Announcing Major Changes to Zitadel: License Update, v3 Release, and Future Direction

Read the blog

Features.

ZITADEL as identity experience platform provides all the features for identity management, secure authentication, and access management for your customers, employees, devices or services. Our platform makes it easy to deploy a hosted, multi-factor secured login, offer single sign-on, allow users to bring existing identities, integrate with our APIs, and keep informed with our event-based audit trail.

Delegated Access Management

ZITADEL lets you delegate the access management between organizations.

Image

Delegated access management means you can select a subset of roles for a given project and allow the granted organization to self-manage those roles for their users. Delegation is a highly useful feature for SaaS companies that have some sort of organization as customers, for example a B2B software provider. The SaaS provider wants to delegate the ability to manage access for certain roles of my service to customers or partners.

Multi-tenancy

ZITADEL lets you delegate the access management between organizations. This means you can select a subset of roles for a given project and allow the granted organization.

Self-service

With ZITADEL’s organizations it is possible to let organizations self-manage their users, access rights and even SSO options as well as security policies.

B2B SaaS

Use ZITADEL to built your B2B SaaS solution quickly and focus on your core business logic, instead of dealing with complex identity and access management.

Hosted Login

Easily authenticate your users with a customizable hosted login page.

Welcome back

JD

john@example.com

OR
google logo
Login with Google
microsoft logo
Login with Microsoft
github logo
Sign in with Github

Let us take out the pain of running a secure login and register page for your projects. Use the convenience of a single sign-on (SSO) solution to login with every possible service. ZITADEL enables SSO via standard protocols such as OpenID Connect.

Use your brand

Let your audience recognize your brand with our customization options. These include custom logos, colors, fonts and event texts for the login page and emails as well. You can do this in our management interface without touching any code, and preview your login before deploying to the live version to customers.

Gain control over your users authentication

Let your audience recognize your brand with our customization options. These include custom logos, colors, fonts and event texts for the login page and emails as well. You can do this in our management interface without touching any code, and preview your login before deploying to the live version to customers.

Onboard new users with ease

Register new users with the hosted login page or build your own registration process right into your project. Simply integrate onto our API’s and start building an onboarding process that fits your business needs.

Benefit from security experts

You can sleep well when using our login page. We take all the development and operational security in our hands. You don't need to worry about http headers, content security policies or DDoS mitigation for your login.

Multifactor Authentication

Don't give passwords like

any chance and secure access with multiple factors.

Protecting user accounts with only a password is not secure anymore. Some countries and industries already require companies to enforce strong authentication with a second factor. Our various multifactor authentication methods enable you to better protect users and their data. For an even better user experience and higher security, we recommend using passwordless authentication.

1

Login

John logs in with his username and password.

2

Second Factor

John scans his finger as second factor to complete the login.

Authenticated

John uses all allowed apps without being asked to login in again.

No extra charge

Do you want to improve your security and at the same time improve the usability? Simply use ZITADEL as your solution for secure authentication. We don’t charge you extra for things like multifactor (MFA) and second factor (2FA) authentication capabilities, which should be default in a modern IAM solution

Use your favorite method

Do you want to use your preferred 2FA method? ZITADEL supports a wide array of authentication methods for secure authentication, like OTP (one time password), U2F, or, our recommended method, passwordless authentication with WebAuthN capable devices.

Enforce security with policies

Do you want to tighten security for your organization? Define policies for your organization to control what MFA and 2FA options are available to your users. For example you can create a policy to enforce login with only passworless methods, improving user experience while reducing attack surface for phishing.

Passwordless

Replace passwords with a phishing resistant and convenient authentication with Passkeys.

Instead of typing your password and entering a second factor, ZITADEL requests your fingerprint, security key, or any other WebAuthN compatible authentication method on your device to login. Authentication with Passkeys is based on the open standard FIDO2 and protects users effectively against phishing, thus eliminating a major attack vector of passwords.

