docs: troubleshoot, project grant missing (#7216)

* docs: add troubleshooting page for missing project grant error message * docs: change graphic * Update docs/docs/support/troubleshooting.mdx Co-authored-by: mffap <mpa@zitadel.com> * docs: change permission text to project grant * Update docs/docs/support/troubleshooting.mdx Co-authored-by: mffap <mpa@zitadel.com> --------- Co-authored-by: mffap <mpa@zitadel.com>
2025-05-06 09:16:49 +00:00 · 2024-01-15 09:03:41 +01:00 · 2024-01-15 09:03:41 +01:00 · 09288c7826
commit 09288c7826
parent 3c5fc31372
5 changed files with 37 additions and 0 deletions
--- a/docs/docs/support/troubleshooting.mdx
+++ b/docs/docs/support/troubleshooting.mdx
@ -73,3 +73,40 @@ The WebFinger requirement and setup is a step a user has to take outside of thei
 On their custom domain, e.g example.com, users need to host a WebFinger endpoint at https://example.com/.well-known/webfinger. When queried, this endpoint returns a JSON response detailing the issuer. Users would need to host the endpoint with the link to the ZITADEL issuer. Tailscale only looks up this endpoint once when a user signs up, and will only look up this endpoint again if the user needs to make a configuration change to their identity provider.
 The requirements and a set up guide is detailed in the [Tailscale documentation](https://tailscale.com/kb/1240/sso-custom-oidc/).
 ## Login not possible. The organization of the user must be granted to the project
 ![Organization must be granted Error](/img/support/login_not_possible_error.png)
 ZITADEL is not only capable of handling authentication but also authorization.
 This error message tells you, that a project grant is missing from the owner organization to the organization of the authenticating user.
 You do have two organizations, an owner (Organization A) and a customer (Organization B).
 The Organization A owns a Project, and has to grant it to Organization B, so users are allowed to authenticate.
 The error message is shown to users of Organization B that the permission is required, but the project is not granted to Organization B.
 ![Project Grant Missing](/img/support/project_grant_missing.png)
 You do have two possibilities.
 1. Disable the permission check
 2. Give the permission to the organization
 ### Disable the permission check
 1. Go to the organization, who owns the project, where the user tries to authenticate.
 2. Navigate to the general settings of the needed project
 3. Disable "Check for Project on Authentication"
 ![Project Settings](/img/support/check_for_project_on_authentication.png)
 ### Give the needed permission to the organization
 1. Go to the organization, who owns the project, where the user tries to authenticate.
 2. Navigate to the grants page of the needed project
 3. Click on the "New" button
 4. Search for the organization to which you want to grant the project (e.g Organization B)
 5. Select the roles you want to grant
 6. Click save
 ![Project Grant for Organization B](/img/support/project_grant_for_customer_b.png)
--- a/docs/static/img/support/check_for_project_on_authentication.png
+++ b/docs/static/img/support/check_for_project_on_authentication.png
--- a/docs/static/img/support/login_not_possible_error.png
+++ b/docs/static/img/support/login_not_possible_error.png
--- a/docs/static/img/support/project_grant_for_customer_b.png
+++ b/docs/static/img/support/project_grant_for_customer_b.png
--- a/docs/static/img/support/project_grant_missing.png
+++ b/docs/static/img/support/project_grant_missing.png