The idea of projects is to have a vessel for all components who are closely related to each other. Multiple projects can exist within an organization.
All applications within a project share the same roles, grants, and authorizations:
- Applications is your software that initiates the authorization flow. This could be a web app and a mobile app that share the same roles.
- Roles are a means of managing user access rights for a project.
- Authorizations define which users have which roles. Authorizations are also called “user grants”.
- Granted Organizations can manage selected roles for your project on their own.
To learn how to set up a project read this console guide here.
Applications define the different clients, that share the same roles. At the moment we support OIDC and almost every OAuth2 client. We'll be expanding this with SAML shortly. Go to Applications for more details.
To enable another organization to use a project, the organization needs a grant to the project. Only the selected roles will be available to the granted organization.
The granted organization will be able to manage the authorizations of his users for the granted project by himself in his own organization.
More about granted projects: Granted Projects
A role consists of different attributes. Only the key is relevant to the authorization and must therefore be unique. The display name is only to provide a human-readable name if needed. And the group should enable a better handling in ZITADEL console, like give a user all the roles of a specific group. (Not implemented yet)
All applications in a project share the roles. Read more about roles here