zitadel/site/docs/administrate/08-providers.en.md

---
title: Identity Providers
---

### What are Identity Providers

Identity providers or in short idps are external systems to which **ZITADEL** can create a **federation** or use their **directory service**.
Normally federation uses protocols like [OpenID Connect 1.0](https://openid.net/connect/), [OAuth 2.0](https://oauth.net/2/) and [SAML 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).

Some examples include:

#### Social Providers

- Google Account
- Microsoft Live Account
- Apple ID
- GitHub
- GitLab
- ...

#### Enterprise Providers**

- Azure AD Tenant
- Gsuite hosted domain
- ...

### Generic

- ADFS
- ADDS
- Keycloak
- LDAP

### What is Identity Brokering

ZITADEL supports the usage as identity broker, by linking multiple external idps into one user.
With identity brokering the client which relies on ZITADEL does not need to care about the linking of identity.

### Manage Identity Providers

> Screenshot here

### Federation Protocols

Currently supported are the following protocols.

- OpenID Connect 1.0
- OAuth 2.0

SAML 2.0 will follow later on.

### Storage Federation

> This is a work in progress.

Storage federation is a means of integrating existing identity storage like [LDAP](https://tools.ietf.org/html/rfc4511) and [ADDS](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview).
With this process **ZITADEL** can authenticate users with LDAP Binding and SPNEGO for ADDS. It is also possible to synchronize the users just-in-time or scheduled.

#### Sync Settings

Here we will document all the different sync options

- Read-only
- Writeback
- just-in-time sync
- scheduled sync

> TBD

### Audit identity provider changes

> Screenshot here
-												chore(documentation): documentation and manuals for ZITADEL (#710)

* chore: cleanup old docs folder

* remove docs path trigger

* wip docs structure

* chore: ignore site changes in ci

* add manuals route

* new structure

* structure

* Use correct title

* remove trigger for code scan for static site generator

* change names

* add lorem ipsum to test styling

* use h3 to deeplink

* add site to dependabot

* lint readme.md

* remove not needed file

* ignore site on pull request code scan

* add initial contrib

* Minor correction

* Added section Developer & Integration

* Changed link list layout, added labels, added translations

* Added missing <li> tags

* Added correct link to section Developer & Integration

* Fixing list style

* Overhauling description texts and translations

* outline

* teaser go

* outline

* wip

* rework

* wip

* wip

* wip

* hop

* wip

* first draft for "administrate" done

* init outline

* fix deploy step

* lint

* commit wip

* commit wip

* md lint

* Link

* fix: path to edit (#711)

* wip

* wip

* wip

* what are...

* use only features

* wip docs

* Update 00-user.en.md

* project

* uppercase en

* wip

* wip

* wip

* policies rework

* improve text

* correct typo

* update readme

* correct styling

* add link to docs guides

* make the linter happy

* rename

* wip

* move api to own file

* correct links and lint

* wip roles and integration

* add pkce

* reduce padding and margin

* wip scope and claims

* wip claim & scopes

* make the linter happy

* insert links where possible

* wip

* wip roles & providers

* Update README.md

* Update 00-user.en.md

* minor text improvements

* use master branch to deploy

* use proper ci file

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Matthias M. Schneider <mati@matimax.info>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
											
										
										
											2020-10-16 12:13:02 +00:00
+								---
 								title: Identity Providers
 								---
 								### What are Identity Providers
-												chore: spell check automation and spellcheck (#889)

* test spell check

* fix indenting

* test

* add something to test

* test spellcheck

* spelling improvements

* improve spelling and ignore list

* Update site/docs/start/00-quick-start.de.md
											
										
										
											2020-10-26 12:54:29 +00:00
+								Identity providers or in short idps are external systems to which **ZITADEL** can create a **federation** or use their **directory service**.
-												chore(documentation): documentation and manuals for ZITADEL (#710)

* chore: cleanup old docs folder

* remove docs path trigger

* wip docs structure

* chore: ignore site changes in ci

* add manuals route

* new structure

* structure

* Use correct title

* remove trigger for code scan for static site generator

* change names

* add lorem ipsum to test styling

* use h3 to deeplink

* add site to dependabot

* lint readme.md

* remove not needed file

* ignore site on pull request code scan

* add initial contrib

* Minor correction

* Added section Developer & Integration

* Changed link list layout, added labels, added translations

* Added missing <li> tags

* Added correct link to section Developer & Integration

* Fixing list style

* Overhauling description texts and translations

* outline

* teaser go

* outline

* wip

* rework

* wip

* wip

* wip

* hop

* wip

* first draft for "administrate" done

* init outline

* fix deploy step

* lint

* commit wip

* commit wip

* md lint

* Link

* fix: path to edit (#711)

* wip

* wip

* wip

* what are...

