diff --git a/docs/docs/concepts/eventstore.md b/docs/docs/concepts/general/eventstore.md
similarity index 85%
rename from docs/docs/concepts/eventstore.md
rename to docs/docs/concepts/general/eventstore.md
index eaaabe3b5e..7c5b237a48 100644
--- a/docs/docs/concepts/eventstore.md
+++ b/docs/docs/concepts/general/eventstore.md
@@ -2,7 +2,7 @@
title: Eventstore
---
-ZITADEL is built on the [event sourcing pattern](architecture), where changes are stored as events in an eventstore.
+ZITADEL is built on the [event sourcing pattern](../zitadel/architecture.md), where changes are stored as events in an eventstore.
## What is an eventstore?
diff --git a/docs/docs/concepts/principles.md b/docs/docs/concepts/general/principles.md
similarity index 100%
rename from docs/docs/concepts/principles.md
rename to docs/docs/concepts/general/principles.md
diff --git a/docs/docs/concepts/architecture.md b/docs/docs/concepts/zitadel/architecture.md
similarity index 99%
rename from docs/docs/concepts/architecture.md
rename to docs/docs/concepts/zitadel/architecture.md
index b9f0783dba..de617ebbaa 100644
--- a/docs/docs/concepts/architecture.md
+++ b/docs/docs/concepts/zitadel/architecture.md
@@ -1,5 +1,5 @@
---
-title: ZITADEL Architecture
+title: Architecture
---
## Software Architecture
diff --git a/docs/docs/concepts/zitadel/objects/_granted_project_description.mdx b/docs/docs/concepts/zitadel/objects/_granted_project_description.mdx
new file mode 100644
index 0000000000..00d6b5030c
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/_granted_project_description.mdx
@@ -0,0 +1,17 @@
+
+
+With ZITADEL you can grant selected roles within your project to an organization. The receiving organization can then create authorizations for their users on their own (self-service).
+
+An example could be a service provider that offers a SaaS solution that has different permissions for employees working in Sales and Accounting. As soon as a new client purchases the service, the provider could grant the roles ‘sales’ and ‘accounting’ to that organization, allowing them to self-manage how they want to allocate the roles to their users.
+
+The process of assigning certain roles by default or according to rules can be further automated by utilizing Service Users in the service provider’s business process.
+
+Obviously, your organization can grant projects and receive projects. When you are granting, then the receiving organization will be displayed in the section GRANTED ORGANIZATIONS of your project.
+
+
+
+A granted project, on the other hand, belongs to a third party, granting you some rights to manage certain roles of their project. ZITADEL Console shows granted projects in a dedicated navigation menu, to clearly separate from your organization’s projects.
+
+
+
+Please note that you can also grant selected roles of a project to an individual user, instead of an organization. We will discuss this in more detail in a later section.
diff --git a/docs/docs/concepts/zitadel/objects/_org_description.mdx b/docs/docs/concepts/zitadel/objects/_org_description.mdx
new file mode 100644
index 0000000000..fbfbe27b3e
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/_org_description.mdx
@@ -0,0 +1,17 @@
+ZITADEL is organized around the idea that:
+
+* Multiple organizations share the same system. In this case multiple organizations share the same service, zitadel.ch
+* organizations can grant each other rights to self-manage certain aspects of the IAM (eg, roles for access management)
+* organizations are vessels for users and projects
+
+
+
+Organizations in ZITADEL are therefore comparable to tenants of a system or organizational units of a directory based system.
+
+You can use projects within your organization to manage the security context of closely related components, such as roles, grants and authorizations for multiple clients. You can set up multiple projects within your organization.
+
+ZITADEL allows you to give other organizations permission to manage certain aspects of a project within your organization on their own. This means you could set up a project with roles that should exist within your service/software, but allow another organization to allocate the roles to users within their own organization. As a service provider, you will find this feature useful, as it allows you to establish a self-service culture for your business customers.
+
+
+
+Each organization has its own pool of usernames, which includes human and service users, for its domain (`{username}@{domainname}.{zitadeldomain}`). A username is unique within your organization. You can configure ZITADEL to use your own domain, and simplify user experience (`{loginname}@{yourdomain.tld}`).
diff --git a/docs/docs/concepts/zitadel/objects/_project_description.mdx b/docs/docs/concepts/zitadel/objects/_project_description.mdx
new file mode 100644
index 0000000000..515192e84e
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/_project_description.mdx
@@ -0,0 +1,12 @@
+The idea of projects is to have a vessel for all components who are closely related to each other. Multiple projects can exist within an organization.
+
+
+
+All applications within a project share the same roles, grants, and authorizations:
+
+* **Applications** is your software that initiates the authorization flow. This could be a web app and a mobile app that share the same roles.
+* **Roles** are a means of managing user access rights for a project.
+* **Authorizations** define which users have which roles. Authorizations are also called “user grants”.
+* **Granted Organizations** can manage selected roles for your project on their own.
