TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into notification-links

Browse Source
This commit is contained in:
Elio Bischof
2023-09-25 11:29:18 +02:00
parent c4197fef87 2823678eb6
commit 0b5cfbb653
244 changed files with 3748 additions and 1628 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/defaults.yaml
View File

@@ -595,7 +595,7 @@ DefaultInstance:
MaxAgeDays: 0 # ZITADEL_DEFAULTINSTANCE_PASSWORDAGEPOLICY_MAXAGEDAYS
DomainPolicy:
UserLoginMustBeDomain: false # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_USERLOGINMUSTBEDOMAIN
ValidateOrgDomains: true # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_VALIDATEORGDOMAINS
ValidateOrgDomains: false # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_VALIDATEORGDOMAINS
SMTPSenderAddressMatchesInstanceDomain: false # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN
LoginPolicy:
AllowUsernamePassword: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWUSERNAMEPASSWORD
@@ -604,7 +604,7 @@ DefaultInstance:
ForceMFA: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_FORCEMFA
HidePasswordReset: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_HIDEPASSWORDRESET
IgnoreUnknownUsernames: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_IGNOREUNKNOWNUSERNAMES
AllowDomainDiscovery: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWDOMAINDISCOVERY
AllowDomainDiscovery: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWDOMAINDISCOVERY
# 1 is allowed, 0 is not allowed
PasswordlessType: 1 # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_PASSWORDLESSTYPE
# DefaultRedirectURL is empty by default because we use the Console UI

26
cmd/setup/13.go Normal file
View File

@@ -0,0 +1,26 @@
package setup
import (
"context"
_ "embed"
"github.com/zitadel/zitadel/internal/database"
)
var (
//go:embed 13/13_fix_quota_constraints.sql
fixQuotaConstraints string
)
type FixQuotaConstraints struct {
dbClient *database.DB
}
func (mig *FixQuotaConstraints) Execute(ctx context.Context) error {
_, err := mig.dbClient.ExecContext(ctx, fixQuotaConstraints)
return err
}
func (mig *FixQuotaConstraints) String() string {
return "13_fix_quota_constraints"
}

4
cmd/setup/13/13_fix_quota_constraints.sql Normal file
View File

@@ -0,0 +1,4 @@
ALTER TABLE IF EXISTS projections.quotas ALTER COLUMN from_anchor DROP NOT NULL;
ALTER TABLE IF EXISTS projections.quotas ALTER COLUMN amount DROP NOT NULL;
ALTER TABLE IF EXISTS projections.quotas ALTER COLUMN interval DROP NOT NULL;
ALTER TABLE IF EXISTS projections.quotas ALTER COLUMN limit_usage DROP NOT NULL;

25
cmd/setup/config.go
View File

@@ -56,18 +56,19 @@ func MustNewConfig(v *viper.Viper) *Config {
}
type Steps struct {
s1ProjectionTable *ProjectionTable
s2AssetsTable *AssetTable
FirstInstance *FirstInstance
s4EventstoreIndexes *EventstoreIndexesNew
s5LastFailed *LastFailed
s6OwnerRemoveColumns *OwnerRemoveColumns
s7LogstoreTables *LogstoreTables
s8AuthTokens *AuthTokenIndexes
s9EventstoreIndexes2 *EventstoreIndexesNew
CorrectCreationDate *CorrectCreationDate
AddEventCreatedAt *AddEventCreatedAt
s12AddOTPColumns *AddOTPColumns
s1ProjectionTable *ProjectionTable
s2AssetsTable *AssetTable
FirstInstance *FirstInstance
s4EventstoreIndexes *EventstoreIndexesNew
s5LastFailed *LastFailed
s6OwnerRemoveColumns *OwnerRemoveColumns
s7LogstoreTables *LogstoreTables
s8AuthTokens *AuthTokenIndexes
s9EventstoreIndexes2 *EventstoreIndexesNew
CorrectCreationDate *CorrectCreationDate
AddEventCreatedAt *AddEventCreatedAt
s12AddOTPColumns *AddOTPColumns
s13FixQuotaProjection *FixQuotaConstraints
}
type encryptionKeyConfig struct {

3
cmd/setup/setup.go
View File

@@ -95,6 +95,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
steps.AddEventCreatedAt.dbClient = dbClient
steps.AddEventCreatedAt.step10 = steps.CorrectCreationDate
steps.s12AddOTPColumns = &AddOTPColumns{dbClient: dbClient}
steps.s13FixQuotaProjection = &FixQuotaConstraints{dbClient: dbClient}
err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil)
logging.OnError(err).Fatal("unable to start projections")
@@ -137,6 +138,8 @@ func Setup(config *Config, steps *Steps, masterKey string) {
logging.OnError(err).Fatal("unable to migrate step 11")
err = migration.Migrate(ctx, eventstoreClient, steps.s12AddOTPColumns)
logging.OnError(err).Fatal("unable to migrate step 12")
err = migration.Migrate(ctx, eventstoreClient, steps.s13FixQuotaProjection)
logging.OnError(err).Fatal("unable to migrate step 13")
for _, repeatableStep := range repeatableSteps {
err = migration.Migrate(ctx, eventstoreClient, repeatableStep)

2
console/src/app/modules/header/header.component.html
View File

@@ -195,7 +195,7 @@
</a>
</div>
<ng-container *ngIf="user">
<ng-container *ngIf="user && user.id">
<div class="account-card-wrapper">
<button
cdkOverlayOrigin

2
console/src/app/modules/settings-list/settings-list.component.html
View File

@@ -18,7 +18,7 @@
<ng-container *ngIf="currentSetting === 'login'">
<cnsl-login-policy [serviceType]="serviceType"></cnsl-login-policy>
</ng-container>
<ng-container *ngIf="currentSetting === 'domain'">
<ng-container *ngIf="currentSetting === 'domain' && (['iam.policy.write'] | hasRole | async) === true">
<cnsl-domain-policy [serviceType]="serviceType"></cnsl-domain-policy>
</ng-container>
<ng-container *ngIf="currentSetting === 'idp'">

4
console/src/app/modules/settings-list/settings.ts
View File

@@ -48,8 +48,8 @@ export const DOMAIN: SidenavSetting = {
i18nKey: 'SETTINGS.LIST.DOMAIN',
groupI18nKey: 'SETTINGS.GROUPS.DOMAIN',
requiredRoles: {
[PolicyComponentServiceType.MGMT]: ['policy.read'],
[PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
[PolicyComponentServiceType.MGMT]: ['iam.policy.write'],
[PolicyComponentServiceType.ADMIN]: ['iam.policy.write'],
},
};

5
console/src/app/modules/sidenav/sidenav.component.html
View File

@@ -28,11 +28,6 @@
<button
(click)="value = setting.id"
*ngIf="
!setting.requiredRoles ||
(setting.requiredRoles.mgmt && (setting.requiredRoles.mgmt | hasRole | async)) ||
(setting.requiredRoles.admin && (setting.requiredRoles.admin | hasRole | async))
"
class="sidenav-setting-list-element hide-on-mobile"
[ngClass]="{ active: currentSetting === setting.id, show: currentSetting === undefined }"
[attr.data-e2e]="'sidenav-element-' + setting.id"

2
console/src/app/pages/domains/domains.component.html
View File

@@ -48,7 +48,7 @@
<button
mat-icon-button
[disabled]="(canwrite$ | async) === false || domain.isVerified"
*ngIf="canwrite$ | async"
*ngIf="(canwrite$ | async) && verifyOrgDomains"
(click)="verifyDomain(domain)"
>
<i class="las la-pen"></i>

24
console/src/app/pages/domains/domains.component.ts
View File

@@ -19,6 +19,7 @@ export class DomainsComponent implements OnInit {
public domains: Domain.AsObject[] = [];
public primaryDomain: string = '';
public InfoSectionType: any = InfoSectionType;
public verifyOrgDomains: boolean | undefined;
constructor(
private mgmtService: ManagementService,
@@ -38,6 +39,10 @@ export class DomainsComponent implements OnInit {
}
public loadDomains(): void {
this.mgmtService.getDomainPolicy().then((result) => {
this.verifyOrgDomains = result.policy?.validateOrgDomains;
});
this.mgmtService.listOrgDomains().then((result) => {
this.domains = result.resultList;
this.primaryDomain = this.domains.find((domain) => domain.isPrimary)?.domainName ?? '';
@@ -68,13 +73,14 @@ export class DomainsComponent implements OnInit {
.addOrgDomain(domainName)
.then(() => {
this.toast.showInfo('ORG.TOAST.DOMAINADDED', true);
this.verifyDomain({
domainName: domainName,
validationType: DomainValidationType.DOMAIN_VALIDATION_TYPE_UNSPECIFIED,
});
setTimeout(() => {
if (this.verifyOrgDomains) {
this.verifyDomain({
domainName: domainName,
validationType: DomainValidationType.DOMAIN_VALIDATION_TYPE_UNSPECIFIED,
});
} else {
this.loadDomains();
}, 1000);
}
})
.catch((error) => {
this.toast.showError(error);
@@ -120,10 +126,8 @@ export class DomainsComponent implements OnInit {
width: '500px',
});
dialogRef.afterClosed().subscribe((reload: boolean) => {
if (reload) {
this.loadDomains();
}
dialogRef.afterClosed().subscribe(() => {
this.loadDomains();
});
}
}

