Product Newsletter May 2024
This is Max from ZITADEL. As in the previous months, in this update I want to highlight our product updates, and tips and tricks in making your identity infrastructure easier.
Feature highlights
Again in May, we kept the pace high with more than 76 improvements shipped to our self-hosting and cloud users. Let’s go through the key improvements to ZITADEL this month.
Improvements using external SAML IdPs
We understand that many organizations, particularly enterprises, leverage SAML for user federation. In response to your needs, we've made significant steps in enhancing ZITADEL's interoperability with various SAML providers this May.
Previously, ZITADEL relied on a persistent nameID format, requiring external identity providers (IdPs) to consistently return this format for linking users. However, some IdPs utilize transient nameIDs, leading to mismatched user identities.
This update allows you to define the preferred nameID format and configure how ZITADEL maps users based on attributes received from the external IdP. For instance, you can leverage email addresses from the IdP to link users with matching emails in ZITADEL.
While ZITADEL offers pre-configured templates for external IdPs that utilize OpenID Connect, we're considering extending this functionality to SAML providers. We value your feedback – let us know your thoughts on this potential addition!
Should we support SAML provider templates?
Making it easier to manage resources programmatically
While you get all the functionality through a UI, we are api-first and you are able to manage everything through our APIs. Managing ZITADEL resources and configuration programmatically just got simpler with some recent updates.
When you start with a new ZITADEL system, you need a first admin user to login and configure your system. In the past it was only possible to either create a human user or a service user, but not both at the same time. With a recent update creating both a human and service user is now possible, giving you hopefully a much simpler and easier access to configure ZITADEL from the start.
Moreover our terraform provider got significantly updated and improved over the last weeks. Examples are managing organization and user metadata as well as managing SAML and OIDC generic external identity provider templates.
Scaling to multi-million identities
We're excited to announce performance optimizations in ZITADEL to meet the growing needs of our enterprise customers! This update addresses the demands of multi-million identity deployments and aligns with our ongoing commitment to performance improvement. We've focused on enhancing the token endpoint, specifically for new token creation, alongside optimizations for many frequently used ZITADEL APIs. For detailed upgrade guidance, please refer to the technical advisories.
Office hours
Gear up for deeper dives and live engagement! We are excited to announce bi-weekly office hours on our Discord server for our community. These hour-long sessions will offer in-depth explorations of upcoming features, followed by a live Q&A where the ZITADEL team tackles your burning questions.
The first session, held on May 29th, delved into the exciting new version of the Actions feature.
Don't miss out on this chance to connect with the ZITADEL team and stay ahead of the curve! Checkout our meeting schedule for upcoming sessions.
You will become a Pro
ZITADEL Cloud subscription model is changing to a simpler daily active user (DAU) model on July 1st for easier cost allocation and full feature access across instances. This serves as a friendly reminder that accounts not already on our Pro plan will automatically update.
All new subscription plans will include in the base fee 25’000 Daily Active Users in a month, one custom domain, and 3 external identity providers.
Contributors for the win
19 contributions came from our community in May. Thank you for your the continued support and the time you put in to make the project better for everyone.
- yordis helped us bring the typescript repo for our next gen login UI significantly forwards
- Never forget to activate your email service provider with this change from doncicuto
- Also by doncicuto comes a solution to a community request, adding customization options to console navigation buttons
- sujoysb improved the error messages and user feedback for password complexity validations
- calRobert, jayPe69, aurel004, burahimu all helped with our translations, and typos (is our French that bad? Apologies.)
- cr1cr1, exeteres, kleberbaum contributed various improvement to our Charts
- Sign tokens FAPI-compliant with ES256 and PS256 thanks to nannany
- ymarcus93 increased compatibility with certain identity providers and fixed some issues around the library
Additional resources
- Passkeys: A Shattered Dream
- The SaaS Trends Report | Q1 2024 | Vendr - Cybersecurity at the top
- Navigating Session Logouts, Timeouts, and Token Expiry
- Google Online Security Blog: On Fire Drills and Phishing Tests
New Success Story: Achieving 70% Faster B2B Integration in Document Automation at BLP Digital
Thanks for reading,
Max