+
+
diff --git a/docs/docs/concepts/zitadel/objects/_user_description.mdx b/docs/docs/concepts/zitadel/objects/_user_description.mdx
new file mode 100644
index 0000000000..5d20b2b7ee
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/_user_description.mdx
@@ -0,0 +1,5 @@
+## Human vs. Machine
+
+ZITADEL supports human an machine users. We call human users simply "Users" and machine users "Service Users".
+
+With Service Users you would typically secure backend services. For example in ZITADEL you would require an authenticated Service User to access the Management API. The main difference between human and machine users is the type of credentials that can be used for authentication: Human users typically logon via an login prompt, but Machine users require a non-interactive logon process.
diff --git a/docs/docs/concepts/zitadel/objects/applications.md b/docs/docs/concepts/zitadel/objects/applications.md
new file mode 100644
index 0000000000..78793be751
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/applications.md
@@ -0,0 +1,21 @@
+---
+title: Applications
+---
+
+
+# Applications
+
+Applications are the entry point to your project. Users either login into one of your clients and interact with them directly or use one of your API, maybe without even knowing. All applications share the roles and authorizations of their project.
+
+## Application Types
+
+At the moment ZITADEL differs between three client types (with user interaction):
+- Web (Server-side web applications such as java, .net, ...)
+- Native (native, mobile or desktop applications)
+- User Agent (single page applications / SPA, generally JavaScript executed in the browser)
+
+As a fourth option there's the API (OAuth Resource Server), which generally has no direct user-interaction.
+
+Depending on the app type registered, there are small differences in the possible settings.
+
+Please read the following guide about the [different-client-profiles](../../../guides/authorization/oauth-recommended-flows#different-client-profiles).
diff --git a/docs/docs/concepts/zitadel/objects/granted_projects.md b/docs/docs/concepts/zitadel/objects/granted_projects.md
new file mode 100644
index 0000000000..d504c56624
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/granted_projects.md
@@ -0,0 +1,9 @@
+---
+title: Granted Projects
+---
+
+# Granted Project
+
+import GrantedProjectDescription from './_granted_project_description.mdx';
+
+
\ No newline at end of file
diff --git a/docs/docs/concepts/managers.md b/docs/docs/concepts/zitadel/objects/managers.md
similarity index 98%
rename from docs/docs/concepts/managers.md
rename to docs/docs/concepts/zitadel/objects/managers.md
index 5a682d2e30..dc2db96847 100644
--- a/docs/docs/concepts/managers.md
+++ b/docs/docs/concepts/zitadel/objects/managers.md
@@ -1,5 +1,5 @@
---
-title: ZITADEL Managers
+title: Managers
---
ZITADEL Managers are Users who have permission to manage ZITADEL itself. There are some different levels for managers.
diff --git a/docs/docs/concepts/zitadel/objects/organizations.md b/docs/docs/concepts/zitadel/objects/organizations.md
new file mode 100644
index 0000000000..b01dd2af59
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/organizations.md
@@ -0,0 +1,7 @@
+---
+title: Organizations
+---
+
+import OrgDescription from './_org_description.mdx';
+
+
\ No newline at end of file
diff --git a/docs/docs/concepts/zitadel/objects/overview.md b/docs/docs/concepts/zitadel/objects/overview.md
new file mode 100644
index 0000000000..77940d4e39
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/overview.md
@@ -0,0 +1,17 @@
+---
+title: Structure
+---
+
+This overview shows the general structure of ZITADEL.
+
+
+
+More details on the specific objets:
+
+- [Organizations](./organizations)
+- [Policies](./policies)
+- [Projects](./projects)
+- [Applications](./applications)
+- [Granted Projects](./granted_projects)
+- [Users](./users)
+- [Managers](./managers)
diff --git a/docs/docs/concepts/policies.md b/docs/docs/concepts/zitadel/objects/policies.md
similarity index 91%
rename from docs/docs/concepts/policies.md
rename to docs/docs/concepts/zitadel/objects/policies.md
index 9e7ccf6500..1488ed14c2 100644
--- a/docs/docs/concepts/policies.md
+++ b/docs/docs/concepts/zitadel/objects/policies.md
@@ -1,5 +1,5 @@
---
-title: ZITADEL Policies
+title: Policies
---
Policies are configurations of all the different parts of the IAM. For all parts we have a suitable default in the IAM.
@@ -55,7 +55,7 @@ You can configure all kinds of external identity providers for identity brokerin
Create a new identity provider configuration and enable it in the list afterwards.
For a detailed guide about how to configure a new identity provider for identity brokering have a look at our guide:
-[Identity Brokering](../guides/authentication/identity-brokering)
+[Identity Brokering](../../../guides/authentication/identity-brokering)
## Lockout Policy
@@ -83,3 +83,8 @@ Make sure you click the "Set preview as current configuration" button after you
| Disable Watermark | If you disable the watermark you will not see the "Powered by ZITADEL" in the login page |
+
+## Privacy Policy and TOS
+
+Each organization is able to configure its own privacy policy and terms of service.