22
console/src/app/pages/instance-settings/instance-settings.component.ts
View File

@@ -1,10 +1,11 @@
import { Component, OnDestroy } from '@angular/core';
import { Component, OnDestroy, OnInit } from '@angular/core';
import { ActivatedRoute, Params } from '@angular/router';
import { Subject, takeUntil } from 'rxjs';
import { PolicyComponentServiceType } from 'src/app/modules/policies/policy-component-types.enum';
import { SidenavSetting } from 'src/app/modules/sidenav/sidenav.component';
import { Breadcrumb, BreadcrumbService, BreadcrumbType } from 'src/app/services/breadcrumb.service';
import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
import {
BRANDING,
COMPLEXITY,
@@ -21,16 +22,17 @@ import {
SECRETS,
SECURITY,
} from '../../modules/settings-list/settings';
import { checkSettingsPermissions } from '../org-settings/org-settings.component';
@Component({
selector: 'cnsl-instance-settings',
templateUrl: './instance-settings.component.html',
styleUrls: ['./instance-settings.component.scss'],
})
export class InstanceSettingsComponent implements OnDestroy {
export class InstanceSettingsComponent implements OnInit, OnDestroy {
public id: string = '';
public PolicyComponentServiceType: any = PolicyComponentServiceType;
public settingsList: SidenavSetting[] = [
public defaultSettingsList: SidenavSetting[] = [
GENERAL,
// notifications
// { showWarn: true, ...NOTIFICATIONS },
@@ -53,8 +55,10 @@ export class InstanceSettingsComponent implements OnDestroy {
SECURITY,
];
public settingsList: SidenavSetting[] = [];
private destroy$: Subject<void> = new Subject();
constructor(breadcrumbService: BreadcrumbService, activatedRoute: ActivatedRoute) {
constructor(breadcrumbService: BreadcrumbService, activatedRoute: ActivatedRoute, public authService: GrpcAuthService) {
const breadcrumbs = [
new Breadcrumb({
type: BreadcrumbType.INSTANCE,
@@ -72,6 +76,16 @@ export class InstanceSettingsComponent implements OnDestroy {
});
}
ngOnInit(): void {
checkSettingsPermissions(this.defaultSettingsList, PolicyComponentServiceType.ADMIN, this.authService).subscribe(
(allowed) => {
this.settingsList = this.defaultSettingsList.filter((setting, index) => {
return allowed[index];
});
},
);
}
ngOnDestroy(): void {
this.destroy$.next();
this.destroy$.complete();

52
console/src/app/pages/org-settings/org-settings.component.ts
View File

@@ -1,10 +1,11 @@
import { Component } from '@angular/core';
import { Component, OnInit } from '@angular/core';
import { ActivatedRoute, Params } from '@angular/router';
import { take } from 'rxjs';
import { forkJoin, of, take } from 'rxjs';
import { PolicyComponentServiceType } from 'src/app/modules/policies/policy-component-types.enum';
import { SidenavSetting } from 'src/app/modules/sidenav/sidenav.component';
import { Breadcrumb, BreadcrumbService, BreadcrumbType } from 'src/app/services/breadcrumb.service';
import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
import {
BRANDING,
COMPLEXITY,
@@ -23,10 +24,11 @@ import {
templateUrl: './org-settings.component.html',
styleUrls: ['./org-settings.component.scss'],
})
export class OrgSettingsComponent {
export class OrgSettingsComponent implements OnInit {
public id: string = '';
public PolicyComponentServiceType: any = PolicyComponentServiceType;
public settingsList: SidenavSetting[] = [
private defaultSettingsList: SidenavSetting[] = [
LOGIN,
IDP,
COMPLEXITY,
@@ -39,7 +41,9 @@ export class OrgSettingsComponent {
PRIVACYPOLICY,
];
constructor(breadcrumbService: BreadcrumbService, activatedRoute: ActivatedRoute) {
public settingsList: SidenavSetting[] = [];
constructor(breadcrumbService: BreadcrumbService, activatedRoute: ActivatedRoute, public authService: GrpcAuthService) {
const breadcrumbs = [
new Breadcrumb({
type: BreadcrumbType.ORG,
@@ -55,4 +59,42 @@ export class OrgSettingsComponent {
}
});
}
ngOnInit(): void {
checkSettingsPermissions(this.defaultSettingsList, PolicyComponentServiceType.MGMT, this.authService).subscribe(
(allowed) => {
this.settingsList = this.defaultSettingsList.filter((setting, index) => {
return allowed[index];
});
},
);
}
}
// Return a Observables<boolean>[] that will wait till all service calls are finished to then check if user is allowed to see a setting
export function checkSettingsPermissions(settings: SidenavSetting[], serviceType: string, authService: GrpcAuthService) {
return forkJoin(
settings
.filter((setting) => {
if (serviceType === PolicyComponentServiceType.ADMIN) {
return setting.requiredRoles && setting.requiredRoles.admin;
} else {
return setting.requiredRoles && setting.requiredRoles.mgmt;
}
})
.map((setting) => {
if (!setting.requiredRoles) {
return of(true);
}
if (!setting.requiredRoles.mgmt) {
return of(true);
}
if (setting.requiredRoles.mgmt) {
return authService.isAllowed(setting.requiredRoles.mgmt).pipe(take(1));
}
return of(false);
}),
);
}

2
console/src/app/pages/users/user-detail/user-detail/user-detail.component.html
View File

@@ -78,7 +78,7 @@
<ng-container *ngIf="currentSetting === 'general'">
<ng-template cnslHasRole [hasRole]="['user.read$', 'user.read:' + user.id]">
<cnsl-card *ngIf="user.human" title="{{ 'USER.PROFILE.TITLE' | translate }}">
<cnsl-card *ngIf="user.human" title="{{ user.preferredLoginName }} - {{ 'USER.PROFILE.TITLE' | translate }}">
<cnsl-detail-form
[preferredLoginName]="user.preferredLoginName"
[disabled]="(canWrite$ | async) === false"

14
console/src/app/pages/users/user-list/user-table/user-table.component.html
View File

@@ -124,6 +124,20 @@
</td>
</ng-container>
<ng-container matColumnDef="preferredLoginName">
<th
mat-header-cell
*matHeaderCellDef
mat-sort-header
[ngClass]="{ 'search-active': this.userSearchKey === UserListSearchKey.DISPLAY_NAME }"
>
{{ 'USER.PROFILE.PREFERREDLOGINNAME' | translate }}
</th>
<td mat-cell *matCellDef="let user" [routerLink]="user.id ? ['/users', user.id] : null">
<span *ngIf="user.human">{{ user.preferredLoginName }}</span>
</td>
</ng-container>
<ng-container matColumnDef="username">
<th
mat-header-cell

6
console/src/app/pages/users/user-list/user-table/user-table.component.ts
View File

@@ -51,7 +51,7 @@ export class UserTableComponent implements OnInit {
@Input() public displayedColumnsHuman: string[] = [
'select',
'displayName',
'username',
'preferredLoginName',
'email',
'state',
'creationDate',
@@ -194,6 +194,10 @@ export class UserTableComponent implements OnInit {
case 'username':
sortingField = UserFieldName.USER_FIELD_NAME_USER_NAME;
break;
case 'preferredLoginName':
// TODO: replace with preferred username sorting once implemented
sortingField = UserFieldName.USER_FIELD_NAME_USER_NAME;
break;
case 'email':
sortingField = UserFieldName.USER_FIELD_NAME_EMAIL;
break;