Be part of the Passkey future

Users don't have to remember complex passwords, or need to search for a second factor code, greatly improving user experience. Instead they will get to login faster, with a more secure and easier login experience. FIDO2 is backed by leading software providers and developers of consumer devices

No extra charge

As for any other security feature, ZITADEL won't charge you extra money for your passwordless authentication methods, neither for the count of how often you are using them.

Use any device

Passwordless authentication with Passkeys works on all modern devices and browsers, including built-in options like FaceID, TouchID or Windows Hello. With roaming passkeys your users can even login across different devices with a push message

Audit Trail

Security incidents are often detected too late, when log files are already deleted or out of context. Our solution provides you with a builtin audit trail that tracks all changes over an unlimited period of time.

When information is updated, other solutions replace the historic record and track changes in separate logs. Our solution only appends data in an event store, keeping all historic records. This gives you the opportunity to review records way in the past and for us ideal data for advanced threat analytics to keep your users safe.

Max
MaxRegistered
florian
Florianadded Second Factor
fabienne
Fabienneadded Project Grant
silvan
Silvanset Passwordless
Max
MaxRegistered
Stefan
StefanRegistered

Inspect your resources

You can review any changes of all your resources over a long period of time. This includes changes of policies and settings, and any user interaction such as login attempts, replacement of authenticators, or changes to profile data.

Travel back in time

With our unique way of storing data we can show you all of your resources at a given point in time. Inspect how a user looked three months ago compared to now or what roles a project contained in the past.

Identity Brokering

Users can use external identity providers to login to your connected applications.

without ZITADELwith ZITADEL
without ZITADEL light

Integrating multiple Identity Providers directly within your applications is complex to maintain, costs time to setup, and hinders single-sign-on of users - simply, it does not scale. As identity broker, ZITADEL acts as trusted intermediary service connecting your projects with different identity providers. A user can self-manage identity brokering and link multiple external identity providers to his identity.

Let customers reuse existing identities

Enable your customers, employees, or business partners to user their existing identities and identity providers with your application.

Social and Government IDs

Allow your customers to reuse their social or government identities to register or login with your application.

Enterprise IDs

Enable customers to self-manage their organization's federation setup. Our management interface provides a unique self-service option for your business customers requiring federation with systems like, Keycloak, Auth0, AzureAD.

Rely on a robust trust anchor

Integrate with ZITADEL using well established protocols like OpenID Connect and OAuth 2.0 and broker all external IDPs. Don't integrate each application individually and don't bother with special protocols of the providers. Simply rely on the identity provided by ZITADEL, a robust trust anchor for all your applications and devices.

Ease your access management pain

Assign roles to brokered identities, like you do with any other user, and rely on a robust access management process that is highly reproducible for your application.

Platform APIs

ZITADEL is built around the idea of easy integration.

Image

Multiple parties can integrate custom use-cases for digital identities on top of solid core features. To enable easy integration into your business case, nearly all functions can be accessed via an API. With this we achieve a proper separation of concern and don’t need to integrate custom code within our codebase.

Profit from API-first design

When you are creating projects simply rely on ZITADEL's APIs to do the hard work for access and identity management. To make for a great IAM platform ZITADEL provides close to all of its functionalities as APIs.

Manage all resources

Most important for integrators is the Management API: It provides all features to manage Organizations, Users, and Projects. Furthermore, you can use our IAM API to configure the whole IAM system. Authentication and user information can be accessed through the Authentication API.

Build your processes on a solid base

Develop your business logic, processes or workflows on top of a trusted platform for user and access management. ZITADEL is capable to handle custom user registrations, integration with HR or ITSM processes, or syncing data with various sources.

Machine to Machine communication

ZITADEL simplifies authentication and integration with your non-interactive applications or devices.

ZITADEL offers multiple options for third party applications or devices to connect and allows you to tailor access rights to your use cases.

Backend

Enable your own backends to connect and authenticate to ZITADEL. We offer quickstarts, which include some technology stacks, to get you started quickly.

IoT

Authenticate and connect your small, autonomous IoT devices with ZITADEL. Every devices is given a unique ID an Secret such that their connection is trusted.

CLIs

Use authentication for your command-line interface to build seemlessly integrated tools.