diff --git a/docs/docs/support/advisory/a10000.md b/docs/docs/support/advisory/a10000.md index 9943bcc307..1bdf0d2baa 100644 --- a/docs/docs/support/advisory/a10000.md +++ b/docs/docs/support/advisory/a10000.md @@ -13,8 +13,8 @@ To address this, we are going to change this behavior so that users will be auto ## Statement -This behaviour change is tracked in the following issue: [Reuse current session if no prompt is selected ](https://github.com/zitadel/zitadel/issues/4841) -As soon as the release version is published, we will include the version here. +This behaviour change was tracked in the following issue: [Reuse current session if no prompt is selected](https://github.com/zitadel/zitadel/issues/4841) +and released in Version [v2.32.0](https://github.com/zitadel/zitadel/releases/tag/v2.32.0) ## Mitigation diff --git a/docs/docs/support/advisory/a10001.md b/docs/docs/support/advisory/a10001.md new file mode 100644 index 0000000000..9fec2ff599 --- /dev/null +++ b/docs/docs/support/advisory/a10001.md @@ -0,0 +1,26 @@ +--- +title: Technical Advisory 10001 +--- + +## Description + +Currently, disabling the `Allow Register` setting in the Login Policy, will disable any registration - local and through External Identity Providers (IDP). +This might be a good solution, if you manage all users yourself and do not want them to create any new account. +If you on the other hand want users to be able to federate their accounts from another IDP and only want to disable local registration, there's currently no option to do so. + +Further ZITADEL provided the possibility to disable registration on each IDP with the introduction of IDP Templates. + +To address this, we are going to change the behavior of the setting mentioned above, so that if disable, it will only prevent local registration. Registration of a federated user will still be possible - if not disabled by the corresponding IDP Template. + +## Statement + +This behaviour change is tracked in the following PR: [Restrict AllowRegistration check to local registration](https://github.com/zitadel/zitadel/pull/5939). +As soon as the release version is published, we will include the version here. + +## Mitigation + +If you want to prevent user creation / registration through an IDP, be sure to disable the `isCreationAllowed` option on the desired IDP Templates. + +## Impact + +Once this update has been released and deployed, the `Allow Register` setting in the Login Policy will only affect local registrations and users might be able to create a ZITADEL account through an IDP, depending on your IDP provider options. diff --git a/docs/docs/support/technical_advisory.mdx b/docs/docs/support/technical_advisory.mdx index c9a79dbac2..355f21a230 100644 --- a/docs/docs/support/technical_advisory.mdx +++ b/docs/docs/support/technical_advisory.mdx @@ -26,6 +26,14 @@ We understand that these advisories may include breaking changes, and we aim to 2.32.0 Calendar week 32 + + A-10001 + Login Policy - Allow Register + Breaking Behaviour Change + When disabling the option, users are currently not able to register locally and also not through an external IDP. With the upcoming change, the setting will only prevent local registration. Restriction to Identity Providers can be managed through the corresponding IDP Template. No action is required on your side if this is the intended behaviour or if you already disabled registration on your IDP. + TBD + Calendar week 34/35 + ## Subscribe to our Mailing List