mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-13 02:58:11 +00:00
fix(console): move org domains into settings page of the organization (#6612)
* fix: hide domains settings for unauthorized users * refine sidenav object mapping * move domains to settings * change docs * set anchor to list element * remove canwrite check in ngif --------- Co-authored-by: Miguel A. C <doncicuto@gmail.com>
This commit is contained in:
Max Peintner
@@ -72,14 +72,12 @@ Please note that domain verification also removes the logonname from all users,
|
||||
You can also disable domain verification with DNS challenge in the [instance settings](/docs/guides/manage/console/instance-settings#domain-settings).
|
||||
:::
|
||||
|
||||
1. Browse to your organization
|
||||
2. Click **Add Domain**
|
||||
1. Browse to your organization settings
|
||||
2. Select the menu entry **Verified domains**
|
||||
3. To start the domain verification click the domain name and a dialog will appear, where you can choose between DNS or HTTP challenge methods.
|
||||
4. For example, create a TXT record with your DNS provider for the used domain and click verify. ZITADEL will then proceed and check your DNS.
|
||||
5. When the verification is successful you have the option to activate the domain by clicking **Set as primary**
|
||||
|
||||
|
||||
|
||||
:::caution
|
||||
Do not delete the verification code, as ZITADEL will re-check the ownership of your domain from time to time
|
||||
:::
|
||||
@@ -95,6 +93,7 @@ Those settings are the same as on your instance.
|
||||
- [**Identity Providers**](./instance-settings#identity-providers): Define IDPs which are available for all organizations
|
||||
- [**Password Complexity**](./instance-settings#password-complexity): Requirements for Passwords ex. Symbols, Numbers, min length and more.
|
||||
- [**Lockout**](./instance-settings#lockout): Set the maximum attempts a user can try to enter the password. When the number is exceeded, the user gets locked out and has to be unlocked.
|
||||
- [**Verified domains**](/docs/guides/manage/console/organizations#verify-your-domain-name): This is where you manage your organization specific domains which can be used to build usernames
|
||||
- [**Domain settings**](./instance-settings#domain-settings): Whether users use their email or the generated username to login. Other Validation, SMTP settings
|
||||
- [**Branding**](./instance-settings#branding): Appearance of the login interface.
|
||||
- [**Message Texts**](./instance-settings#message-texts): Text and internationalization for emails
|
||||
@@ -105,20 +104,19 @@ If you need custom branding on a organization (for example in a B2B scenario, wh
|
||||
|
||||
The behaviour of the login page, applyling custom design, is then defined on your projects detail page. Read more about it [here](./projects#branding)
|
||||
|
||||
|
||||
## Show Organization Login
|
||||
|
||||
As you should know by now ZITADEL knows the concept of Organizations.
|
||||
You can define [default settings](/docs/guides/manage/console/instance-settings) for your ZITADEL, or you can overwrite them for an [Organization](#organization-settings).
|
||||
Per default the ZITADEL Login will always show what is defined per default. As soon as the Organization context is given, the settings defined on the specific organization can be triggered.
|
||||
This means when you want to trigger the settings of an organization directly, make sure to send the organization scope in the authentication request.
|
||||
``` bash
|
||||
|
||||
```bash
|
||||
urn:zitadel:iam:org:id:{id}
|
||||
```
|
||||
|
||||
Read more about the [scopes](/docs/apis/openidoauth/scopes#reserved-scopes) or try it out in our [OIDC Playground](/docs/apis/openidoauth/authrequest).
|
||||
|
||||
|
||||
## Default organization
|
||||
|
||||
On the instance settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization.
|
||||
|
||||
@@ -88,7 +88,7 @@ Make sure to [Force MFA](/docs/guides/manage/console/instance-settings#multifact
|
||||
|
||||
### Verify domains
|
||||
|
||||
Switch to the organization **Alpha** and select the tab "Domains".
|
||||
Switch to the organization **Alpha** and navigate to the settings and "Verified domains".
|
||||
Verify the domain alpha.com following the [organization guide](/docs/guides/manage/console/organizations#domain-verification-and-primary-domain).
|
||||
|
||||
Do the same for the **Beta** organization.
|
||||
@@ -101,7 +101,7 @@ You can also disable domain verification with acme challenge in the [instance se
|
||||
|
||||
You should be all setup to try out domain discovery.
|
||||
|
||||
The user journeys for the different users would look as follows:
|
||||
The user journeys for the different users would look as follows:
|
||||
|
||||
- User (Alice, Bob, Chuck) clicks a login button in your application
|
||||
- Redirected to `login.mycompany.com` (ZITADEL running under a custom domain)
|
||||
|
||||
BIN
docs/static/img/change-email.gif
vendored
BIN
docs/static/img/change-email.gif
vendored
Binary file not shown.
|
Before Width: | Height: | Size: 11 MiB |
BIN
docs/static/img/console_verify_domain.gif
vendored
BIN
docs/static/img/console_verify_domain.gif
vendored
Binary file not shown.
|
Before Width: | Height: | Size: 20 MiB |
Reference in New Issue
Block a user