled to request an access token to retrieve protected resources under their control or those of another resource owner that have been previously arranged with the authorization server.

5. Device Authorization Grant

While obtaining an access token should be quick and simple, authenticating a device that does not have an easy way to enter text can be frustrating at best and impossible at worst.

In the following months, ZITADEL aims to fix this inconvenience by implementing Device Authorization Grant. This extension allows input-constrained devices, such as smart TVs and printers, as well as devices with no browser, to obtain an access token with the help of a secondary device.

6. More ZITADEL Cloud Data Regions

When it comes to data processing, there is no "one size fits all"; different businesses tend to have their main customer base, offices, and headquarters at distinct locations. The country or region where an institution will store and process your organization’s data should be carefully considered to prevent latency problems and possible data loss.

Since the latest version of ZITADEL Cloud launched in 2022, the platform’s SaaS service offers three data regionality options to choose from: Switzerland, Global, and GDPR-compliant regions. To facilitate our customers' decision in choosing the right data center, the latter two options automatically select three housing regions based on the locality of end-users.

While this automation comes as a big help to many, in 2023, we would also like to give users more directly selectable data locations to choose from, such as “Germany”, “Japan” or “Canada”. Which locations are ultimately chosen will rely on both user demand and if they adhere to ZITADEL's privacy standards.

Do you have a data region you would like to suggest? Please feel free to share your ideas on Github or by contacting us directly.

7. Improved Developer Experience

Since documentation is essential for offering additional information about a platform's functionality, ensuring that the guides are coherent and easily comprehensible should be a top priority.

In the following months, ZITADEL is planning a complete rewrite of its documentation that will additionally provide a more efficient way to explore our APIs and more example applications in your language of choice to facilitate your onboarding process.

But documentation is not enough to offer a great experience and have a pre-configured ZITADEL platform that is ready to use within minutes. This year, we are implementing some essential tweaks that will make this onboarding process faster and easier than ever, including:

  • New users will be offered additional assistance with the first relevant steps.
  • Fewer steps will be needed to create a new instance.
  • Relevant settings will be easier to find with the help of an improved console.

 An improved documentation, quickstarts and an easy to understand user interface make it overall faster and easier to use ZITADEL. Not only to get started quickly, but also to make it your own.

8. More Trust

We are happy that our community of open source and ZITADEL Cloud users is thriving and many discussions and questions happen in the open on Github or our Chat. However, there are situations when disclosing some private information is necessary to resolve a problem. So far, our customers have only been able to do so via email. Our goal is to provide a more seamless private and secure support channel to share relevant information directly with our engineers to get help as easily as possible.

Transparency and Support are keystones for us in building trust. This year we want to prove that we are fully committed to safeguarding your data. Not only are we GDPR-compliant, and conduct regular security audits of our platform and publish the results on our website, but we strive to certify our information security standards through an external audit this year. With that, we can provide you with certifications for the highest compliance requirements.

Liked it? Share it!