Zitadel's roadmap: building the next iteration in the open

Product Manager
Over the last few years, we've watched our customers grow from simple authentication use cases to serving millions of users, connecting enterprise identity providers, and solving increasingly complex identity challenges.
Along the way, we realised the same platform needs to support a much wider range of identity challenges than it did when Zitadel was first built.
That got us thinking. Instead of asking, "How do we add the next feature?", we started asking, "How do we build a platform that keeps adapting as our customers and their products evolve?"
That's the core idea behind the next iteration of Zitadel. We want our customers to keep building on the same platform as their products evolve - from their first application to enterprise deployments, from human users to machines and AI agents, and from today's identity requirements to the ones they haven't encountered yet.
We want Zitadel to become something you grow with, not something you grow out of.
Community roadmap
We're not going to disappear for a year and come back with a finished platform.
We want to build the next iteration of Zitadel in the open, sharing working concepts, gathering feedback, and iterating alongside our customers.
Each milestone is designed to solve a complete workflow rather than introduce a single feature. The goal is that every preview is something you can install, use, and tell us what works - and what doesn't.
Here's what that journey looks like today:
| Preview | What you'll experience | Highlights |
|---|---|---|
| Get started | Go from an empty directory to working authentication in under a minute. | Authentication without setup · Local-first development · CLI-first developer workflow |
| Make it yours | Authentication becomes part of your application instead of something you configure around it. | Identity without workarounds · User schemas · Composable authentication · Identity as code |
| Enterprise-ready | Scale from your first customer to hundreds without rebuilding your identity setup. | One identity model · Unified settings & policies · Web-scale identity · Regional deployment foundations |
| See identity in action | Understand how identity moves through your system - from login to delegated actions. | Clarity at scale · Identity observability · Audit trail · Identity intelligence |
| AI-native identity | Treat humans, machines and AI agents as first-class identities. | Identity beyond humans · Agent identities · Delegated authority · AI identity lifecycle |
| General availability | Adopt the next iteration of Zitadel in production. | Migration tooling · Production rollout · Cloud & self-hosted |
Each preview builds on the last, introducing a complete workflow rather than a collection of features. Here's a closer look at what each one includes.
Get started
The first few minutes with an identity platform set the tone for everything that follows. Today, getting authentication running usually starts in a dashboard: create a tenant, configure an application, copy credentials into your project, and only then find out whether anything actually works.
Our goal is to make adding authentication feel like any other developer dependency. Start from an empty directory - or an existing application - and have a working login and registration flow running locally in under a minute.
This preview focuses on removing friction from that first experience while keeping the path to production straightforward. Build first, customize later, and only claim your project when you're ready to collaborate or deploy.
Highlights
- Working authentication in under a minute
- Local-first development
- Add auth to new or existing applications
- Claim your project when you're ready
Make it yours
Getting authentication running is only the beginning. The next step is making it feel like part of your application.
One of the most common pieces of feedback we've heard over the years is that Zitadel's identity model is too rigid. Something as simple as removing a field from registration, collecting profile information later, or modelling different kinds of users often requires workarounds that weren't intended when Zitadel was originally designed.
We're rebuilding how identity is modelled in Zitadel. User schemas become the foundation for modelling identity, while new composable login components make authentication feel like part of your application instead of something that lives beside it. As you update your schema, you'll see those changes reflected immediately in your local application, making it much easier to iterate on your identity model before it ever reaches production.
Highlights
- User Schemas
- Composable login components
- Live preview
- Identity as code
Enterprise-ready
Every new enterprise customer brings slightly different identity requirements. One wants Microsoft Entra ID, another Okta. Some require organisation-specific login policies, others different compliance requirements. Before long, what started as a straightforward authentication setup became a growing collection of special cases.
The next iteration of Zitadel is designed to handle that complexity without turning every new customer into another workaround. By building on a simpler, more consistent platform foundation, enterprise identity becomes easier to configure and operate, while laying the foundations for web-scale identity.
Highlights
- One identity model
- Unified configuration
- Built for web-scale identity
- Regional deployment foundations
See identity in action
As identity becomes more distributed, it also becomes harder to understand. A single action might involve a user, an enterprise identity provider, a service, an AI agent, and delegated access - all before anything happens in your application.
Today, answering simple questions like "Who performed this action?", "Who delegated it?", or "Which identity was actually used?" often means stitching together logs from multiple systems.
The next iteration of Zitadel brings that visibility closer to the identity layer itself. Instead of treating authentication, sessions, delegation, and audit as separate pieces, we're building a more complete picture of identity activity across your systems.
Highlights
- Identity observability
- End-to-end identity context
- Audit & activity timeline
- Delegation visibility
AI-native identity
AI agents are becoming another participant in modern identity systems. They authenticate, access APIs, act on behalf of users, and increasingly make decisions independently. Treating them as service accounts or regular users no longer reflects how they're actually used.
The next iteration of Zitadel introduces AI agents as first-class identities. Instead of adapting human authentication models to fit new use cases, we're building identity, delegation, and lifecycle management around the way agents actually operate.
As our customers adopt more AI-powered workflows, the goal is to make agents as understandable, governable, and auditable as any other identity in the system.
Highlights
- Agent identities
- Delegation
- Scoped authority
- Full auditability
Ready for production
The community previews are how we'll build the next iteration of Zitadel together.
As each preview matures, we'll bring those capabilities into production through a gradual rollout, supported by migration tooling, compatibility guidance, and close collaboration with our existing customers. The goal is to make adopting the new platform a natural progression as new capabilities become available.
Just like the previews themselves, this roadmap will continue to evolve. We'll keep sharing progress, gathering feedback, and refining the direction alongside the community building on Zitadel every day.
Highlights
- Production-ready platform
- Incremental migration
- Cloud & self-hosted
- Community-driven evolution
What this means for existing customers
If you're already building on Zitadel today, this roadmap is about evolving the platform alongside you.
The next iteration of Zitadel is designed as an evolution of the platform, not a replacement. While much of our engineering investment is focused on building the next iteration, we're committed to supporting existing customers throughout the transition.
Zitadel V4 will continue to be supported for at least 12 months. During this period, we'll prioritise security updates, critical customer issues, and high-impact improvements while rolling out the next iteration incrementally. We'll also publish support timelines for earlier major versions, together with migration guidance, in the coming months.
Community contributions remain an important part of Zitadel. If you're maintaining a V4 deployment and would like to contribute fixes or improvements, we'll continue reviewing and working with contributors wherever those changes align with the long-term direction of the platform. Before starting a larger contribution, we encourage you to open a GitHub issue first. This helps us validate the approach, share any relevant roadmap context, and ensure the work aligns with the direction of the platform.
As new platform capabilities become available, we'll provide migration tooling and guidance so teams can adopt them incrementally rather than through a disruptive migration. Our goal is to make adoption predictable and low risk, whether you're running Zitadel Cloud or self-hosting your own deployment.
Join the discussion
This roadmap reflects where we're heading today, and we'll keep refining it as we learn from our community.
If you're building on Zitadel, we'd love to hear from you!
- Which preview are you most excited about?
- What identity challenges are you solving today?
- Is there something missing from this roadmap that would make a meaningful difference for your team?
We're looking forward to building the next iteration of Zitadel together!