ZITADEL for Enterprise

Total Ownership of Your Identity Platform

Deploy the cloud-native, open-source CIAM and B2B multi-tenant identity infrastructure on your own terms. Ideal for regulated industries looking to secure compliance, reduce vendor lock-in, and deploy close to their users.

deploy-zitadel.sh
docker run -p 8080:8080 -d \ ghcr.io/zitadel/zitadel:latest \ start-all --insecure
Why Self-Host?

Maintain Uncompromising Control Over Identity

While Cloud models provide convenience, running ZITADEL on your own infrastructure addresses critical security, architectural, and operational needs.

Absolute Data Ownership

Identity is the gateway to your business data. Self-hosting ensures all user profiles, access logs, and security metadata reside inside your secure databases, entirely walled off from third-party processors.

Geographic Residency & Compliance

Easily comply with GDPR, HIPAA, and domestic data regulations. Host ZITADEL within specific geographic borders or cloud zones (e.g., local sovereign clouds) to guarantee compliance without complicating your architecture.

Mitigate Vendor & Licensing Risks

Protect your core application stack from external disruptions, unexpected pricing changes, or SaaS endpoint outages. Run ZITADEL on your own lifecycle, maintaining total system independence.

Edge Deployment & Low Latency

Reduce network hops and maximize performance. Deploy ZITADEL in close proximity to your APIs, local microservices, or directly at the edge to reduce authorization check latency to milliseconds.

Embedded & Customer-Managed Deployments

Package and distribute ZITADEL as the identity management system inside your own software product. Run ZITADEL directly within your enterprise customers' on-premises, private cloud, or air-gapped environments, addressing cloud service restrictions for sectors like government, defense, healthcare, and manufacturing.

Industry Focus

Empowering Regulated Sectors

Regulated sectors face strict mandates that make SaaS identity providers unfeasible. ZITADEL Self-Hosted allows you to combine modern developer experience (CIAM, Passkeys, Multi-tenancy) with strict security isolation.

Air-gapped and private network deployments
Complete audit logs and read-only replica databases
Hardened configurations to meet SOC 2, HIPAA & ISO 27001

Healthcare

Protect sensitive patient health information (PHI). Fulfill HIPAA directives by enforcing strict MFA while keeping user data off public networks.

Financial Services

Comply with strict transactional security frameworks. Implement cryptographically secure Passkeys and manage external financial partner permissions securely.

Government

Achieve sovereign identity standards. Deploy within protected government clouds or air-gapped data centers, keeping civilian authentication systems isolated.

Defense & Security

Fulfill strict national security and physical/logical isolation mandates. Deploy within air-gapped environments or secure tactical edge networks to protect defense-grade resources.

Energy & Utilities

Provide secure operations access for utility engineers and edge IoT machines. Keep local authentication running even during wide-area network outages.

Manufacturing

Connect supply chain vendors, logistics networks, and factory devices under a single multi-tenant IAM instance while retaining full data compartmentalization.

Enterprise Support & Licensing

Enterprise-Grade Self-Hosting Support

We provide the legal assurance, engineering support, and operational guarantees required to run ZITADEL as your critical production identity stack.

Commercial License

Replace ZITADEL's default AGPLv3 copyleft open-source license with a commercial enterprise agreement. Keep your modifications private, avoid strict compliance reviews, and operate within your organization's legal guidelines.

LEGAL ASSURANCE & PEACE OF MIND

Technical Account Manager

Receive direct, dedicated access to a Technical Account Manager (TAM) and ZITADEL core developers. Fulfill complex requirements with dedicated assistance on database optimization, capacity reviews, and cluster migration strategies.

DIRECT ACCESS TO ENGINEERS

First-Class Support & SLAs

Resolve outages quickly with contractually backed Service Level Agreements (SLAs). We offer priority ticketing, round-the-clock coverage (24/7/365), and hotfixes backported directly to your deployed version.

GUARANTEED RESPONSE TIMES
Edition Comparison

Choose Your Deployment Route

Compare the features, licensing, and operational support tiers for self-hosting.

Feature / Support CapabilityCommunity (AGPLv3)Enterprise (Commercial License)
Software LicenseAGPLv3 (Copyleft)Commercial Enterprise License
Multi-Tenancy & CIAM featuresIncluded (All Core Features)Included + Commercial Add-ons
Support ChannelsGitHub & Discord (Community)Support Request, Regular Meetings, Slack
Response SLABest EffortGuaranteed (Up to 30 mins for Critical Sev)
Dedicated Technical ContactNoneTechnical Account Manager (TAM)
Deployment Architecture ReviewNoneIncluded (setup audit)
Priority Roadmap RequestsBest effort based on community popularityDirect influence and custom engineering prioritizations

Ready to secure your self-hosted setup?

Explore our extensive deployment guides to spin up a community node, or get in touch with our team to obtain a commercial license and set up SLA-backed technical support.