5
console/src/assets/i18n/bg.json
View File

@@ -489,6 +489,7 @@
"LASTNAME": "Фамилия",
"NICKNAME": "Псевдоним",
"DISPLAYNAME": "Екранно име",
"PREFERREDLOGINNAME": "Предпочитано име за вход",
"PREFERRED_LANGUAGE": "език",
"GENDER": "Пол",
"PASSWORD": "Парола",
@@ -789,7 +790,7 @@
},
"PAGES": {
"STATE": "Статус",
"DOMAINLIST": "Домейни"
"DOMAINLIST": "Лични домейни"
},
"STATE": {
"0": "Неуточнено",
@@ -1344,7 +1345,7 @@
"MAXAGEDAYS": "Максимална възраст в дни",
"USERLOGINMUSTBEDOMAIN": "Добавяне на домейн на организация като суфикс към имената за вход",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Ако активирате тази настройка, всички имена за вход ще имат суфикс с домейна на организацията. ",
"VALIDATEORGDOMAINS": "Валидиране на организационни домейни",
"VALIDATEORGDOMAINS": "Верификация на домейна на организацията е необходима (DNS или HTTP предизвикателство)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP адресът на изпращача съвпада с домейна на екземпляра",
"ALLOWUSERNAMEPASSWORD": "Потребителско име Паролата е разрешена",
"ALLOWEXTERNALIDP": "Допуска се външен IDP",

11
console/src/assets/i18n/de.json
View File

@@ -495,6 +495,7 @@
"LASTNAME": "Nachname",
"NICKNAME": "Spitzname",
"DISPLAYNAME": "Anzeigename",
"PREFERREDLOGINNAME": "Bevorzugter Anmeldename",
"PREFERRED_LANGUAGE": "Sprache",
"GENDER": "Geschlecht",
"PASSWORD": "Passwort",
@@ -795,7 +796,7 @@
},
"PAGES": {
"STATE": "Status",
"DOMAINLIST": "Domains"
"DOMAINLIST": "Custom Domains"
},
"STATE": {
"0": "Unspezifisch",
@@ -953,15 +954,15 @@
"DOMAINS": {
"NEW": "Domain hinzufügen",
"TITLE": "Domänen",
"DESCRIPTION": "Konfiguriere die Domains, mit denen sich Deine Benutzer anmelden können.",
"DESCRIPTION": "Konfiguriere die Domains, die für Domain discovery und als Suffix für die Benutzer verwendet werden können.",
"SETPRIMARY": "Primäre Domain setzen",
"DELETE": {
"TITLE": "Domain löschen?",
"DESCRIPTION": "Du bist im Begriff, eine Domain aus Deiner Organisation zu löschen. Deine Benutzer können diese nach dem Löschen nicht mehr für den Login nutzen."
"DESCRIPTION": "Du bist im Begriff, eine Domain aus deiner Organisation zu löschen."
},
"ADD": {
"TITLE": "Domain hinzufügen",
"DESCRIPTION": "Du bist im Begriff, Deiner Organisation eine Domain hinzuzufügen. Deine Benutzer können diese nach der erfolgreichen Ausführung für den Login nutzen."
"DESCRIPTION": "Du bist im Begriff, Deiner Organisation eine Domain hinzuzufügen. Die Domain kann für Domain discovery genutzt werden und als Suffix für deine Benutzernamen."
}
},
"STATE": {
@@ -1350,7 +1351,7 @@
"MAXAGEDAYS": "Maximale Gültigkeit in Tagen",
"USERLOGINMUSTBEDOMAIN": "Organisationsdomain dem Loginname hinzufügen",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "If you enable this setting, all loginnames will be suffixed with the organization domain. If this settings is disabled, you have to ensure that usernames are unique over all organizations.",
"VALIDATEORGDOMAINS": "Org Domains validieren",
"VALIDATEORGDOMAINS": "Verifizierung des Organisations Domain erforderlich (DNS- oder HTTP-Herausforderung)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP Sender Adresse entspricht Instanzdomain",
"ALLOWUSERNAMEPASSWORD": "Benutzername Passwort erlaubt",
"ALLOWEXTERNALIDP": "Externer IDP erlaubt",

11
console/src/assets/i18n/en.json
View File

@@ -496,6 +496,7 @@
"LASTNAME": "Family Name",
"NICKNAME": "Nickname",
"DISPLAYNAME": "Display Name",
"PREFERREDLOGINNAME": "Preferred login name",
"PREFERRED_LANGUAGE": "Language",
"GENDER": "Gender",
"PASSWORD": "Password",
@@ -796,7 +797,7 @@
},
"PAGES": {
"STATE": "Status",
"DOMAINLIST": "Domains"
"DOMAINLIST": "Custom Domains"
},
"STATE": {
"0": "Unspecified",
@@ -954,15 +955,15 @@
"DOMAINS": {
"NEW": "Add Domain",
"TITLE": "Domains",
"DESCRIPTION": "Configure your domains. This domain can be used to log in with your users.",
"DESCRIPTION": "Configure your organization domains. This domain can be used for domain discovery and username suffixing.",
"SETPRIMARY": "Set as Primary",
"DELETE": {
"TITLE": "Delete Domain",
"DESCRIPTION": "You are about to delete one of your domains. Note that your users can no longer use this domain for their login."
"DESCRIPTION": "You are about to delete one of your domains."
},
"ADD": {
"TITLE": "Add Domain",
"DESCRIPTION": "You are about to add a domain for your organization. After successful process, you users will be able to use the domain for their login."
"DESCRIPTION": "You are about to add a domain for your organization. After successful process, the domain can be used for domain discovery and as suffix for your users."
}
},
"STATE": {
@@ -1351,7 +1352,7 @@
"MAXAGEDAYS": "Max Age in days",
"USERLOGINMUSTBEDOMAIN": "Add organization domain as suffix to loginnames",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "If you enable this setting, all loginnames will be suffixed with the organization domain. If this settings is disabled, you have to ensure that usernames are unique over all organizations.",
"VALIDATEORGDOMAINS": "Validate Org domains",
"VALIDATEORGDOMAINS": "Organization domain verification required (DNS or HTTP challenge)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP Sender Address matches Instance Domain",
"ALLOWUSERNAMEPASSWORD": "Username Password allowed",
"ALLOWEXTERNALIDP": "External IDP allowed",

5
console/src/assets/i18n/es.json
View File

@@ -496,6 +496,7 @@
"LASTNAME": "Apellidos",
"NICKNAME": "Apodo",
"DISPLAYNAME": "Nombre mostrado",
"PREFERREDLOGINNAME": "Nombre de inicio de sesión preferido",
"PREFERRED_LANGUAGE": "Idioma",
"GENDER": "Género",
"PASSWORD": "Contraseña",
@@ -796,7 +797,7 @@
},
"PAGES": {
"STATE": "Estado",
"DOMAINLIST": "Dominios"
"DOMAINLIST": "Dominios personalizados"
},
"STATE": {
"0": "No especificado",
@@ -1351,7 +1352,7 @@
"MAXAGEDAYS": "Antigüedad máxima en días",
"USERLOGINMUSTBEDOMAIN": "Añadir el dominio de la organización como sufijo de los nombres de inicio de sesión",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Si activas esta opción, todos los nombres de inicio de sesión tendrán como sufijo el dominio de esta organización. Si esta opción está desactivada, tendrás que asegurarte de que los nombres de usuario son únicos para todas las organizaciones.",
"VALIDATEORGDOMAINS": "Validar los dominios de la organización",
"VALIDATEORGDOMAINS": "Verificación de dominio de la organización requerida (desafío DNS o HTTP)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "La dirección del remitente SMTP coincide con el dominio de la instancia",
"ALLOWUSERNAMEPASSWORD": "Nombre de usuario y contraseña permitido",
"ALLOWEXTERNALIDP": "Permitido IDP externo",

5
console/src/assets/i18n/fr.json
View File

@@ -495,6 +495,7 @@
"LASTNAME": "Nom de famille",
"NICKNAME": "Surnom",
"DISPLAYNAME": "Nom d'affichage",
"PREFERREDLOGINNAME": "Nom de connexion préféré",
"PREFERRED_LANGUAGE": "Langue",
"GENDER": "Sexe",
"PASSWORD": "Mot de passe",
@@ -795,7 +796,7 @@
},
"PAGES": {
"STATE": "Statut",
"DOMAINLIST": "Domaines"
"DOMAINLIST": "Domaines personnalisés"
},
"STATE": {
"0": "Inconnu",
@@ -1350,7 +1351,7 @@
"MAXAGEDAYS": "Âge maximum en jours",
"USERLOGINMUSTBEDOMAIN": "Le nom de connexion de l'utilisateur doit contenir le nom de domaine de l'organisation",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Si vous activez ce paramètre, tous les noms de connexion seront suffixés avec le domaine de l'organisation. Si ce paramètre est désactivé, vous devez vous assurer que les noms d'utilisateur sont uniques pour toutes les organisations.",
"VALIDATEORGDOMAINS": "Valider les domaines d'Org",
"VALIDATEORGDOMAINS": "Vérification du domaine de l'organisation requise (challenge DNS ou HTTP)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "L'adresse de l'expéditeur SMTP correspond au domaine de l'instance",
"ALLOWUSERNAMEPASSWORD": "Nom d'utilisateur Mot de passe autorisé",
"ALLOWEXTERNALIDP": "IDP externe autorisé",