+A link to the current policies can be provided. On register each user has to accept these policies.
diff --git a/docs/docs/concepts/zitadel/objects/projects.md b/docs/docs/concepts/zitadel/objects/projects.md
new file mode 100644
index 0000000000..ab32032a0c
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/projects.md
@@ -0,0 +1,54 @@
+---
+title: Projects
+---
+
+# Project
+
+import ProjectDescription from './_project_description.mdx';
+
+
+
+## Project Settings
+
+On default the login screen will be shown in the private labeling settings of the system (e.g zitadel.ch).
+With the [primary domain scope](../../../apis/openidoauth/scopes#reserves-scopes) it is possible to trigger the setting of the given organization.
+But this will also restrict, the login to user of the given organization.
+
+With the private labeling setting it is possible to choose which settings should trigger.
+
+| Setting | Description |
+| --- | --- |
+| Unspecified | If nothing is specified the default will trigger. (System settings zitadel.ch) |
+| Enforce project resource owner policy | This setting will enforce the private labeling of the organization (resource owner) of the project through the whole login process. |
+| Allow Login User resource owner policy | With this setting first the private labeling of the organization (resource owner) of the project will trigger. As soon as the user and its organization (resource owner) is identified by ZITADEL, the settings will change to the organization of the user. |
+
+## Applications
+
+Applications define the different clients, that share the same roles.
+At the moment we support OIDC and almost every OAuth2 client. We'll be expanding this with SAML shortly.
+Go to [Applications](./applications) for more details.
+
+## Granted Organizations
+
+To enable another organization to use a project, the organization needs a grant to the project.
+Only the selected roles will be available to the granted organization.
+
+The granted organization will be able to manage the authorizations of his users for the granted project by himself in his own organization.
+
+More about granted projects: [Granted Projects](./granted_projects)
+
+## Roles
+
+A role consists of different attributes. Only the key is relevant to the authorization and must therefore be unique.
+The display name is only to provide a human-readable name if needed.
+And the group should enable a better handling in ZITADEL console, like give a user all the roles of a specific group. (Not implemented yet)
+
+All applications in a project share the roles.
+
+### Role specific Project Settings
+
+| Setting | Description |
+| --- | --- |
+| Assert roles on authentication | If this setting is enabled role information is sent from userinfo endpoint and depending on your application settings in tokens and other types. |
+| Check roles on authentication | If set, users are only allowed to authenticate if any role is assigned to their account. |
+| Check for project on authentication | The user will only be able to authenticate if his organization is the owner or has a grant to the project. |
diff --git a/docs/docs/concepts/zitadel/objects/users.md b/docs/docs/concepts/zitadel/objects/users.md
new file mode 100644
index 0000000000..f2b7266fb8
--- /dev/null
+++ b/docs/docs/concepts/zitadel/objects/users.md
@@ -0,0 +1,7 @@
+---
+title: Users
+---
+
+import UserDescription from './_user_description.mdx';
+
+
diff --git a/docs/docs/guides/api/access-zitadel-apis.md b/docs/docs/guides/api/access-zitadel-apis.md
index dc92e41c39..9cd04c1f87 100644
--- a/docs/docs/guides/api/access-zitadel-apis.md
+++ b/docs/docs/guides/api/access-zitadel-apis.md
@@ -37,7 +37,7 @@ ZITADEL Managers are Users who have permission to manage ZITADEL itself. There a
- **Project Mangers**: In this level the user is able to manage a project.
- **Project Grant Manager**: The project grant manager is for projects, which are granted of another organization.
-On each level we have some different Roles. Here you can find more about the different roles: [ZITADEL Manager Roles](../../concepts/managers)
+On each level we have some different Roles. Here you can find more about the different roles: [ZITADEL Manager Roles](../../concepts/zitadel/objects/managers.md)
## Exercise: Add ORG_OWNER to Service User
diff --git a/docs/docs/guides/authentication/identity-brokering.md b/docs/docs/guides/authentication/identity-brokering.md
index 6f0b6da8f8..3bf704fa37 100644
--- a/docs/docs/guides/authentication/identity-brokering.md
+++ b/docs/docs/guides/authentication/identity-brokering.md
@@ -41,7 +41,7 @@ If Google is configured as identity provider on your organization, the user will
ZITADEL will redirect the user to the login screen of Google where he as to authenticated himself (2) and is sent back after he has finished that (3).
Because Google is registered as trusted identity provider the user will be able to login in with the Google account after he linked an existing ZITADEL Account or just registered a new one with the claims provided by Google (4)(5).
-
+
## Exercise: Register an external identity provider
diff --git a/docs/docs/guides/authentication/serviceusers.md b/docs/docs/guides/authentication/serviceusers.md
index b3b5259721..9d9ba8cc2e 100644
--- a/docs/docs/guides/authentication/serviceusers.md
+++ b/docs/docs/guides/authentication/serviceusers.md
@@ -28,11 +28,10 @@ title: Service Users
-## Human vs. Machine
-ZITADEL supports human an machine users. We call human users simply "Users" and machine users "Service Users".
