docs: Scenario docs (#4533)

* docs: solution scenario - redireect to identity provider

* docs: solution scenario - custom url

* fix: typo in default message

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/solution-scenarios/configurations.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

Co-authored-by: Florian Forster <florian@zitadel.com>
This commit is contained in:
Fabi 2022-11-10 14:05:10 +01:00 committed by GitHub
parent 7c6ed19ab3
commit 358a517e63
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 50 additions and 1 deletions

View File

@ -0,0 +1,48 @@
---
title: How to configure ZITADEL for your scenario
---
Each customer does have different needs and use-cases. In ZITADEL you are able to configure your settings depending on your needs.
In this section we show you the different use-cases we have already experienced, that could interest you.
## Automatically redirect users if the organization has only one identity provider
You have different customers (organizations) in your ZITADEL instance and they have different needs on how to authenticate their users. One of your customers does only allow login with an external identity provider like Google, Azure AD, and so on.
If a user of this organization wants to login, you don't want them to enter their username in the ZITADEL Login UI, they should be redirected directly to the identity provider without their interaction.
### Settings
1. Go to the "Identity Providers" Settings of the organization
2. Configure the needed identity provider: Read this [guide](../integrate/identity-brokering.md) if you don't know how
3. Go to the "Login Behavior and Security" settings of the organization
4. Disable "Username Password Allowed" and enable "External IDP allowed" in the Advanced Section
Now your application can send either the organizations id (`urn:zitadel:iam:org:id:{id}`) or organizations primary domain (`urn:zitadel:iam:org:domain:primary:{domainname}`) scope on your authorization request to identify on which organization the users should be logged in.
More about the [scopes](../../apis/openidoauth/scopes#reserved-scopes)
## Custom Application Domain per Organization
If you have an application that runs a dedicated domain for each customer you need to instruct ZITADEL to allow redirection for each domain specifically to safeguard against phishing attacks.
Example:
MyApplication: customer-a.app.com
ZITADEL Login: login.app.com
In the OIDC Authorization request you always have to send the redirect URI to where you like to be redirected after login.
To handle this scenario it is possible to register multiple URIs on each application in ZITADEL, the only criteria is that the requested URI has to match one of the registered URIs.
Read more about [applications](../manage/console/applications) and the [redirect urls](../manage/console/applications#redirect-uris)
### Trigger organization in ZITADEL login
It is possible to trigger the organization directly with the authorization request to ZITADEL.
This will have the following impacts:
- Trigger organization login behaviour settings
- Trigger organization branding
- Only allow users from selected organization to login
To request the organization send either the the organization id (`urn:zitadel:iam:org:id:{id}`) or organization primary domain (`urn:zitadel:iam:org:domain:primary:{domainname}`) scope on your authentication request from your application.
More about the [scopes](../../apis/openidoauth/scopes#reserved-scopes)

View File

@ -170,6 +170,7 @@ module.exports = {
"guides/solution-scenarios/introduction", "guides/solution-scenarios/introduction",
"guides/solution-scenarios/b2c", "guides/solution-scenarios/b2c",
"guides/solution-scenarios/b2b", "guides/solution-scenarios/b2b",
"guides/solution-scenarios/configurations",
], ],
}, },
{ {

View File

@ -17,7 +17,7 @@ VerifyEmail:
PreHeader: Verify email PreHeader: Verify email
Subject: Verify email Subject: Verify email
Greeting: Hello {{.FirstName}} {{.LastName}}, Greeting: Hello {{.FirstName}} {{.LastName}},
Text: A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you din't add a new email, please ignore this email. Text: A new email has been added. Please use the button below to verify your mail. (Code {{.Code}}) If you didn't add a new email, please ignore this email.
ButtonText: Verify email ButtonText: Verify email
VerifyPhone: VerifyPhone:
Title: ZITADEL - Verify phone Title: ZITADEL - Verify phone