5
console/src/assets/i18n/it.json
View File

@@ -494,6 +494,7 @@
"LASTNAME": "Cognome",
"NICKNAME": "Soprannome",
"DISPLAYNAME": "DisplayName",
"PREFERREDLOGINNAME": "Nome di accesso preferito",
"PREFERRED_LANGUAGE": "Lingua",
"GENDER": "Genere",
"PASSWORD": "Password",
@@ -794,7 +795,7 @@
},
"PAGES": {
"STATE": "Stato",
"DOMAINLIST": "Domini"
"DOMAINLIST": "Domini personalizzati"
},
"STATE": {
"0": "Non specifico",
@@ -1350,7 +1351,7 @@
"MAXAGEDAYS": "Lunghezza massima in giorni",
"USERLOGINMUSTBEDOMAIN": "Nome utente deve contenere il dominio dell' organizzazione",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se abiliti questa impostazione, a tutti i nomi di accesso verrà aggiunto il suffisso del dominio dell'organizzazione. Se questa impostazione è disabilitata, devi assicurarti che i nomi utente siano univoci per tutte le organizzazioni.",
"VALIDATEORGDOMAINS": "Verifica domini dell' organizzazione",
"VALIDATEORGDOMAINS": "Verifica del dominio dell'organizzazione richiesta (challenge DNS o HTTP)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "L'indirizzo mittente SMTP corrisponde al dominio dell'istanza",
"ALLOWUSERNAMEPASSWORD": "Autenticazione classica con password consentita",
"ALLOWEXTERNALIDP": "IDP esterno consentito",

5
console/src/assets/i18n/ja.json
View File

@@ -496,6 +496,7 @@
"LASTNAME": "姓",
"NICKNAME": "ニックネーム",
"DISPLAYNAME": "表示名",
"PREFERREDLOGINNAME": "優先ログイン名",
"PREFERRED_LANGUAGE": "言語",
"GENDER": "性別",
"PASSWORD": "パスワード",
@@ -796,7 +797,7 @@
},
"PAGES": {
"STATE": "ステータス",
"DOMAINLIST": "ドメイン"
"DOMAINLIST": "カスタムドメイン"
},
"STATE": {
"0": "未定義",
@@ -1346,7 +1347,7 @@
"MAXAGEDAYS": "最大有効期限",
"USERLOGINMUSTBEDOMAIN": "ログイン名の接尾辞として組織ドメインを追加する",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "この設定を有効にすると、すべてのログイン名が組織ドメインで接尾辞が付けられます。この設定が無効になっている場合、ユーザー名がすべての組織で一意であることを確認する必要があります。",
"VALIDATEORGDOMAINS": "組織ドメインを認証する",
"VALIDATEORGDOMAINS": "組織ドメイン検証が必要です (DNSまたはHTTPチャレンジ)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP送信者アドレスはインスタンスドメインに一致しています",
"ALLOWUSERNAMEPASSWORD": "ユーザー名とパスワードを許可",
"ALLOWEXTERNALIDP": "外部IDPを許可",

5
console/src/assets/i18n/mk.json
View File

@@ -496,6 +496,7 @@
"LASTNAME": "Презиме",
"NICKNAME": "Прекар",
"DISPLAYNAME": "Име за приказ",
"PREFERREDLOGINNAME": "Претпочитано име за најава",
"PREFERRED_LANGUAGE": "Јазик",
"GENDER": "Пол",
"PASSWORD": "Лозинка",
@@ -796,7 +797,7 @@
},
"PAGES": {
"STATE": "Статус",
"DOMAINLIST": "Домени"
"DOMAINLIST": "Прилагодени домени"
},
"STATE": {
"0": "Ненаведено",
@@ -1352,7 +1353,7 @@
"MAXAGEDAYS": "Максимална возраст во денови",
"USERLOGINMUSTBEDOMAIN": "Додади организациски домен како суфикс на корисничките имиња",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Ако го овозможите ова подесување, сите кориснички имиња ќе имаат суфикс на организацискиот домен. Доколку ова подесување е оневозможено, морате да се осигурате дека корисничките имиња се уникатни низ сите организации.",
"VALIDATEORGDOMAINS": "Валидирај организациски домени",
"VALIDATEORGDOMAINS": "Потврда на доменот на организацијата е неопходна (DNS или HTTP предизвик)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP адресата на испраќачот се поклопува со доменот на инстанцата",
"ALLOWUSERNAMEPASSWORD": "Дозволено корисничко име и лозинка",
"ALLOWEXTERNALIDP": "Дозволен надворешен IDP",

5
console/src/assets/i18n/pl.json
View File

@@ -495,6 +495,7 @@
"LASTNAME": "Nazwisko",
"NICKNAME": "Przezwisko",
"DISPLAYNAME": "Nazwa wyświetlana",
"PREFERREDLOGINNAME": "Preferowana nazwa logowania",
"PREFERRED_LANGUAGE": "Język",
"GENDER": "Płeć",
"PASSWORD": "Hasło",
@@ -795,7 +796,7 @@
},
"PAGES": {
"STATE": "Status",
"DOMAINLIST": "Domeny"
"DOMAINLIST": "Własne domeny"
},
"STATE": {
"0": "Nieokreślony",
@@ -1350,7 +1351,7 @@
"MAXAGEDAYS": "Maksymalny wiek w dniach",
"USERLOGINMUSTBEDOMAIN": "Dodaj domenę organizacji jako przyrostek do nazw logowania",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Jeśli włączysz to ustawienie, wszystkie nazwy logowania będą miały przyrostek z domeną organizacji. Jeśli to ustawienie jest wyłączone, musisz zapewnić unikalność nazw użytkowników we wszystkich organizacjach.",
"VALIDATEORGDOMAINS": "Sprawdzanie ważności domen organizacji",
"VALIDATEORGDOMAINS": "Weryfikacja domeny organizacji jest wymagana (wyzwanie DNS lub HTTP)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "Adres nadawcy SMTP pasuje do domeny instancji",
"ALLOWUSERNAMEPASSWORD": "Zezwól na użycie nazwy użytkownika i hasła",
"ALLOWEXTERNALIDP": "Zezwól na zewnętrznego dostawcę tożsamości",

5
console/src/assets/i18n/pt.json
View File

@@ -496,6 +496,7 @@
"LASTNAME": "Sobrenome",
"NICKNAME": "Apelido",
"DISPLAYNAME": "Nome de Exibição",
"PREFERREDLOGINNAME": "Nome de login preferido",
"PREFERRED_LANGUAGE": "Idioma",
"GENDER": "Gênero",
"SENHA": "Senha",
@@ -796,7 +797,7 @@
},
"PAGES": {
"STATE": "Status",
"DOMAINLIST": "Domínios"
"DOMAINLIST": "Domínios personalizados"
},
"STATE": {
"0": "Não especificado",
@@ -1352,7 +1353,7 @@
"MAXAGEDAYS": "Idade máxima em dias",
"USERLOGINMUSTBEDOMAIN": "Adicionar domínio da organização como sufixo aos nomes de login",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se você habilitar essa configuração, todos os nomes de login serão sufixados com o domínio da organização. Se essa configuração estiver desabilitada, você deve garantir que os nomes de usuário sejam exclusivos em todas as organizações.",
"VALIDATEORGDOMAINS": "Validar domínios da organização",
"VALIDATEORGDOMAINS": "Verificação de domínio da organização necessária (desafio DNS ou HTTP)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "O endereço do remetente do SMTP corresponde ao domínio da Instância",
"ALLOWUSERNAMEPASSWORD": "Permitir usuário e senha",
"ALLOWEXTERNALIDP": "Permitir provedor de ID externo",

5
console/src/assets/i18n/zh.json
View File

@@ -495,6 +495,7 @@
"LASTNAME": "姓",
"NICKNAME": "昵称",
"DISPLAYNAME": "展示名称",
"PREFERREDLOGINNAME": "首选登录名",
"PREFERRED_LANGUAGE": "语言",
"GENDER": "性别",
"PASSWORD": "密码",
@@ -795,7 +796,7 @@
},
"PAGES": {
"STATE": "状态",
"DOMAINLIST": "域名"
"DOMAINLIST": "自定义域名"
},
"STATE": {
"0": "未指定",
@@ -1349,7 +1350,7 @@
"MAXAGEDAYS": "Max Age in days",
"USERLOGINMUSTBEDOMAIN": "用户名必须包含组织域名",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "如果启用此设置,所有登录名都将以组织域为后缀。如果禁用此设置,您必须确保用户名在所有组织中都是唯一的。",
"VALIDATEORGDOMAINS": "验证组织域名",
"VALIDATEORGDOMAINS": "组织域名验证需要 (DNS 或 HTTP 挑战)",
"SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "SMTP 发件人地址与实例域名匹配",
"ALLOWUSERNAMEPASSWORD": "允许用户名密码",
"ALLOWEXTERNALIDP": "允许外部身份提供者",

2
docs/docs/apis/introduction.mdx
View File

@@ -1,5 +1,5 @@
---
title: API Reference Overview
title: ZITADEL API Reference Overview
sidebar_label: Overview
---

3
docs/docs/apis/observability/health.md
View File

@@ -1,5 +1,6 @@
---
title: Ready / Healthy
title: ZITADEL Ready and Health Enpoints
sidebar_label: Ready and Health Enpoints
---
ZITADEL exposes a `Ready`- and `Healthy` endpoint to allow external systems like load balancers, orchestration systems, uptime probes and others to check the status.