+import UserDescription from '../../concepts/zitadel/objects/_user_description.mdx';
-With Service Users you would typically secure backend services. For example in ZITADEL you would require an authenticated Service User to access the Management API. The main difference between human and machine users is the type of credentials that can be used for authentication: Human users typically logon via an login prompt, but Machine users require a non-interactive logon process.
+
## Exercise: Create a Service User
diff --git a/docs/docs/guides/authorization/oauth-recommended-flows.md b/docs/docs/guides/authorization/oauth-recommended-flows.md
index 951ba58c44..de145fdc46 100644
--- a/docs/docs/guides/authorization/oauth-recommended-flows.md
+++ b/docs/docs/guides/authorization/oauth-recommended-flows.md
@@ -59,7 +59,7 @@ So what do we want to achieve with delegated authentication?
* Users have to **authorize** applications to access certain [**scopes**](https://docs.zitadel.ch/architecture#Scopes) (eg, email address or custom roles). Applications can request [**claims**](https://docs.zitadel.ch/architecture#Claims) (key:value pairs, eg email address) for the authorized scopes with the access token or ID token from ZITADEL
* Access tokens are bearer tokens, meaning that possession of the token provides access to a resource. But the tokens expire frequently and the application must request a new access token via **refresh token** or the user must reauthenticate
-
+
This is where the so-called “flows” come into play: There are a number of different flows on how to handle the process from authentication, over authorization, getting tokens and requesting additional information about the user.
diff --git a/docs/docs/guides/basics/organizations.md b/docs/docs/guides/basics/organizations.md
index a5cc7d51dc..f1c02ab67a 100644
--- a/docs/docs/guides/basics/organizations.md
+++ b/docs/docs/guides/basics/organizations.md
@@ -11,23 +11,9 @@ title: Organizations
## What is an organization?
-ZITADEL is organized around the idea that:
+import OrgDescription from '../../concepts/zitadel/objects/_org_description.mdx';
-* Multiple organizations share the same system. In this case multiple organizations share the same service, zitadel.ch
-* organizations can grant each other rights to self-manage certain aspects of the IAM (eg, roles for access management)
-* organizations are vessels for users and projects
-
-
-
-Organizations in ZITADEL are therefore comparable to tenants of a system or organizational units of a directory based system.
-
-You can use projects within your organization to manage the security context of closely related components, such as roles, grants and authorizations for multiple clients. You can set up multiple projects within your organization.
-
-ZITADEL allows you to give other organizations permission to manage certain aspects of a project within your organization on their own. This means you could set up a project with roles that should exist within your service/software, but allow another organization to allocate the roles to users within their own organization. As a service provider, you will find this feature useful, as it allows you to establish a self-service culture for your business customers.
-
-
-
-Each organization has its own pool of usernames, which includes human and service users, for its domain (`{username}@{domainname}.{zitadeldomain}`). A username is unique within your organization. You can configure ZITADEL to use your own domain, and simplify user experience (`{loginname}@{yourdomain.tld}`).
+
There are several more modules in our documentation to go into more detail regarding organization management, projects, clients, and users. But first let’s create a new organization and verify your domain name.
diff --git a/docs/docs/guides/basics/projects.md b/docs/docs/guides/basics/projects.md
index 2e1b8a98f7..33f447390e 100644
--- a/docs/docs/guides/basics/projects.md
+++ b/docs/docs/guides/basics/projects.md
@@ -11,18 +11,9 @@ title: Projects
## What is a project?
-The idea of projects is to have a vessel for all components who are closely related to each other. Multiple projects can exist within an organization.
+import ProjectDescription from '../../concepts/zitadel/objects/_project_description.mdx';
-
-
-All applications within a project share the same roles, grants, and authorizations:
-
-* **Applications** is your software that initiates the authorization flow. This could be a web app and a mobile app that share the same roles.
-* **Roles** are a means of managing user access rights for a project.
-* **Authorizations** define which users have which roles. Authorizations are also called “user grants”.
-* **Granted Organizations** can manage selected roles for your project on their own.
-
-
+
The goal of this module is to give you an overview, but not dive too deep into details around managing access rights and delegating management of roles to third parties. So let’s create a straightforward example project first.
@@ -66,23 +57,9 @@ Now create another project (eg. “My second project”) and verify that there a
## What is a granted project?
-
+import GrantedProjectDescription from '../../concepts/zitadel/objects/_granted_project_description.mdx';
-With ZITADEL you can grant selected roles within your project to an organization. The receiving organization can then create authorizations for their users on their own (self-service).
-
-An example could be a service provider that offers a SaaS solution that has different permissions for employees working in Sales and Accounting. As soon as a new client purchases the service, the provider could grant the roles ‘sales’ and ‘accounting’ to that organization, allowing them to self-manage how they want to allocate the roles to their users.
-
-The process of assigning certain roles by default or according to rules can be further automated by utilizing Service Users in the service provider’s business process.
-
-Obviously, your organization can grant projects and receive projects. When you are granting, then the receiving organization will be displayed in the section GRANTED ORGANIZATIONS of your project.