* use only features

* wip docs

* Update 00-user.en.md

* project

* uppercase en

* wip

* wip

* wip

* policies rework

* improve text

* correct typo

* update readme

* correct styling

* add link to docs guides

* make the linter happy

* rename

* wip

* move api to own file

* correct links and lint

* wip roles and integration

* add pkce

* reduce padding and margin

* wip scope and claims

* wip claim & scopes

* make the linter happy

* insert links where possible

* wip

* wip roles & providers

* Update README.md

* Update 00-user.en.md

* minor text improvements

* use master branch to deploy

* use proper ci file

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Matthias M. Schneider <mati@matimax.info>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
											
										
										
											2020-10-16 12:13:02 +00:00
+								Normally federation uses protocols like [OpenID Connect 1.0](https://openid.net/connect/), [OAuth 2.0](https://oauth.net/2/) and [SAML 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
 								Some examples include:
 								#### Social Providers
 								- Google Account
 								- Microsoft Live Account
 								- Apple ID
 								- GitHub
 								- GitLab
 								- ...
 								#### Enterprise Providers**
 								- Azure AD Tenant
 								- Gsuite hosted domain
 								- ...
 								### Generic
 								- ADFS
 								- ADDS
 								- Keycloak
 								- LDAP
 								### What is Identity Brokering
-												chore: spell check automation and spellcheck (#889)

* test spell check

* fix indenting

* test

* add something to test

* test spellcheck

* spelling improvements

* improve spelling and ignore list

* Update site/docs/start/00-quick-start.de.md
											
										
										
											2020-10-26 12:54:29 +00:00
+								ZITADEL supports the usage as identity broker, by linking multiple external idps into one user.
-												chore(documentation): documentation and manuals for ZITADEL (#710)

* chore: cleanup old docs folder

* remove docs path trigger

* wip docs structure

* chore: ignore site changes in ci

* add manuals route

* new structure

* structure

* Use correct title

* remove trigger for code scan for static site generator

* change names

* add lorem ipsum to test styling

* use h3 to deeplink

* add site to dependabot

* lint readme.md

* remove not needed file

* ignore site on pull request code scan

* add initial contrib

* Minor correction

* Added section Developer & Integration

* Changed link list layout, added labels, added translations

* Added missing <li> tags

* Added correct link to section Developer & Integration

* Fixing list style

* Overhauling description texts and translations

* outline

* teaser go

* outline

* wip

* rework

* wip

* wip

* wip

* hop

* wip

* first draft for "administrate" done

* init outline

* fix deploy step

* lint

* commit wip

* commit wip

* md lint

* Link

* fix: path to edit (#711)

* wip

* wip

* wip

* what are...

* use only features

* wip docs

* Update 00-user.en.md

* project

* uppercase en

* wip

* wip

* wip

* policies rework

* improve text

* correct typo

* update readme

* correct styling

* add link to docs guides

* make the linter happy

* rename

* wip

* move api to own file

* correct links and lint

* wip roles and integration

* add pkce

* reduce padding and margin

* wip scope and claims

* wip claim & scopes

* make the linter happy

* insert links where possible

* wip

* wip roles & providers

* Update README.md

* Update 00-user.en.md

* minor text improvements

* use master branch to deploy

* use proper ci file

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Matthias M. Schneider <mati@matimax.info>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
											
										
										
											2020-10-16 12:13:02 +00:00
+								With identity brokering the client which relies on ZITADEL does not need to care about the linking of identity.
 								### Manage Identity Providers
 								> Screenshot here
 								### Federation Protocols
 								Currently supported are the following protocols.
 								- OpenID Connect 1.0
 								- OAuth 2.0
 								SAML 2.0 will follow later on.
 								### Storage Federation
 								> This is a work in progress.
 								Storage federation is a means of integrating existing identity storage like [LDAP](https://tools.ietf.org/html/rfc4511) and [ADDS](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview).
-												chore: spell check automation and spellcheck (#889)

