Total Ownership of Your
Identity Platform
Deploy the cloud-native, open-source CIAM and B2B multi-tenant identity infrastructure on your own terms. Ideal for regulated industries looking to secure compliance, reduce vendor lock-in, and deploy close to their users.
docker run -p 8080:8080 -d \
ghcr.io/zitadel/zitadel:latest \
start-all --insecureMaintain Uncompromising Control Over Identity
While Cloud models provide convenience, running ZITADEL on your own infrastructure addresses critical security, architectural, and operational needs.
Absolute Data Ownership
Identity is the gateway to your business data. Self-hosting ensures all user profiles, access logs, and security metadata reside inside your secure databases, entirely walled off from third-party processors.
Geographic Residency & Compliance
Easily comply with GDPR, HIPAA, and domestic data regulations. Host ZITADEL within specific geographic borders or cloud zones (e.g., local sovereign clouds) to guarantee compliance without complicating your architecture.
Mitigate Vendor & Licensing Risks
Protect your core application stack from external disruptions, unexpected pricing changes, or SaaS endpoint outages. Run ZITADEL on your own lifecycle, maintaining total system independence.
Edge Deployment & Low Latency
Reduce network hops and maximize performance. Deploy ZITADEL in close proximity to your APIs, local microservices, or directly at the edge to reduce authorization check latency to milliseconds.
Embedded & Customer-Managed Deployments
Package and distribute ZITADEL as the identity management system inside your own software product. Run ZITADEL directly within your enterprise customers' on-premises, private cloud, or air-gapped environments, addressing cloud service restrictions for sectors like government, defense, healthcare, and manufacturing.
Empowering Regulated Sectors
Regulated sectors face strict mandates that make SaaS identity providers unfeasible. ZITADEL Self-Hosted allows you to combine modern developer experience (CIAM, Passkeys, Multi-tenancy) with strict security isolation.
Healthcare
Protect sensitive patient health information (PHI). Fulfill HIPAA directives by enforcing strict MFA while keeping user data off public networks.
Financial Services
Comply with strict transactional security frameworks. Implement cryptographically secure Passkeys and manage external financial partner permissions securely.
Government
Achieve sovereign identity standards. Deploy within protected government clouds or air-gapped data centers, keeping civilian authentication systems isolated.
Defense & Security
Fulfill strict national security and physical/logical isolation mandates. Deploy within air-gapped environments or secure tactical edge networks to protect defense-grade resources.
Energy & Utilities
Provide secure operations access for utility engineers and edge IoT machines. Keep local authentication running even during wide-area network outages.
Manufacturing
Connect supply chain vendors, logistics networks, and factory devices under a single multi-tenant IAM instance while retaining full data compartmentalization.
Enterprise-Grade Self-Hosting Support
We provide the legal assurance, engineering support, and operational guarantees required to run ZITADEL as your critical production identity stack.
Commercial License
Replace ZITADEL's default AGPLv3 copyleft open-source license with a commercial enterprise agreement. Keep your modifications private, avoid strict compliance reviews, and operate within your organization's legal guidelines.
LEGAL ASSURANCE & PEACE OF MINDTechnical Account Manager
Receive direct, dedicated access to a Technical Account Manager (TAM) and ZITADEL core developers. Fulfill complex requirements with dedicated assistance on database optimization, capacity reviews, and cluster migration strategies.
DIRECT ACCESS TO ENGINEERSFirst-Class Support & SLAs
Resolve outages quickly with contractually backed Service Level Agreements (SLAs). We offer priority ticketing, round-the-clock coverage (24/7/365), and hotfixes backported directly to your deployed version.
GUARANTEED RESPONSE TIMESChoose Your Deployment Route
Compare the features, licensing, and operational support tiers for self-hosting.
| Feature / Support Capability | Community (AGPLv3) | Enterprise (Commercial License) |
|---|---|---|
| Software License | AGPLv3 (Copyleft) | Commercial Enterprise License |
| Multi-Tenancy & CIAM features | Included (All Core Features) | Included + Commercial Add-ons |
| Support Channels | GitHub & Discord (Community) | Support Request, Regular Meetings, Slack |
| Response SLA | Best Effort | Guaranteed (Up to 30 mins for Critical Sev) |
| Dedicated Technical Contact | None | Technical Account Manager (TAM) |
| Deployment Architecture Review | None | Included (setup audit) |
| Priority Roadmap Requests | Best effort based on community popularity | Direct influence and custom engineering prioritizations |
Ready to secure your self-hosted setup?
Explore our extensive deployment guides to spin up a community node, or get in touch with our team to obtain a commercial license and set up SLA-backed technical support.