-
-
-
-A granted project, on the other hand, belongs to a third party, granting you some rights to manage certain roles of their project. ZITADEL Console shows granted projects in a dedicated navigation menu, to clearly separate from your organization’s projects.
-
-
-
-Please note that you can also grant selected roles of a project to an individual user, instead of an organization. We will discuss this in more detail in a later section.
+
## Exercise - Grant a project
diff --git a/docs/docs/legal/dedicated-instance-annex.md b/docs/docs/legal/dedicated-instance-annex.md
index d55745bbf7..b2715cf5c4 100644
--- a/docs/docs/legal/dedicated-instance-annex.md
+++ b/docs/docs/legal/dedicated-instance-annex.md
@@ -74,4 +74,4 @@ Performance SLO | up to [rate limits](https://docs.zitadel.ch/docs/legal/rate-li
### Backup
-ZITADEL Cloud creates hourly backups. We do not guarantee recovery time objective. Recovery point objective is in the context of our [event-sourcing pattern](/docs/concepts/eventstore) not meaningful.
+ZITADEL Cloud creates hourly backups. We do not guarantee recovery time objective. Recovery point objective is in the context of our [event-sourcing pattern](/docs/concepts/general/eventstore) not meaningful.
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 029a87fedd..a4b870ec9e 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -9,6 +9,7 @@ module.exports = {
organizationName: 'caos',
projectName: 'zitadel',
themeConfig: {
+ zoomSelector: '.markdown :not(em) > img',
navbar: {
title: 'ZITADEL',
logo: {
@@ -146,5 +147,6 @@ module.exports = {
domain: 'docs.zitadel.ch',
},
],
+ require.resolve('plugin-image-zoom'),
],
};
diff --git a/docs/package.json b/docs/package.json
index c6fdc25fa9..68f9218104 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -21,6 +21,7 @@
"docusaurus-plugin-plausible": "^0.0.5",
"mdx-mermaid": "^1.1.0",
"mermaid": "^8.12.1",
+ "plugin-image-zoom": "ataft/plugin-image-zoom",
"react": "^17.0.2",
"react-dom": "^17.0.2"
},
diff --git a/docs/sidebars.js b/docs/sidebars.js
index c580d88776..d0866f4c88 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -1,256 +1,283 @@
module.exports = {
- quickstarts: [
- 'quickstarts/introduction',
- {
- type: 'category',
- label: 'Integrate ZITADEL Login in your App',
- items: ['quickstarts/login/angular', 'quickstarts/login/react', 'quickstarts/login/flutter', 'quickstarts/login/nextjs'],
- collapsed: false,
- },
- {
- type: 'category',
- label: 'Secure your API',
- items: ['quickstarts/secure-api/go', 'quickstarts/secure-api/dot-net'],
- collapsed: false,
- },
- {
- type: 'category',
- label: 'Call the ZITADEL API',
- items: ['quickstarts/call-zitadel-api/go', 'quickstarts/call-zitadel-api/dot-net'],
- collapsed: false,
- },
- 'quickstarts/libs',
- {
- type: 'category',
- label: 'Identity Aware Proxy',
- items: ['quickstarts/identity-proxy/oauth2-proxy'],
- collapsed: false,
- }
- ],
- guides: [
- 'guides/introduction',
- {
- type: 'category',
- label: 'Get to know ZITADEL',
- collapsed: false,
- items: [
- 'guides/basics/get-started',
- 'guides/basics/organizations',
- 'guides/basics/projects',
- ],
- },
- {
- type: 'category',
- label: 'Authentication',
- collapsed: false,
- items: [
- 'guides/authentication/login-users',
- 'guides/authentication/identity-brokering',
- 'guides/authentication/serviceusers',
- ],
- },
- {
- type: 'category',
- label: 'Authorization',
- collapsed: false,
- items: [
- 'guides/authorization/oauth-recommended-flows',
- ],
- },
- {
- type: 'category',
- label: 'API',
- collapsed: false,
- items: [
- 'guides/api/access-zitadel-apis'
- ],
- },
- {
- type: 'category',
- label: 'Customization',
- collapsed: false,
- items: [
- 'guides/customization/branding',
- 'guides/customization/texts',
- ],
- },
- {
- type: 'category',
- label: 'Installation',
- collapsed: false,
- items: [
+ quickstarts: [
+ 'quickstarts/introduction',
{
- type: 'category',
- label: 'CAOS Managed',
- collapsed: true,
- items: [
- 'guides/installation/shared-cloud',
- 'guides/installation/managed-dedicated-instance'
- ],
+ type: 'category',
+ label: 'Integrate ZITADEL Login in your App',
+ items: ['quickstarts/login/angular', 'quickstarts/login/react', 'quickstarts/login/flutter', 'quickstarts/login/nextjs'],
+ collapsed: false,
