zitadel/README.md

142 lines
7.9 KiB
Markdown
Raw Permalink Normal View History

<img src="./docs/static/logos/zitadel-logo-dark@2x.png#gh-light-mode-only" alt="Zitadel Logo" height="100px" width="auto" />
<img src="./docs/static/logos/zitadel-logo-light@2x.png#gh-dark-mode-only" alt="Zitadel Logo" height="100px" width="auto" />
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
[![Release](https://github.com/caos/zitadel/actions/workflows/zitadel.yml/badge.svg)](https://github.com/caos/zitadel/actions)
[![license](https://badgen.net/github/license/caos/zitadel/)](https://github.com/caos/zitadel/blob/main/LICENSE)
2020-03-30 18:44:28 +02:00
[![release](https://badgen.net/github/release/caos/zitadel/stable)](https://github.com/caos/zitadel/releases)
2020-03-27 14:20:32 +01:00
[![Go Report Card](https://goreportcard.com/badge/github.com/caos/zitadel)](https://goreportcard.com/report/github.com/caos/zitadel)
[![codecov](https://codecov.io/gh/caos/zitadel/branch/main/graph/badge.svg)](https://codecov.io/gh/caos/zitadel)
[![discord](https://badgen.net/discord/online-members/erh5Brh7jE)](https://discord.gg/erh5Brh7jE)
2021-11-18 19:15:09 +01:00
[![OpenID Connect Certified](./docs/static/logos/oidc-cert.png)](https://openid.net/certification/#OPs)
## What Is ZITADEL
**ZITADEL** is a "Cloud Native Identity and Access Management" solution built for the cloud era. ZITADEL uses a modern software stack consisting of [**Golang**](https://golang.org/), [**Angular**](https://angular.io/) and [**CockroachDB**](https://www.cockroachlabs.com/) as sole storage and follows an event sourced pattern.
We built **ZITADEL** not only with the vision of becoming a great open source project but also as a superb platform to support developers building their applications, without need to handle secure user login and account management themselves.
## How Does It Work
chore(documentation): documentation and manuals for ZITADEL (#710) * chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-10-16 14:13:02 +02:00
We built **ZITADEL** around the idea that the IAM should be easy to deploy and scale. That's why we tried to reduce external systems as much as possible.
For example, **ZITADEL** is event sourced but it does not rely on a pub/sub system to function. Instead we built all the functionality right into one binary.
**ZITADEL** only needs [**Kubernetes**](https://kubernetes.io/) for orchestration and [**CockroachDB**](https://www.cockroachlabs.com/) as storage.
## Run ZITADEL anywhere
### Self-hosted
You can run an automatically operated **ZITADEL** instance on a CNCF compliant Kubernetes cluster of your choice:
* [CRD Mode on an existing k8s cluster](https://docs.zitadel.ch/docs/guides/installation/crd)
* [GitOps Mode on an existing k8s cluster](https://docs.zitadel.ch/docs/guides/installation/gitops)
* [GitOps Mode on VM/bare-metal](https://docs.zitadel.ch/docs/guides/installation/managed-dedicated-instance) using [ORBOS](https://docs.zitadel.ch/docs/guides/installation/orbos)
### Software-as-a-Service
docs: restructure and add more content (#2232) * docs: restructure quickstarts * docs: quickstart libs * docs: add exlixir lib * docs: restructure * docs: restructure * docs: customization * use tabs in oauth/oidc endpoints.md * improve authorize_endpoint * improve token_endpoint and introspection_endpoint * docs: saas use case * styling * styling * begin login users * login users * login users * fix table * fix: links * fix: links * start go api * fix: policy structure * fix: saas description * fix: saas description * fix: saas description * Update docs/docs/concepts/policies.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * Update docs/docs/concepts/usecases/saas.md Co-authored-by: mffap <mpa@caos.ch> * docs: organisation --> organization * docs: fixes * docs: fixes * Update docs/docs/apis/openidoauth/endpoints.md Co-authored-by: Florian Forster <florian@caos.ch> * Update docs/docs/concepts/policies.md Co-authored-by: Florian Forster <florian@caos.ch> * Update docs/docs/concepts/policies.md Co-authored-by: Florian Forster <florian@caos.ch> * Update docs/docs/concepts/policies.md Co-authored-by: Florian Forster <florian@caos.ch> * Update docs/docs/apis/openidoauth/endpoints.md Co-authored-by: Florian Forster <florian@caos.ch> * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> * docs: intro * Update docs/docs/guides/customization/branding.md Co-authored-by: Florian Forster <florian@caos.ch> * fix: typo * add mermaid Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch>
2021-09-23 10:34:06 +02:00
* **ZITADEL Cloud:** [**ZITADEL.ch**](https://zitadel.ch) is our shared cloud service hosted in Switzerland. [Get started](https://docs.zitadel.ch/docs/guides/basics/get-started) and try the free tier, including already unlimited users and all necessary security features.