3
docs/docs/apis/observability/metrics.md
View File

@@ -1,5 +1,6 @@
---
title: Metrics
title: ZITADEL Metrics
sidebar_label: Metrics
---
ZITADEL provides a `metrics` endpoint with the help of the [opentelemetry-go](https://github.com/open-telemetry/opentelemetry-go) package.

7
docs/docs/apis/openidoauth/authn-methods.md
View File

@@ -1,5 +1,6 @@
---
title: Authentication Methods
title: Authentication Methods in ZITADEL
sidebar_label: Authentication Methods
---
## Client Secret Basic
@@ -45,7 +46,7 @@ JWT
| Claim | Example | Description |
|:------|:---------------------------|:----------------------------------------------------------------------------------------------------------------|
| aud | `"https://{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| aud | `"https://$CUSTOM-DOMAIN"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| exp | `1605183582` | Unix timestamp of the expiry |
| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h |
| iss | `"78366401571920522@acme"` | String which represents the requesting party (owner of the key), normally the `clientID` from the json key file |
@@ -55,7 +56,7 @@ JWT
{
"iss": "78366401571920522@acme",
"sub": "78366401571920522@acme",
"aud": "https://{your_domain}",
"aud": "https://$CUSTOM-DOMAIN",
"exp": 1605183582,
"iat": 1605179982
}

2
docs/docs/apis/openidoauth/authrequest.mdx
View File

@@ -1,5 +1,5 @@
---
title: OIDC Authentication Request Playground
title: ZITADEL OIDC Authentication Request Playground
sidebar_label: OIDC Playground
---

7
docs/docs/apis/openidoauth/claims.md
View File

@@ -1,5 +1,6 @@
---
title: Claims
title: Claims in ZITADEL
sidebar_label: Claims
---
ZITADEL asserts claims on different places according to the corresponding specifications or project and clients settings.
@@ -42,7 +43,7 @@ Please check below the matrix for an overview where which scope is asserted.
| Claims | Example | Description |
|:-------------------|:-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
| acr | TBA | TBA |
| address | `Lerchenfeldstrasse 3, 9014 St. Gallen` | TBA |
| address | `Lerchenfeldstrasse 3, 9014 St. Gallen` | TBA |
| amr | `pwd mfa` | Authentication Method References as defined in [RFC8176](https://tools.ietf.org/html/rfc8176) <br/> `password` value is deprecated, please check `pwd` |
| aud | `69234237810729019` | The audience of the token, by default all client id's and the project id are included |
| auth_time | `1311280969` | Unix time of the authentication |
@@ -54,7 +55,7 @@ Please check below the matrix for an overview where which scope is asserted.
| gender | `other` | Gender of the subject |
| given_name | `Road` | Given name of the subject |
| iat | `1311280970` | Time of the token was issued at (as unix time) |
| iss | `{your_domain}` | Issuing domain of a token |
| iss | `$CUSTOM-DOMAIN` | Issuing domain of a token |
| jti | `69234237813329048` | Unique id of the token |
| locale | `en` | Language from the subject |
| name | `Road Runner` | The subjects full name |

3
docs/docs/apis/openidoauth/endpoints.mdx
View File

@@ -1,5 +1,6 @@
---
title: OpenID Connect Endpoints
title: OpenID Connect Endpoints in ZITADEL
sidebar_label: OpenID Connect Endpoints
---
import Tabs from "@theme/Tabs";