},
{
- type: 'category',
- label: 'CAOS Service Packages',
- collapsed: true,
- items: [
- 'guides/installation/setup',
- 'guides/installation/setup-orbos',
- 'guides/installation/checkup'
- ],
+ type: 'category',
+ label: 'Secure your API',
+ items: ['quickstarts/secure-api/go', 'quickstarts/secure-api/dot-net'],
+ collapsed: false,
},
{
- type: 'category',
- label: 'Self Managed',
- collapsed: true,
- items: [
- 'guides/installation/crd',
- 'guides/installation/gitops',
- 'guides/installation/orbos'
- ],
+ type: 'category',
+ label: 'Call the ZITADEL API',
+ items: ['quickstarts/call-zitadel-api/go', 'quickstarts/call-zitadel-api/dot-net'],
+ collapsed: false,
},
- ],
- },
- {
- type: 'category',
- label: 'Trainings',
- collapsed: false,
- items: [
- 'guides/trainings/introduction',
+ 'quickstarts/libs',
{
- type: 'category',
- label: 'Support Service',
- collapsed: true,
- items: [
- 'guides/trainings/supportservice/operations',
- 'guides/trainings/supportservice/application',
- 'guides/trainings/supportservice/recurring',
- ],
+ type: 'category',
+ label: 'Identity Aware Proxy',
+ items: ['quickstarts/identity-proxy/oauth2-proxy'],
+ collapsed: false,
+ }
+ ],
+ guides: [
+ 'guides/introduction',
+ {
+ type: 'category',
+ label: 'Get to know ZITADEL',
+ collapsed: false,
+ items: [
+ 'guides/basics/get-started',
+ 'guides/basics/organizations',
+ 'guides/basics/projects',
+ ],
},
- ],
- }
- ],
- apis: [
- 'apis/introduction',
- 'apis/domains',
- {
- type: 'category',
- label: 'Rate Limits',
- collapsed: true,
- items: [
- 'legal/rate-limit-policy',
- 'apis/ratelimits/accounts',
- 'apis/ratelimits/api',
- ],
- },
- 'apis/apis',
- {
- type: 'category',
- label: 'Proto API Definition',
- collapsed: true,
- items: [
- 'apis/proto/auth',
- 'apis/proto/management',
- 'apis/proto/admin',
- 'apis/proto/org',
- 'apis/proto/user',
- 'apis/proto/app',
- 'apis/proto/policy',
- 'apis/proto/auth_n_key',
- 'apis/proto/change',
- 'apis/proto/idp',
- 'apis/proto/member',
- 'apis/proto/metadata',
- 'apis/proto/message',
- 'apis/proto/text',
- 'apis/proto/object',
- 'apis/proto/options',
- ],
- },
- {
- type: 'category',
- label: 'Assets API Definition',
- collapsed: false,
- items: [
- 'apis/assets/assets',
- ],
- },
- {
- type: 'category',
- label: 'OpenID Connect & OAuth',
- collapsed: true,
- items: [
- 'apis/openidoauth/endpoints',
- 'apis/openidoauth/scopes',
- 'apis/openidoauth/claims',
- 'apis/openidoauth/authn-methods',
- 'apis/openidoauth/grant-types'
- ],
- },
- ],
- concepts: [
- 'concepts/introduction',
- 'concepts/architecture',
- 'concepts/policies',
- 'concepts/managers',
- 'concepts/principles',
- 'concepts/eventstore',
- {
- type: 'category',
- label: 'Use Cases',
- collapsed: true,
- items: [
- 'concepts/usecases/saas'
- ],
- },
- ],
- manuals: [
- 'manuals/introduction',
- {
- type: 'category',
- label: 'User',
- items: ['manuals/user-register', 'manuals/user-login', 'manuals/user-password', 'manuals/user-factors', 'manuals/user-email', 'manuals/user-phone', 'manuals/user-social-login',],
- collapsed: false,
- },
- ],
- legal: [
- 'legal/introduction',
- 'legal/terms-of-service',
- 'legal/data-processing-agreement',
- {
- type: 'category',
- label: 'Service Descriptions',
- collapsed: false,
- items: [
- 'legal/service-level-description',
- 'legal/support-services',
- ],
- },
- {
- type: 'category',
- label: 'Dedicated Instance',
- collapsed: false,
- items: [
- 'legal/terms-of-service-dedicated',
- 'legal/dedicated-instance-annex',
- ],
- },
- {
- type: 'category',
- label: 'Support Program',
- collapsed: false,
- items: [
- 'legal/terms-support-service'
- ],
- },
- {
- type: 'category',
- label: 'Policies',
- collapsed: false,
- items: [
- 'legal/privacy-policy',
- 'legal/acceptable-use-policy',
- 'legal/rate-limit-policy'
- ],
- }
- ],
+ {
+ type: 'category',
+ label: 'Authentication',
+ collapsed: false,
+ items: [
+ 'guides/authentication/login-users',
+ 'guides/authentication/identity-brokering',
+ 'guides/authentication/serviceusers',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Authorization',
+ collapsed: false,
+ items: [
+ 'guides/authorization/oauth-recommended-flows',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'API',
+ collapsed: false,
+ items: [