* **ZITADEL Dedicated:** We operate and support a dedicated instance of **ZITADEL** for you. [Get in touch!](https://zitadel.ch/contact/)
## Start using ZITADEL
### Quickstarts
See our [Documentation](https://docs.zitadel.ch/docs/quickstarts/introduction) to get started with ZITADEL quickly. Let us know, if you are missing a language or framework in the [Q&A](https://github.com/caos/zitadel/discussions/1717).
### Client libraries
* [Go](https://github.com/caos/zitadel-go) client library
* [.NET](https://github.com/caos/zitadel-net) client library
* [Dart](https://github.com/caos/zitadel-dart) client library
* [Elixir](https://github.com/jshmrtn/zitadel_api) client library (maintained by [jshmrtn]([jshmrtn](https://github.com/jshmrtn)))
## Help and Documentation
* [Documentation](https://docs.zitadel.ch)
* [Say hello](https://zitadel.ch/contact/)
* [Join our Discord channel](https://discord.gg/erh5Brh7jE)
## How To Contribute
Details about how to contribute you can find in the [Contribution Guide](CONTRIBUTING.md)
## Security
See the policy [here](./SECURITY.md)
## Features of ZITADEL platform
* Authentication
* OpenID Connect 1.0 Protocol (OP)
* Username / Password
* Machine-to-machine (JWT profile)
* Passwordless with FIDO2
* Multifactor authentication with OTP, U2F
* Federation with OpenID Connect 1.0 Protocol (RP), OAuth 2.0 Protocol (RP)
* Identity Brokering
* Identity & Access Management
* B2C, B2B, B2E, M2M identities
* Authorization via Role Based Access Control (RBAC)
* Delegation of roles to other organizations for self-management
* Management roles
* User self-service workflows
* User register workflow
* Strong audit trail for all IAM resources
* Privatelabeling
* Custom branding
* Custom texts
* Hosted login
* Personal profile
* Integration
* API-first
* Actions for custom code execution
## Showcase
### Passwordless Login
Use our login widget to allow easy and sucure access to your applications and enjoy all the benefits of passwordless (FIDO 2 / WebAuthN):
* works on all modern platforms, devices, and browsers
* phishing resistant alternative
* requires only one gesture by the user
* easy [enrollment](https://docs.zitadel.ch/docs/manuals/user-factors) of the device during registration
![passwordless-windows-hello](https://user-images.githubusercontent.com/1366906/118765435-5d419780-b87b-11eb-95bf-55140119c0d8.gif)
### Admin Console
Use [Console](https://docs.zitadel.ch/docs/manuals/introduction) or our [APIs](https://docs.zitadel.ch/docs/apis/introduction) to setup organizations, projects and applications.
Register new applications
![OIDC-Client-Register](https://user-images.githubusercontent.com/1366906/118765446-62064b80-b87b-11eb-8b24-4f4c365b8c58.gif)
Delegate the right to assign roles to another organization
![projects_create_org_grant](https://user-images.githubusercontent.com/1366906/118766069-39cb1c80-b87c-11eb-84cf-f5becce4e9b6.gif)
Customize login and console with your design
![private_labeling](https://user-images.githubusercontent.com/1366906/123089110-d148ff80-d426-11eb-9598-32b506f6d4fd.gif)
## Other CAOS Projects
* [**ORBOS**](https://github.com/caos/orbos/) - GitOps everything
* [**OIDC for GO**](https://github.com/caos/oidc) - OpenID Connect SDK (client and server) for Go
* [**ZITADEL Tools**](https://github.com/caos/zitadel-tools) - Go tool to convert key file to privately signed JWT
## Usage Data
ZITADEL components send errors and usage data to CAOS Ltd., so that we are able to identify code improvement potential. If you don't want to send this data or don't have an internet connection, pass the global flag `--disable-analytics` when using zitadelctl. For disabling ingestion for already-running components, execute the takeoff command again with the `--disable-analytics` flag.
We try to distinguishing the environments from which events come from. As environment identifier, we enrich the events by the domain you have configured in zitadel.yml, as soon as it's available. When it's not available and you passed the --gitops flag, we defer the environment identifier from your git repository URL.
Besides from errors that don't clearly come from misconfiguration or cli misuage, we send an inital event when any binary is started. This is a "<component> invoked" event along with the flags that are passed to it, except secret values of course.
We only ingest operational data. Your ZITADEL workload data from the IAM application itself is never sent anywhere unless you chose to integrate other systems yourself.
## License
See the exact licensing terms [here](./LICENSE)
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.