Skip to main content

Organize applications, services, and roles with projects

The idea of projects is to have a vessel for all components who are closely related to each other. Multiple projects can exist within an organization.

Organization grant

All applications within a project share the same roles, grants, and authorizations:

  • Applications is your software that initiates the authorization flow. This could be a web app and a mobile app that share the same roles.
  • Roles are a means of managing user access rights for a project.
  • Authorizations define which users have which roles. Authorizations are also called “user grants”.
  • Granted Organizations can manage selected roles for your project on their own.

To learn how to set up a project read this console guide here.


Applications define the different clients, that share the same roles. At the moment we support OIDC and almost every OAuth2 client. We'll be expanding this with SAML shortly. Go to Applications for more details.

Granted Organizations

To enable another organization to use a project, the organization needs a grant to the project. Only the selected roles will be available to the granted organization.

The granted organization will be able to manage the authorizations of their users for the granted project by themselves in their organization.

More about granted projects: Granted Projects


A role consists of different attributes. Only the key is relevant to the authorization and must therefore be unique. The display name is only to provide a human-readable name if needed. And the group should enable a better handling in ZITADEL console, like give a user all the roles of a specific group. (Not implemented yet)

All applications in a project share the roles. Read more about roles here

Default Project

When creating a new ZITADEL instance you will find an automatically created project on the first created organization. This default project does represent the ZITADEL project and is used to secure the different apps shipped with ZITADEL. This includes the ZITADEL Management Console and APIs.

We do not recommend changing any settings or using this project for anything else, as this could influence the behavior of ZITADEL.

The default name of the project is "ZITADEL", this might differ on self-hosted instances, when you change the default name.

Default Project