+ 'guides/api/access-zitadel-apis'
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Customization',
+ collapsed: false,
+ items: [
+ 'guides/customization/branding',
+ 'guides/customization/texts',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Installation',
+ collapsed: false,
+ items: [
+ {
+ type: 'category',
+ label: 'CAOS Managed',
+ collapsed: true,
+ items: [
+ 'guides/installation/shared-cloud',
+ 'guides/installation/managed-dedicated-instance'
+ ],
+ },
+ {
+ type: 'category',
+ label: 'CAOS Service Packages',
+ collapsed: true,
+ items: [
+ 'guides/installation/setup',
+ 'guides/installation/setup-orbos',
+ 'guides/installation/checkup'
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Self Managed',
+ collapsed: true,
+ items: [
+ 'guides/installation/crd',
+ 'guides/installation/gitops',
+ 'guides/installation/orbos'
+ ],
+ },
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Trainings',
+ collapsed: false,
+ items: [
+ 'guides/trainings/introduction',
+ {
+ type: 'category',
+ label: 'Support Service',
+ collapsed: true,
+ items: [
+ 'guides/trainings/supportservice/operations',
+ 'guides/trainings/supportservice/application',
+ 'guides/trainings/supportservice/recurring',
+ ],
+ },
+ ],
+ }
+ ],
+ apis: [
+ 'apis/introduction',
+ 'apis/domains',
+ {
+ type: 'category',
+ label: 'Rate Limits',
+ collapsed: true,
+ items: [
+ 'legal/rate-limit-policy',
+ 'apis/ratelimits/accounts',
+ 'apis/ratelimits/api',
+ ],
+ },
+ 'apis/apis',
+ {
+ type: 'category',
+ label: 'Proto API Definition',
+ collapsed: true,
+ items: [
+ 'apis/proto/auth',
+ 'apis/proto/management',
+ 'apis/proto/admin',
+ 'apis/proto/org',
+ 'apis/proto/user',
+ 'apis/proto/app',
+ 'apis/proto/policy',
+ 'apis/proto/auth_n_key',
+ 'apis/proto/change',
+ 'apis/proto/idp',
+ 'apis/proto/member',
+ 'apis/proto/metadata',
+ 'apis/proto/message',
+ 'apis/proto/text',
+ 'apis/proto/object',
+ 'apis/proto/options',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Assets API Definition',
+ collapsed: false,
+ items: [
+ 'apis/assets/assets',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'OpenID Connect & OAuth',
+ collapsed: true,
+ items: [
+ 'apis/openidoauth/endpoints',
+ 'apis/openidoauth/scopes',
+ 'apis/openidoauth/claims',
+ 'apis/openidoauth/authn-methods',
+ 'apis/openidoauth/grant-types'
+ ],
+ },
+ ],
+ concepts: [
+ 'concepts/introduction',
+ {
+ type: 'category',
+ label: 'ZITADEL',
+ collapsed: true,
+ items: [
+ 'concepts/zitadel/architecture',
+ {
+ type: 'category',
+ label: "Object Overview",
+ collapsed: false,
+ items: [
+ 'concepts/zitadel/objects/overview',
+ 'concepts/zitadel/objects/organizations',
+ 'concepts/zitadel/objects/policies',
+ 'concepts/zitadel/objects/projects',
+ 'concepts/zitadel/objects/applications',
+ 'concepts/zitadel/objects/granted_projects',
+ 'concepts/zitadel/objects/users',
+ 'concepts/zitadel/objects/managers',
+ ],
+ },
+ ],
+ }, {
+ type: 'category',
+ label: 'General',
+ collapsed: true,
+ items: [
+ 'concepts/general/principles',
+ 'concepts/general/eventstore',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Use Cases',
+ collapsed: true,
+ items: [
+ 'concepts/usecases/saas'
+ ],
+ },
+
+ ],
+ manuals: [
+ 'manuals/introduction',
+ {
+ type: 'category',
+ label: 'User',
+ items: ['manuals/user-register', 'manuals/user-login', 'manuals/user-password', 'manuals/user-factors', 'manuals/user-email', 'manuals/user-phone', 'manuals/user-social-login',],
+ collapsed: false,
+ },
+ ],
+ legal: [
+ 'legal/introduction',
+ 'legal/terms-of-service',
+ 'legal/data-processing-agreement',
+ {
+ type: 'category',
+ label: 'Service Descriptions',
+ collapsed: false,
+ items: [
+ 'legal/service-level-description',
+ 'legal/support-services',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Dedicated Instance',
+ collapsed: false,
+ items: [
+ 'legal/terms-of-service-dedicated',
+ 'legal/dedicated-instance-annex',
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Support Program',
+ collapsed: false,
+ items: [
+ 'legal/terms-support-service'
+ ],
+ },
+ {
+ type: 'category',
+ label: 'Policies',
+ collapsed: false,
+ items: [
+ 'legal/privacy-policy',
+ 'legal/acceptable-use-policy',
+ 'legal/rate-limit-policy'
+ ],
+ }
+ ],
};