19
docs/docs/apis/openidoauth/grant-types.md
View File

@@ -1,5 +1,6 @@
---
title: Grant Types
title: Grant Types in ZITADEL
sidebar_label: Grant Types
---
For a list of supported or unsupported `Grant Types` please have a look at the table below.
@@ -75,19 +76,19 @@ Key JSON
JWT
| Claim | Example | Description |
|:------|:--------------------------|:--------------------------------------------------------------------------------------------------------------|
| aud | `"https://{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| exp | `1605183582` | Unix timestamp of the expiry |
| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h |
| iss | `"77479219772321307"` | String which represents the requesting party (owner of the key), normally the `userId` from the json key file |
| sub | `"77479219772321307"` | The subject ID of the service user, normally the `userId` from the json key file |
| Claim | Example | Description |
|:------|:-------------------------|:--------------------------------------------------------------------------------------------------------------|
| aud | `"https://$CUSTOM-DOMAIN"` | String or Array of intended audiences MUST include ZITADEL's issuing domain |
| exp | `1605183582` | Unix timestamp of the expiry |
| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h |
| iss | `"77479219772321307"` | String which represents the requesting party (owner of the key), normally the `userId` from the json key file |
| sub | `"77479219772321307"` | The subject ID of the service user, normally the `userId` from the json key file |
```JSON
{
"iss": "77479219772321307",
"sub": "77479219772321307",
"aud": "https://{your_domain}",
"aud": "https://$CUSTOM-DOMAIN",
"exp": 1605183582,
"iat": 1605179982
}

3
docs/docs/apis/openidoauth/scopes.md
View File

@@ -1,5 +1,6 @@
---
title: Scopes
title: Scopes in ZITADEL
sidebar_label: Scopes
---
ZITADEL supports the usage of scopes as way of requesting information from the IAM and also instruct ZITADEL to do certain operations.

8
docs/docs/apis/saml/endpoints.md
View File

@@ -1,10 +1,10 @@
---
title: SAML endpoints
title: SAML Endpoints in ZITADEL
---
## SAML 2.0 metadata
The SAML Metadata is located within the issuer domain. This would give us {your_domain}/saml/v2/metadata.
The SAML Metadata is located within the issuer domain. This would give us $CUSTOM-DOMAIN/saml/v2/metadata.
This metadata contains all the information defined in the spec.
@@ -13,14 +13,14 @@ spec.** [Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0
## Certificate endpoint
{your_domain}/saml/v2/certificate
$CUSTOM-DOMAIN/saml/v2/certificate
The certificate endpoint provides the certificate which is used to sign the responses for download, for easier use with
different service providers which want the certificate separately instead of inside the metadata.
## SSO endpoint
{your_domain}/saml/v2/SSO
$CUSTOM-DOMAIN/saml/v2/SSO
The SSO endpoint is the starting point for all initial user authentications. The user agent (browser) will be redirected
to this endpoint to authenticate the user.

3
docs/docs/apis/statuscodes.mdx
View File

@@ -1,5 +1,6 @@
---
title: GRPC Status Codes
title: GRPC Status Codes in ZITADEL
sidebar_label: GRPC Status Codes
---
| GRPC Number | GRPC Code | HTTP Status Code | HTTP Status Text |Description |

3
docs/docs/concepts/architecture/secrets.md
View File

@@ -1,5 +1,6 @@
---
title: Secrets
title: How ZITADEL Processes and Stores Secrets
sidebar_label: Secrets
---
In this chapter you can find information of how ZITADEL processes and stores secrets and credentials in a secure fashion.

5
docs/docs/concepts/architecture/software.md
View File

@@ -1,5 +1,6 @@
---
title: Software
title: ZITADEL's Software Architecture
sidebar_label: Software Architecture
---
ZITADEL is built with two essential patterns. Event Sourcing (ES) and Command and Query Responsibility Segregation (CQRS).
@@ -14,7 +15,7 @@ Each ZITADEL binary contains all components necessary to serve traffic
From serving the API, rendering GUI's, background processing of events and task.
This All in One (AiO) approach makes operating ZITADEL simple.
## Software Structure
## The Architecture
ZITADELs software architecture is built around multiple components at different levels.
This chapter should give you an idea of the components as well as the different layers.

3
docs/docs/concepts/architecture/solution.md
View File

@@ -1,5 +1,6 @@
---
title: Deployment
title: ZITADEL's Deployment Architecture
sidebar_label: Deployment Architecture
---
## High Availability

3
docs/docs/concepts/eventstore/implementation.md
View File

@@ -1,5 +1,6 @@
---
title: Implementation
title: ZITADEL Database Structure
sidebar_label: Database Structure
---
This documentation gives you an insight into the structure of the ZITADEL database.

2
docs/docs/concepts/eventstore/overview.md
View File

@@ -1,5 +1,5 @@
---
title: Eventstore
title: ZITADEL Event Store
sidebar_label: Overview
---

3
docs/docs/concepts/features/actions.md
View File

@@ -1,5 +1,6 @@
---
title: Actions
title: ZITADEL Actions
sidebar_label: Actions
---
By using ZITADEL actions, you can manipulate ZITADELs behavior on specific Events.

5
docs/docs/concepts/features/audit-trail.md
View File

@@ -1,5 +1,6 @@
---
title: Audit Trail
title: ZITADEL's In-built Audit Trail
sidebar_label: Audit Trail
---
ZITADEL provides you with an built-in audit trail to track all changes and events over an unlimited period of time.
@@ -26,7 +27,7 @@ The same view is available on several other objects such as organization or proj
### Event View
Administrators can see all events across an instance and filter them directly in [Console](/docs/guides/manage/console/overview).
Go to your instance settings and then click on the Tab **Events** to open the Event Viewer or browse to $YOUR_DOMAIN/ui/console/events
Go to your instance settings and then click on the Tab **Events** to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events
![Event viewer](/img/concepts/audit-trail/event-viewer.png)

3
docs/docs/concepts/features/identity-brokering.md
View File

@@ -1,5 +1,6 @@
---
title: Identity Brokering
title: Identity Brokering in ZITADEL
sidebar_label: Identity Brokering
---
## What are Identity Brokering and Federated Identities?

5
docs/docs/concepts/features/selfservice.md
View File

@@ -1,5 +1,6 @@
---
title: Self-Service
title: Self Service in ZITADEL
sidebar_label: Self Service
---
ZITADEL allows users to perform many tasks themselves.
@@ -138,7 +139,7 @@ A client can also implement this, by calling the [specific endpoint](/apis/openi
## Profile
These actions are available for authenticated users only.
ZITADEL provides a self-service UI for the user profile out-of-the box under the path _{your_domain}/ui/console/users/me_.
ZITADEL provides a self-service UI for the user profile out-of-the box under the path _$CUSTOM-DOMAIN/ui/console/users/me_.
You can also implement your own version in your application by using our APIs.
### Change password

3
docs/docs/concepts/structure/applications.md
View File

@@ -1,5 +1,6 @@
---
title: Applications
title: ZITADEL Applications
sidebar_label: Applications
---
# Applications

3
docs/docs/concepts/structure/granted_projects.md
View File

@@ -1,5 +1,6 @@
---
title: Granted Projects
title: ZITADEL's Granted Projects
sidebar_label: Granted Projects
---
# Granted Project

3
docs/docs/concepts/structure/instance.mdx
View File

@@ -1,5 +1,6 @@
---
title: Instance
title: ZITADEL Instances
sidebar_label: Instances
---
## Instance Structure

3
docs/docs/concepts/structure/managers.mdx
View File

@@ -1,5 +1,6 @@
---
title: Managers
title: ZITADEL Managers
sidebar_label: Managers
---
import ManagerDescription from "./_manager_description.mdx";

3
docs/docs/concepts/structure/organizations.md
View File

@@ -1,5 +1,6 @@
---
title: Organizations
title: ZITADEL Organizations
sidebar_label: Organizations
---
import OrgDescription from './_org_description.mdx';

5
docs/docs/concepts/structure/policies.md
View File

@@ -1,8 +1,9 @@
---
title: Settings/Policies
title: ZITADEL Settings and Policies
sidebar_label: Setting and Policies
---
Settings and policies are configurations of all the different parts of the Instance or an organization. For all parts we have a suitable default in the Instance.
Settings and policies are configurations of all the different parts of the instance or an organization. For all parts we have a suitable default in the instance.
The default configuration can be overridden for each organization, some policies are currently only available on the instance level. Learn more about our different policies [here](/guides/manage/console/instance-settings.mdx).
API wise, settings are often called policies. You can read the proto and swagger definitions [here](../../apis/introduction.mdx).

3
docs/docs/concepts/structure/projects.md
View File

@@ -1,5 +1,6 @@
---
title: Projects
title: ZITADEL Projects
sidebar_label: Projects
---
# Project

3
docs/docs/concepts/structure/users.md
View File

@@ -1,5 +1,6 @@
---
title: Users
title: ZITADEL Users
sidebar_label: Users
---
## Types of users

3
docs/docs/examples/call-zitadel-api/dot-net.md
View File

@@ -1,5 +1,6 @@
---
title: .NET
title: Integrate ZITADEL into a .NET Application
sidebar_label: .NET
---
This integration guide shows you how to integrate **ZITADEL** into your .NET application.

3
docs/docs/examples/call-zitadel-api/go.md
View File

@@ -1,5 +1,6 @@
---
title: Go
title: Integrate ZITADEL into a Go Application
sidebar_label: Go
---
This integration guide shows you how to integrate **ZITADEL** into your Go application.

2
docs/docs/examples/identity-proxy/oauth2-proxy.md
View File

@@ -43,7 +43,7 @@ provider = "oidc"
user_id_claim = "sub" #uses the subject as ID instead of the email
provider_display_name = "ZITADEL"
redirect_url = "http://127.0.0.1:4180/oauth2/callback"
oidc_issuer_url = "https://{your_domain}.zitadel.cloud"
oidc_issuer_url = "https://$CUSTOM-DOMAIN"
upstreams = [
"https://example.corp.com"
]

2
docs/docs/examples/introduction.mdx
View File

@@ -1,5 +1,5 @@
---
title: Overview of examples, quickstarts, and SDKs
title: Overview of ZITADEL Examples, Quickstarts, and SDKs
sidebar_label: Overview
---

3
docs/docs/examples/login/angular.md
View File

@@ -1,5 +1,6 @@
---
title: Angular
title: ZITADEL with Angular
sidebar_label: Angular
---
This integration guide demonstrates the recommended way to incorporate ZITADEL into your Angular application.

4
docs/docs/examples/login/flutter.md
View File

@@ -1,5 +1,7 @@
---
title: Flutter
title: ZITADEL with Flutter
sidebar_label: Flutter
---
This guide demonstrates how you integrate **ZITADEL** into a Flutter app. It refers to our example on [GitHub](https://github.com/zitadel/zitadel_flutter)

5
docs/docs/examples/login/nextjs-b2b.md
View File

@@ -1,8 +1,9 @@
---
title: Next.js B2B Scenario
title: ZITADEL with Next.js - A B2B Scenario
sidebar_label: Next.js - B2B
---
This is our Zitadel [Next.js](https://nextjs.org/) B2B template. It shows how to authenticate as a user with multiple organizations. The application shows your users roles on the selected organizations, other projects your organization is allowed to use and other users having a grant to use the application.
This is our ZITADEL [Next.js](https://nextjs.org/) B2B template. It shows how to authenticate as a user with multiple organizations. The application shows your users roles on the selected organizations, other projects your organization is allowed to use and other users having a grant to use the application.
If you need more info on B2B use cases consider reading our guide for the [B2B solution scenario](/guides/solution-scenarios/b2b.mdx).

3
docs/docs/examples/login/nextjs.md
View File

@@ -1,5 +1,6 @@
---
title: Next.js
title: ZITADEL with Next.js
sidebar_label: Next.js
---
This is our Zitadel [Next.js](https://nextjs.org/) template. It shows how to authenticate as a user and retrieve user information from the OIDC endpoint.

3
docs/docs/examples/login/react.mdx
View File

@@ -1,5 +1,6 @@
---
title: React
title: ZITADEL with React
sidebar_label: React
---
This Integration guide shows you the recommended way to integrate **ZITADEL** into your React Application.

3
docs/docs/examples/sdks.md
View File

@@ -1,5 +1,6 @@
---
title: SDKs
title: ZITADEL SDKs
sidebar_label: SDKs
---
On this page you find our official SDKs, links to supporting frameworks and providers, and resources to help with SDKs.

3
docs/docs/examples/secure-api/dot-net.md
View File

@@ -1,4 +1,5 @@
---
title: .NET
title: ZITADEL with .NET
sidebar_label: .NET
---
Coming soon

3
docs/docs/examples/secure-api/go.md
View File

@@ -1,5 +1,6 @@
---
title: Go
title: ZITADEL with Go
sidebar_label: Go
---
This integration guide shows you how to integrate **ZITADEL** into your Go API. It demonstrates how to secure your API using

3
docs/docs/examples/secure-api/python-flask.mdx
View File

@@ -1,5 +1,6 @@
---
title: Python
title: ZITADEL with Python
sidebar_label: Python
---
This example shows you how to secure a Python3 Flask API with both authentication and authorization using ZITADEL.

2
docs/docs/guides/integrate/access-zitadel-apis.md
View File

@@ -44,7 +44,7 @@ Use the scope `urn:zitadel:iam:org:project:id:zitadel:aud` to include the ZITADE
```bash
curl --request POST \
--url {your_domain}/oauth/v2/token \
--url $CUSTOM-DOMAIN/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data scope='openid profile email urn:zitadel:iam:org:project:id:zitadel:aud' \

