From 30fa2488fd0e0e174de75289c0d22f7ebb686f66 Mon Sep 17 00:00:00 2001 From: Maximilian Panne Date: Thu, 31 Jul 2025 16:38:24 +0200 Subject: [PATCH] organization domain --- docs/docs/guides/manage/console/default-settings.mdx | 10 +++++----- docs/docs/guides/manage/console/organizations.mdx | 6 +++--- .../guides/solution-scenarios/domain-discovery.mdx | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/docs/guides/manage/console/default-settings.mdx b/docs/docs/guides/manage/console/default-settings.mdx index f255d15d93..bf9963f4d8 100644 --- a/docs/docs/guides/manage/console/default-settings.mdx +++ b/docs/docs/guides/manage/console/default-settings.mdx @@ -133,14 +133,14 @@ The Login Policy defines how the login process should look like and which authen | Register allowed | Enable self register possibility in the login ui, this enables username password registration as well as registration with configured external identity providers | | External IDP allowed | Possibility to login with an external identity (e.g Google, Microsoft, Apple, etc), If you like to allow external Identity providers add them to the providers list | | Hide password reset | Disable the self-service option for users to reset their password. | -| Domain discovery allowed | If this setting is enabled, the user does't not mandatory have to exist when entering the username. It is required to have verified domains on the organization. Example: ZITADEL is registered as organization with the domain zitadel.com and Entra ID as identity provider. A user enters john@zitadel.com in the login but the user doesn't exist. The domain can be mapped to the organization and therefore the user can be redirected to the Entra ID. | +| Domain discovery allowed | If this setting is enabled, the user does't not mandatory have to exist when entering the username. It is required to have an Organization Domain configured. Example: ZITADEL is registered as organization with the domain zitadel.com and Entra ID as identity provider. A user enters john@zitadel.com in the login but the user doesn't exist. The domain can be mapped to the organization and therefore the user can be redirected to the Entra ID. | | Ignore unknown usernames | This setting can be enabled, if no error message should be shown if the user doesn't exist. Example: A user enters the login name john@zitadel.com, the user doesn't exist, but will be redirected to the password screen. After entering a password, the user will get an error that either username or password are wrong. | | Disable login with email address | By default users can additionally [login with the email attribute](/docs/guides/solution-scenarios/configurations#use-an-email-address-as-username) of their user. Check this option to disable. | | Disable login with phone number | By default users can additionally [login with the phonenumber attribute](/docs/guides/solution-scenarios/configurations#use-a-phone-number-as-username) of their user. Check this option to disable. | Login Bahaviour and Access @@ -261,7 +261,7 @@ If an account is locked, the administrator has to unlock it in the ZITADEL conso If you enable this setting, all loginnames will be suffixed with the organization domain. If this settings is disabled, you have to ensure that usernames are unique over all organizations. -### Validate Org domains +### Validate organization domains If this is enabled all created domains on an organization must be verified per dns/acme challenge. @@ -275,7 +275,7 @@ With that you can ensure that users receive notifications from the same domain t ### Use email as username -To be able to use the email as username you have to disable the attribute "User Loginname must contain orgdomain" on your domain settings. +To be able to use the email as username you have to disable the attribute "User Loginname must contain organization domain" on your domain settings. This means that all your users will not be suffixed with the domain of your organization and you can enter the email as username. All usernames will then be globally unique within your instance. @@ -316,7 +316,7 @@ These are the texts for your notification mails. Available for change are: | Message Text | Description | | --------------- | -------------------------------------------------------------------------------------------------------------------------- | -| Domain Claim | The Mail after an organisation claimed a domain for itself. Users on other organisations with this domain will be notified | +| Domain Claim | The Mail after an organization claimed a domain for itself. Users on other organizations with this domain will be notified | | Initialization | The mail after a user has been created. A code is part of the message which then must be verified on first login | | Passwordless | The Mail to register an additional passwordless device by a link | | Password Reset | The Mail to reset the password by a link | diff --git a/docs/docs/guides/manage/console/organizations.mdx b/docs/docs/guides/manage/console/organizations.mdx index d9336421e9..b30a09771c 100644 --- a/docs/docs/guides/manage/console/organizations.mdx +++ b/docs/docs/guides/manage/console/organizations.mdx @@ -58,7 +58,7 @@ Once you have successfully registered your organization, ZITADEL will automatica Users that you create within your organization will be suffixed with this domain name. You can improve the user experience, by suffixing users with a domain name that is in your control. -If the "validate org domains" settings in the [Domain Settings](./default-settings#domain-settings) is set to true, you have to prove the ownership of your domain, by DNS or HTTP challenge. +If the "validate organization domains" settings in the [Domain Settings](./default-settings#domain-settings) is set to true, you have to prove the ownership of your domain, by DNS or HTTP challenge. If the setting is set to false, the created domain will automatically be set to verifed. An organization can have multiple domain names, but only one domain can be primary. @@ -75,7 +75,7 @@ You can also disable domain verification with DNS challenge in the [default sett ::: 1. Browse to your organization settings -2. Select the menu entry **Verified domains** +2. Select the menu entry **Organization domains** 3. To start the domain verification click the domain name and a dialog will appear, where you can choose between DNS or HTTP challenge methods.