6 New ways ZITADEL IAM will improve in the year 2022

This post is more than a year old. The contents and recommendations in this blog could be outdated.
  1. 1. More social login options
  2. 2. SAML 2.0 - New protocol alternative
  3. 3. Improvements based on prototype feedbacks
  4. 4. Accessible and exportable Usage Metrics
  5. 5. Your own instance - New customized domain and data location
  6. 6. It will be easier to develop ZITADEL
  7. The takeaway

Ever since we have officially launched our IAM-Platform in May of 2021, we have had the pleasure to serve hundreds of customers, who have put their trust in us. As a company that always strives for innovation in an ever-changing digital world, our biggest goal is to provide our customers with the best possible user-experience and the most value for their money by constantly keeping ZITADEL up-to-date: In this article, we describe 6 great upgrades coming soon to our platform, that help making this goal a reality.

1. More social login options

Whether Google, Microsoft, or Apple ID - Most of us have already used some of our social identities to facilitate sign-ups on third-party applications and websites. This login method not only saves valuable time by not requiring the completion of a registration form, but also spares you the effort of remembering yet another password. This year ZITADEL will strive to heavily expand the number of its Identity Providers, assuring its users a comfortable login via their preferred social identity. Whereas thus far, ZITADEL has exclusively supported OIDC compliant providers, this restriction will soon be completely removed in order to provide a wider range of options.

A list of social identity providers soon available on ZITADEL:

  • Apple ID
  • Microsoft Live
  • Github
  • Gitlab
  • Microsoft Tenants (AzureAD)

… And hopefully many more to come!

2. SAML 2.0 - New protocol alternative

In 2021, ZITADEL officially implemented OpenID Connect (OIDC), a highly accessible authentication protocol, excellently suited for HTML5/JavaScript applications. Despite it being an ideal choice in terms of user-friendliness, scalability, and lightweight handling, as a new protocol, OIDC has yet to evolve in terms of establishing a more complex security system.

To allow our users the choice of a viable alternative, we are planning to additionally introduce the other adopted industry standard for authentication, SAML 2.0 (Security Assertion Markup Language). Like OIDC, SAML allows a service provider to delegate the authentication and authorization of users wishing to access it, to a central authentication server (identity provider). Both standards are utilized in various SSO solutions, however, SAML is universally more trusted in enterprise- and government-scale activities due to its age.

This new, simultaneous access to both protocols will give you more options on which method of authentication you want to use. To enjoy the benefits of both standards to their fullest, you also have the possibility to adopt a hybrid usage: Since the two protocols serve different purposes, the standards can diverge between each of your applications. For instance, while OIDC is the ideal choice for mobile-centered apps, SAML finds its primary implementation in web programs, where complex identity data is required. Whichever features you prioritize; the range of possibilities is wider than ever!

3. Improvements based on prototype feedbacks

The key to ensuring a highly accessible and frictionless user experience is to focus on satisfying the audience. To achieve this goal, it is essential to have the audience test and evaluate the product first-hand: This method is called prototyping. Ideally, every new iteration of the product (or in this case: website) should be reviewed by diverse members of the user-base and optimized accordingly. After all: Evaluating prototypes can spark new ideas for future innovations.

In December of 2021, we invited a group of users (aged 16-44) of varying digital-affinities, to test the registration flow, including the existing 2-Factor-Authentication of ZITADEL. Upon carefully reviewing every feedback, we could identify some common user pain points that are impairing the authorization experience. For this reason, in 2022 we will improve the registration process by implementing the following changes:

  • Ensuring higher accessibility by removing exclusionary language (Technical jargon).
  • Providing support for users with help and information texts.
  • Adding “passwordless” as a registration method - no more passwords needed.
  • Clearing user flow where next actions are clearly highlighted.
  • A new, optimized user interface for the existing management website.
  • Smaller optimizations of buttons and descriptions, minimizing possible confusion.

4. Accessible and exportable Usage Metrics

As a platform working with sensitive data, it is especially important for ZITADEL to be constantly improved to meet tomorrow's increasing standards. With the help of usage metrics, we are able to continuously measure the platform's effectiveness and thus rapidly identify and fix potential inefficiencies. These metrics are not only excellent tools of risk reduction, but also help us improve operational quality, thus keeping ZITADEL sustainable.

In 2022, we will display the most important usage metrics together with useful business metrics in our Console. Such metrics are shown as a sequence of data points over an interval of time, and include:

  • Number of active users
  • Number of successful vs. unsuccessful login attempts
  • Number of new registrations

Additionally we will improve reporting capabilities, thus making data more easily readable and exportable for your administrators. One example of such a report is a list of users for a given organization. With the new reporting capabilities you can add a column showing whether a user has enabled 2FA, filter that column by users who have not yet enabled 2FA and export the values to a structured data format.

5. Your own instance - New customized domain and data location

At ZITADEL, we strongly believe that security features should not cost extra. Accordingly, all our tiers include unlimited IAM resources and all required security features. So far, when you wanted to operate a complete ZITADEL instance, and not only single organizations, our customers had to upgrade from a public cloud service to a dedicated ZITADEL instance or self-host their ZITADEL; therewith only customers of dedicated ZITADEL could enjoy the benefits of complete autonomy over where this system is operated, on which domain it runs, when it should be updated and which default settings should be stored. Whereas this upgrade granted our customers some notable privileges over those potentially constrained by the limitations that come with a shared system, this advantage will no longer be a feature you have to pay for.

In 2022, we will launch an upgrade to every subscription-tier, that gives you the maximum value for your money: Not only will every subscriber, regardless of their tier, be granted a virtual instance, you will now be able fully configure your own instance policies for each of your organizations instead of relying on the ones previously predetermined by ZITADEL.

The benefits of this change include:

  • A domain that's yours only - now you can let users login on subdomain such as login.mycompany.ch
  • Send transactional emails from your own Mail server
  • Choose where your data is stored and processed - whether Switzerland, Europe or global GDPR compliant regions, the location is yours to pick.

In view of these major upgrades that will be made available for every subscription-tier, you might be wondering what further benefits a higher tier could provide. Alongside more customization possibilities, which are already a given, subscribers of our STANDARD and ADVANCED plans will receive dedicated private instance, completely independent from a shared system: Not only will a private instance grant you data isolation from those of other customers, it will also supply more deployment options regarding infrastructure providers (such as Azure, AWS and Scaleway) and a wider selection of data regions.

6. It will be easier to develop ZITADEL

Building a local development environment that mirrors production can be a truly time-consuming workflow. In 2022, we are planning to introduce some significant improvements that should lift some weight off of developers shoulders, by facilitating the overall process; implementing new features will soon be easier than ever!

Following new changes will facilitate the development process:

  • Quickstart will be made possible by executing a single command that will automatically run every asset which was formerly needed to be launched manually (including CockroachDB).
  • The ZITADEL binary will be provided for different operating systems and architectures in addition to container images.
  • By soon making our product roadmap publicly accessible, you will be able to gain an insight into the features we are planning to implement, as well as the ones currently in development.
  • The Documentation will be enhanced with new guides and the decision making will be made public.

The takeaway

As we have entered a new year, we would once again like to thank you for having put your trust in ZITADEL in 2021. Hopefully, we can successfully express our gratitude to our loyal customers by always improving our platform to make it the best it can be. The team is looking forward to another successful year and we hope to hear your opinion on our new changes!

Should you have questions regarding these improvements or any other related (or unrelated) topics, feel free to contact us anytime on our ZITADEL Discord Server. Alternatively, you can reach us on our Twitter (btw. our new handle is just zitadel), Linkedin or Github pages or on our website.

Liked it? Share it!