4
docs/docs/guides/integrate/access-zitadel-system-api.md
View File

@@ -59,7 +59,7 @@ The JWT payload will need to contain the following claims:
{
"iss": "<userid>",
"sub": "<userid>",
"aud": "<https://your_domain>",
"aud": "<https://$CUSTOM-DOMAIN>",
"exp": <now+1h>,
"iat": <now>
}
@@ -95,7 +95,7 @@ Now that you configured ZITADEL and created a JWT, you can call the System API a
```bash
curl --request POST \
--url {your_domain}/system/v1/instances/_search \
--url $CUSTOM-DOMAIN/system/v1/instances/_search \
--header 'Authorization: Bearer {token}' \
--header 'Content-Type: application/json'
```

5
docs/docs/guides/integrate/authenticated-mongodb-charts.md
View File

@@ -1,5 +1,6 @@
---
title: Authenticated MongoDB Charts
title: Embed Authenticated MongoDB Charts Using ZITADEL
sidebar_label: Authenticated MongoDB Charts
---
This integration guide shows how you can embed authenticated MongoDB Charts in your web application using ZITADEL as authentication provider.
@@ -28,7 +29,7 @@ Configure ZITADEL as your _Custom JWT Provider_ following the [MongoDB docs](htt
Configure the following values:
- Signing Algorithm: RS256
- Signing Key: JWK or JWKS URL
- JWKS: https://{your_domain}.zitadel.cloud/oauth/v2/keys
- JWKS: https://$CUSTOM-DOMAIN/oauth/v2/keys
- Audience: Your app's client ID which you copied when you created the ZITADEL app
Your configuration should look similar to this:

4
docs/docs/guides/integrate/client-credentials.md
View File

@@ -41,7 +41,7 @@ You will need to craft a POST request to ZITADEL's token endpoint:
```bash
curl --request POST \
--url https://{your_domain}.zitadel.cloud/oauth/v2/token \
--url https://$CUSTOM-DOMAIN/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic ${BASIC_AUTH}' \
--data grant_type=client_credentials \
@@ -72,7 +72,7 @@ In this example we read the organization of the service user.
```bash
curl --request GET \
--url {your-domain}/management/v1/orgs/me \
--url $CUSTOM-DOMAIN/management/v1/orgs/me \
--header 'Authorization: Bearer ${TOKEN}'
```

15
docs/docs/guides/integrate/event-api.md
View File

@@ -1,5 +1,6 @@
---
title: Get events from ZITADEL
title: Get Events from ZITADEL
sidebar_label: Events
---
ZITADEL leverages the power of eventsourcing, meaning every action and change within the system generates a corresponding event that is stored in the database.
@@ -23,7 +24,7 @@ To further restrict your result you can add the following filters:
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/events/_search \
--url $CUSTOM-DOMAIN/admin/v1/events/_search \
--header "Authorization: Bearer $TOKEN"
```
@@ -33,7 +34,7 @@ To be able to filter for the different event types ZITADEL knows, you can reques
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/events/types/_search \
--url $CUSTOM-DOMAIN/admin/v1/events/types/_search \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type: application/json' \
'
@@ -69,7 +70,7 @@ To be able to filter for the different aggregate types (resources) ZITADEL knows
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/aggregates/types/_search \
--url $CUSTOM-DOMAIN/admin/v1/aggregates/types/_search \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type: application/json'
```
@@ -100,7 +101,7 @@ This example shows you how to get all events from users, filtered with the creat
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/events/_search \
--url $CUSTOM-DOMAIN/admin/v1/events/_search \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type: application/json' \
--data '{
@@ -120,7 +121,7 @@ Also we include the refresh tokens in this example to know when the user has bec
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/events/_search \
--url $CUSTOM-DOMAIN/admin/v1/events/_search \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type: application/json' \
--data '{
@@ -146,7 +147,7 @@ In this case this are the following events:
```bash
curl --request POST \
--url $YOUR-DOMAIN/admin/v1/events/_search \
--url $CUSTOM-DOMAIN/admin/v1/events/_search \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type: application/json' \
--data '{

2
docs/docs/guides/integrate/identity-providers/apple.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure Apple as Identity Provider
title: Configure Apple as an Identity Provider in ZITADEL
sidebar_label: Apple
---

2
docs/docs/guides/integrate/identity-providers/azure-ad.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure Azure AD as Identity Provider
title: Configure Azure AD as an Identity Provider in ZITADEL
sidebar_label: Azure AD
---

2
docs/docs/guides/integrate/identity-providers/github.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure GitHub as Identity Provider
title: Configure GitHub as an Identity Provider in ZITADEL
sidebar_label: GitHub
---

2
docs/docs/guides/integrate/identity-providers/gitlab.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure GitLab as Identity Provider
title: Configure GitLab as an Identity Provider in ZITADEL
sidebar_label: GitLab
---

2
docs/docs/guides/integrate/identity-providers/google.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure Google as Identity Provider
title: Configure Google as an Identity Provider in ZITADEL
sidebar_label: Google
---

2
docs/docs/guides/integrate/identity-providers/ldap.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure LDAP as Identity Provider
title: Configure LDAP as an Identity Provider in ZITADEL
sidebar_label: LDAP
---

2
docs/docs/guides/integrate/identity-providers/okta.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure OKTA as Identity Provider
title: Configure OKTA as an Identity Provider in ZITADEL
sidebar_label: OKTA generic OIDC
id: okta
---

2
docs/docs/guides/integrate/identity-providers/openldap.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure local OpenLDAP as Identity Provider
title: Configure Local OpenLDAP as an Identity Provider in ZITADEL
sidebar_label: Local OpenLDAP
---

2
docs/docs/guides/integrate/login-ui/external-login.mdx
View File

@@ -1,5 +1,5 @@
---
title: Handle External Login
title: Handle External Logins in ZITADEL
sidebar_label: External Identity Provider
---

3
docs/docs/guides/integrate/login-ui/logout.mdx
View File

@@ -1,5 +1,6 @@
---
title: Logout
title: Logging Out via ZITADEL
sidebar_label: Logout
---
import Logout from './_logout.mdx';

4
docs/docs/guides/integrate/login-ui/mfa.mdx
View File

@@ -1,6 +1,6 @@
---
title: Multi-Factor (MFA)
sidebar_label: Multi-Factor (MFA)
title: Multi-Factor Authentication(MFA) in ZITADEL
sidebar_label: Multi-Factor Authentication(MFA)
---
import MfaOptions from './_list-mfa-options.mdx';

3
docs/docs/guides/integrate/login-ui/oidc-standard.mdx
View File

@@ -1,5 +1,6 @@
---
title: OIDC Standard
title: Support for the OpenID Connect(OIDC) Standard in ZITADEL
sidebar_label: OIDC Standard
---
To build your own login ui for your own application it is not necessary to have the OIDC standard included or any additional work that has to be done.

2
docs/docs/guides/integrate/login-ui/passkey.mdx
View File

@@ -1,5 +1,5 @@
---
title: Passkeys
title: Passkeys in ZITADEL
sidebar_label: Passkeys
---

3
docs/docs/guides/integrate/login-ui/password-reset.mdx
View File

@@ -1,5 +1,6 @@
---
title: Password Reset/Change
title: Password Reset/Change in ZITADEL
sidebar_label: Password Reset/Change
---
When your user is on the password screen and has forgotten his password you will probably want him to be able to reset by himself.

