zitadel/site/docs/administrate/06-users.en.md

---
title: Users
---

### What are users

In ZITADEL there are different users. Some belong to dedicated organisations other belong to the global org. Some of them are human users others are machines.
Nonetheless we treat them all the same in regard to roles management and audit trail.

#### Human vs. Service Users

The major difference between humane vs. machine users is the type of credentials who can be used.
With machine users there is only a non interactive login process possible. As such we utilize “JWT as Authorization Grant”.

> TODO Link to “JWT as Authorization Grant” explanation.

### How ZITADEL handles usernames

ZITADEL is built around the concept of organisations. Each organisation has it's own pool of usernames which include human and service users.
For example a user with the username `alice` can only exist once the org. `ACME`. ZITADEL will automatically generate a "logonname" for each user consisting of `{username}@{domainname}.{zitadeldomain}`. Without verifying the domain name this would result in the logonname `alice@acme.zitadel.ch`. If you use a dedicated ZITADEL replace `zitadel.ch` with your domain name.

If someone verifies a domain name within the org. ZITADEL will generate additional logonames for each user with that domain. For example if the domain is `acme.ch` the resulting logonname would be `alice@acme.ch` and as well the generated one `alice@acme.zitadel.ch`.

> Domain verification also removes the logonname from all users who might have used this combination in the global org.
> Relating to example with `acme.ch` if a user in the global org, let's call him `bob` used `bob@acme.ch` this logonname will be replaced with `bob@randomvalue.tld`
> ZITADEL notifies the user about this change

### Manage Users

#### Create User

> Screenshot here

#### Set Password

> Screenshot here

### Manage Service Users

> Screenshot here

### Authorizations

> Screenshot here

### Audit user changes

> Screenshot here
chore(documentation): documentation and manuals for ZITADEL (#710) * chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2020-10-16 14:13:02 +02:00			`---`
			`title: Users`
			`---`

			`### What are users`

			`In ZITADEL there are different users. Some belong to dedicated organisations other belong to the global org. Some of them are human users others are machines.`
			`Nonetheless we treat them all the same in regard to roles management and audit trail.`

			`#### Human vs. Service Users`

			`The major difference between humane vs. machine users is the type of credentials who can be used.`
			`With machine users there is only a non interactive login process possible. As such we utilize “JWT as Authorization Grant”.`

			`> TODO Link to “JWT as Authorization Grant” explanation.`

			`### How ZITADEL handles usernames`

			`ZITADEL is built around the concept of organisations. Each organisation has it's own pool of usernames which include human and service users.`
			For example a user with the username `alice` can only exist once the org. `ACME`. ZITADEL will automatically generate a "logonname" for each user consisting of `{username}@{domainname}.{zitadeldomain}`. Without verifying the domain name this would result in the logonname `alice@acme.zitadel.ch`. If you use a dedicated ZITADEL replace `zitadel.ch` with your domain name.

			If someone verifies a domain name within the org. ZITADEL will generate additional logonames for each user with that domain. For example if the domain is `acme.ch` the resulting logonname would be `alice@acme.ch` and as well the generated one `alice@acme.zitadel.ch`.

			`> Domain verification also removes the logonname from all users who might have used this combination in the global org.`
			> Relating to example with `acme.ch` if a user in the global org, let's call him `bob` used `bob@acme.ch` this logonname will be replaced with `bob@randomvalue.tld`
			`> ZITADEL notifies the user about this change`

			`### Manage Users`

			`#### Create User`

			`> Screenshot here`

			`#### Set Password`

			`> Screenshot here`

			`### Manage Service Users`

			`> Screenshot here`

			`### Authorizations`

			`> Screenshot here`

			`### Audit user changes`

			`> Screenshot here`