* test spell check

* fix indenting

* test

* add something to test

* test spellcheck

* spelling improvements

* improve spelling and ignore list

* Update site/docs/start/00-quick-start.de.md
											
										
										
											2020-10-26 12:54:29 +00:00
+								With this process **ZITADEL** can authenticate users with LDAP Binding and SPNEGO for ADDS. It is also possible to synchronize the users just-in-time or scheduled.
-												chore(documentation): documentation and manuals for ZITADEL (#710)

* chore: cleanup old docs folder

* remove docs path trigger

* wip docs structure

* chore: ignore site changes in ci

* add manuals route

* new structure

* structure

* Use correct title

* remove trigger for code scan for static site generator

* change names

* add lorem ipsum to test styling

* use h3 to deeplink

* add site to dependabot

* lint readme.md

* remove not needed file

* ignore site on pull request code scan

* add initial contrib

* Minor correction

* Added section Developer & Integration

* Changed link list layout, added labels, added translations

* Added missing <li> tags

* Added correct link to section Developer & Integration

* Fixing list style

* Overhauling description texts and translations

* outline

* teaser go

* outline

* wip

* rework

* wip

* wip

* wip

* hop

* wip

* first draft for "administrate" done

* init outline

* fix deploy step

* lint

* commit wip

* commit wip

* md lint

* Link

* fix: path to edit (#711)

* wip

* wip

* wip

* what are...

* use only features

* wip docs

* Update 00-user.en.md

* project

* uppercase en

* wip

* wip

* wip

* policies rework

* improve text

* correct typo

* update readme

* correct styling

* add link to docs guides

* make the linter happy

* rename

* wip

* move api to own file

* correct links and lint

* wip roles and integration

* add pkce

* reduce padding and margin

* wip scope and claims

* wip claim & scopes

* make the linter happy

* insert links where possible

* wip

* wip roles & providers

* Update README.md

* Update 00-user.en.md

* minor text improvements

* use master branch to deploy

* use proper ci file

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Matthias M. Schneider <mati@matimax.info>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
											
										
										
											2020-10-16 12:13:02 +00:00
 								#### Sync Settings
 								Here we will document all the different sync options
-												chore: spell check automation and spellcheck (#889)

* test spell check

* fix indenting

* test

* add something to test

* test spellcheck

* spelling improvements

* improve spelling and ignore list

* Update site/docs/start/00-quick-start.de.md
											
										
										
											2020-10-26 12:54:29 +00:00
+								- Read-only
-												chore(documentation): documentation and manuals for ZITADEL (#710)

* chore: cleanup old docs folder

* remove docs path trigger

* wip docs structure

* chore: ignore site changes in ci

* add manuals route

* new structure

* structure

* Use correct title

* remove trigger for code scan for static site generator

* change names

* add lorem ipsum to test styling

* use h3 to deeplink

* add site to dependabot

* lint readme.md

* remove not needed file

* ignore site on pull request code scan

* add initial contrib

* Minor correction

* Added section Developer & Integration

* Changed link list layout, added labels, added translations

* Added missing <li> tags

* Added correct link to section Developer & Integration

* Fixing list style

* Overhauling description texts and translations

* outline

* teaser go

* outline

* wip

* rework

* wip

* wip

* wip

* hop

* wip

* first draft for "administrate" done

* init outline

* fix deploy step

* lint

* commit wip

* commit wip

* md lint

* Link

* fix: path to edit (#711)

* wip

* wip

* wip

* what are...

* use only features

* wip docs

* Update 00-user.en.md

* project

* uppercase en

* wip

* wip

* wip

* policies rework

* improve text

* correct typo

* update readme

* correct styling

* add link to docs guides

* make the linter happy

* rename

* wip

* move api to own file

* correct links and lint

* wip roles and integration

* add pkce

* reduce padding and margin

* wip scope and claims

* wip claim & scopes

* make the linter happy

* insert links where possible

* wip

* wip roles & providers

* Update README.md

* Update 00-user.en.md

* minor text improvements

* use master branch to deploy

* use proper ci file

* Apply suggestions from code review

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

Co-authored-by: Matthias M. Schneider <mati@matimax.info>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
											
										
										
											2020-10-16 12:13:02 +00:00
+								- Writeback
 								- just-in-time sync
 								- scheduled sync
 								> TBD
 								### Audit identity provider changes
 								> Screenshot here