2
docs/docs/guides/integrate/login-ui/username-password.mdx
View File

@@ -1,5 +1,5 @@
---
title: Register and Login User with Password
title: Register and Login User with Password in ZITADEL
sidebar_label: Username and Password
---

3
docs/docs/guides/integrate/login-users.mdx
View File

@@ -1,5 +1,6 @@
---
title: Login Users into your Application
title: Login Users into your Application with ZITADEL
sidebar_label: Login
---
import Tabs from "@theme/Tabs";

5
docs/docs/guides/integrate/logout.md
View File

@@ -1,5 +1,6 @@
---
title: Logout
title: Log Out Users from an Application with ZITADEL
sidebar_label: Logout
---
This guide shows you the different concepts and use cases of the logout process and how to use it in ZITADEL.
@@ -36,7 +37,7 @@ If you have specified some post_logout_redirect_uris on your client you have to
So ZITADEL is able to read the configured redirect uris.
```
GET {your_domain}/oidc/v1/end_session
GET $CUSTOM-DOMAIN/oidc/v1/end_session
?id_token_hint={id_token}
&post_logout_redirect_uri=https://rp.example.com/logged_out
&state=random_string

2
docs/docs/guides/integrate/oauth-recommended-flows.md
View File

@@ -1,5 +1,5 @@
---
title: Recommended authorization flows
title: Recommended Authorization Flows
---
<table className="table-wrapper">

5
docs/docs/guides/integrate/pat.md
View File

@@ -1,5 +1,6 @@
---
title: PAT (Personal Access Token)
title: ZITADEL's Personal Access Tokens(PATs)
sidebar_label: Personal Access Tokens(PATs)
---
@@ -40,6 +41,6 @@ In this example we read the organization of the service user.
```bash
curl --request GET \
--url {your-domain}/management/v1/orgs/me \
--url $CUSTOM-DOMAIN/management/v1/orgs/me \
--header 'Authorization: Bearer {PAT}'
```

11
docs/docs/guides/integrate/private-key-jwt.md
View File

@@ -1,5 +1,6 @@
---
title: Private Key JWT
title: Service Users in ZITADEL
sidebar_label: Service Users
---
This is a guide on how to create service users in ZITADEL. You can read more about users [here](/concepts/structure/users.md).
@@ -67,7 +68,7 @@ Payload
{
"iss": "100507859606888466",
"sub": "100507859606888466",
"aud": "https://{your_domain}.zitadel.cloud",
"aud": "https://$CUSTOM-DOMAIN",
"iat": [Current UTC timestamp, e.g. 1605179982, max. 1 hour ago],
"exp": [UTC timestamp, e.g. 1605183582]
}
@@ -89,7 +90,7 @@ With the encoded JWT from the prior step, you will need to craft a POST request
```bash
curl --request POST \
--url https://{your_domain}.zitadel.cloud/oauth/v2/token \
--url https:/$CUSTOM-DOMAIN/oauth/v2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
--data scope='openid profile email' \
@@ -121,7 +122,7 @@ For this example let's call the userinfo endpoint to verify that our access toke
```bash
curl --request POST \
--url https://{your_domain}.zitadel.cloud/oidc/v1/userinfo \
--url $CUSTOM-DOMAIN/oidc/v1/userinfo \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer MtjHodGy4zxKylDOhg6kW90WeEQs2q...'
```
@@ -134,7 +135,7 @@ Content-Type: application/json
{
"name": "MyServiceUser",
"preferred_username": "service_user@{your_domain}.zitadel.cloud",
"preferred_username": "service_user@$CUSTOM-DOMAIN",
"updated_at": 1616417938
}
```

25
docs/docs/guides/integrate/retrieve-user-roles.md
View File

@@ -1,5 +1,6 @@
---
title: Retrieve user roles
title: Retrieve User Roles in ZITADEL
sidebar_label: Retrieve User Roles
---
This guide explains all the possible ways of retrieving user roles across different organizations and projects using ZITADEL's APIs.
@@ -82,7 +83,7 @@ Alternatively, you can include the claims `urn:iam:org:project:roles` or/and `ur
### Retrieve roles from the userinfo endpoint
The user info endpoint is **ZITADEL_DOMAIN/oidc/v1/userinfo**.
The user info endpoint is **$CUSTOM-DOMAIN/oidc/v1/userinfo**.
This endpoint will return information about the authenticated user.
Send the access token of the user as `Bearer Token` in the `Authorization` header:
@@ -90,7 +91,7 @@ Send the access token of the user as `Bearer Token` in the `Authorization` heade
**cURL Request:**
```bash
curl --request GET \
--url $ZITADEL_DOMAIN/oidc/v1/userinfo
--url $CUSTOM-DOMAIN/oidc/v1/userinfo
--header 'Authorization: Bearer <TOKEN>'
```
@@ -205,11 +206,11 @@ Lets start with a user who has multiple roles in different organizations in a
Returns a list of roles for the authenticated user and for the requesting project (based on the token).
**URL: https://$ZITADEL_DOMAIN/auth/v1/permissions/me/_search**
**URL: https://$CUSTOM-DOMAIN/auth/v1/permissions/me/_search**
**cURL request:**
```bash
curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/permissions/me/_search' \
curl -L -X POST 'https://$CUSTOM-DOMAIN/auth/v1/permissions/me/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
```
@@ -230,12 +231,12 @@ Returns a list of permissions the authenticated user has in ZITADEL based on the
This request can be used if you are building a management UI. For instance, if the UI is managing users, you can show the management functionality based on the permissions the user has. Heres an example: if the user has `user.read` and `user.write` permission you can show the edit buttons, if the user only has `user.read` permission, you can hide the edit buttons.
**URL: https://ZITADEL_DOMAIN/auth/v1/permissions/zitadel/me/_search**
**URL: https://$CUSTOM-DOMAIN/auth/v1/permissions/zitadel/me/_search**
**cURL Request:**
```bash
curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/permissions/zitadel/me/_search' \
curl -L -X POST 'https://$CUSTOM-DOMAIN/auth/v1/permissions/zitadel/me/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
```
@@ -276,12 +277,12 @@ curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/permissions/zitadel/me/_search'
Returns a list of user grants the authenticated user has. User grants consist of an organization, a project and roles.
**URL: https://$ZITADEL_DOMAIN/auth/v1/usergrants/me/_search**
**URL: https://$CUSTOM-DOMAIN/auth/v1/usergrants/me/_search**
**cURL request:**
```bash
curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/usergrants/me/_search' \
curl -L -X POST 'https://$CUSTOM-DOMAIN/auth/v1/usergrants/me/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
@@ -378,7 +379,7 @@ curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/usergrants/me/_search' \
### Retrieve roles using the management API
Now we will use the management API to retrieve user roles under an admin user.
The base URL is: **https://$ZITADEL_DOMAIN/management/v1**
The base URL is: **https://$CUSTOM-DOMAIN/management/v1**
In [APIs listed under user grants in the management API](/docs/category/apis/resources/mgmt/user-grants), you will see that you can use the management API to retrieve and modify user grants. The two API paths that we are interested in to fetch user roles are given below.
@@ -388,12 +389,12 @@ In [APIs listed under user grants in the management API](/docs/category/apis/res
Returns a list of user roles that match the search queries. A user with manager permissions will call this API and will also have to reside in the same organization as the user.
**URL: https://$ZITADEL_DOMAIN/management/v1/users/grants/_search**
**URL: https://$CUSTOM-DOMAIN/management/v1/users/grants/_search**
**cURL request:**
```bash
curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/grants/_search' \
curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/grants/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \

2
docs/docs/guides/integrate/services/atlassian-saml.md
View File

@@ -1,5 +1,5 @@
---
title: Connect with Atlassian through SAML 2.0
title: Log in with ZITADEL on Atlassian through SAML 2.0
sidebar_label: Atlassian
---

2
docs/docs/guides/integrate/services/auth0-oidc.mdx
View File

@@ -1,5 +1,5 @@
---
title: Connect with Auth0 through OIDC
title: Log in with ZITADEL on Auth0 through OIDC
sidebar_label: Auth0 (OIDC)
---

2
docs/docs/guides/integrate/services/auth0-saml.md
View File

@@ -1,5 +1,5 @@
---
title: Connect with Auth0 through SAML 2.0
title: Log in with ZITADEL on Auth0 through SAML 2.0
sidebar_label: Auth0 (SAML)
---

2
docs/docs/guides/integrate/services/aws-saml.md
View File

@@ -1,5 +1,5 @@
---
title: Connect with AWS through SAML 2.0
title: Log in with ZITADEL on AWS through SAML 2.0
sidebar_label: Amazon Web Services
---

2
docs/docs/guides/integrate/services/cloudflare-oidc.mdx
View File

@@ -1,5 +1,5 @@
---
title: Configure as OIDC Identity Provider for Cloudflare Zero Trust
title: Configure ZITADEL as an OIDC Identity Provider on Cloudflare Zero Trust
sidebar_label: Cloudflare Zero Trust
---

4
docs/docs/guides/integrate/services/gitlab-saml.md
View File

@@ -1,5 +1,5 @@
---
title: Connect with Gitlab through SAML 2.0
title: Log in with ZITADEL on Gitlab through SAML 2.0
sidebar_label: Gitlab
---
@@ -51,7 +51,7 @@ Check your application, if everything is correct, press "Create".
Complete the configuration as follows:
- `Identity provider single sign-on URL`: {your_instance_domain}/saml/v2/SSO
- `Identity provider single sign-on URL`: $CUSTOM-DOMAIN/saml/v2/SSO
- `Certificate fingerprint`: You need to download the certificate from {your_instance_domain}/saml/v2/certificate and create a SHA1 fingerprint
Save the changes.

Some files were not shown because too many files have changed in this diff Show More