diff --git a/docs/static/img/concepts/objects/object_overview.png b/docs/static/img/concepts/objects/object_overview.png
new file mode 100644
index 0000000000..a51790f941
Binary files /dev/null and b/docs/static/img/concepts/objects/object_overview.png differ
diff --git a/docs/static/img/concepts/objects/organization.png b/docs/static/img/concepts/objects/organization.png
new file mode 100644
index 0000000000..439193dfea
Binary files /dev/null and b/docs/static/img/concepts/objects/organization.png differ
diff --git a/docs/static/img/concepts/objects/organization_grants.png b/docs/static/img/concepts/objects/organization_grants.png
new file mode 100644
index 0000000000..d92148b122
Binary files /dev/null and b/docs/static/img/concepts/objects/organization_grants.png differ
diff --git a/docs/static/img/concepts/usecase/saas.png b/docs/static/img/concepts/usecase/saas.png
index d006f9e5bc..4e7149bf3c 100644
Binary files a/docs/static/img/concepts/usecase/saas.png and b/docs/static/img/concepts/usecase/saas.png differ
diff --git a/docs/static/img/consulting_federated_identities_basics.png b/docs/static/img/consulting_federated_identities_basics.png
deleted file mode 100644
index de620577c7..0000000000
Binary files a/docs/static/img/consulting_federated_identities_basics.png and /dev/null differ
diff --git a/docs/static/img/guides/consulting_federated_identities_basics.png b/docs/static/img/guides/consulting_federated_identities_basics.png
new file mode 100644
index 0000000000..76d36a6da6
Binary files /dev/null and b/docs/static/img/guides/consulting_federated_identities_basics.png differ
diff --git a/docs/static/img/guides/identity_brokering.png b/docs/static/img/guides/identity_brokering.png
new file mode 100644
index 0000000000..0a73254df1
Binary files /dev/null and b/docs/static/img/guides/identity_brokering.png differ
diff --git a/docs/static/img/zitadel_identity_brokering.png b/docs/static/img/zitadel_identity_brokering.png
deleted file mode 100644
index ba3d73020c..0000000000
Binary files a/docs/static/img/zitadel_identity_brokering.png and /dev/null differ
diff --git a/docs/static/img/zitadel_organization_grant.png b/docs/static/img/zitadel_organization_grant.png
deleted file mode 100644
index 4f9434a0b1..0000000000
Binary files a/docs/static/img/zitadel_organization_grant.png and /dev/null differ
diff --git a/docs/static/img/zitadel_organizations.png b/docs/static/img/zitadel_organizations.png
deleted file mode 100644
index 8622e99e8e..0000000000
Binary files a/docs/static/img/zitadel_organizations.png and /dev/null differ
diff --git a/docs/yarn.lock b/docs/yarn.lock
index 9e30e26105..114359b258 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -5804,6 +5804,11 @@ media-typer@0.3.0:
resolved "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz"
integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=
+medium-zoom@^1.0.4:
+ version "1.0.6"
+ resolved "https://registry.yarnpkg.com/medium-zoom/-/medium-zoom-1.0.6.tgz#9247f21ca9313d8bbe9420aca153a410df08d027"
+ integrity sha512-UdiUWfvz9fZMg1pzf4dcuqA0W079o0mpqbTnOz5ip4VGYX96QjmbM+OgOU/0uOzAytxC0Ny4z+VcYQnhdifimg==
+
memory-fs@^0.4.1:
version "0.4.1"
resolved "https://registry.npmjs.org/memory-fs/-/memory-fs-0.4.1.tgz"
@@ -6543,6 +6548,12 @@ pkg-up@3.1.0:
dependencies:
find-up "^3.0.0"
+plugin-image-zoom@ataft/plugin-image-zoom:
+ version "0.0.0"
+ resolved "https://codeload.github.com/ataft/plugin-image-zoom/tar.gz/a20c49db137ae2f9aa4128aafced3b74590300aa"
+ dependencies:
+ medium-zoom "^1.0.4"
+
portfinder@^1.0.26:
version "1.0.28"
resolved "https://registry.npmjs.org/portfinder/-/portfinder-1.0.28.tgz"
diff --git a/go.mod b/go.mod
index c125c30237..e11154d19d 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.16
require (
cloud.google.com/go/storage v1.16.1
- cloud.google.com/go/trace v0.1.0 // indirect
+ cloud.google.com/go/trace v1.0.0 // indirect
github.com/BurntSushi/toml v0.4.1
github.com/DATA-DOG/go-sqlmock v1.5.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.0.0-RC2
diff --git a/go.sum b/go.sum
index 8ff0a8b545..8bfcb8580b 100644
--- a/go.sum
+++ b/go.sum
@@ -49,6 +49,8 @@ cloud.google.com/go/storage v1.16.1 h1:sMEIc4wxvoY3NXG7Rn9iP7jb/2buJgWR1vNXCR/UP
cloud.google.com/go/storage v1.16.1/go.mod h1:LaNorbty3ehnU3rEjXSNV/NRgQA0O8Y+uh6bPe5UOk4=
cloud.google.com/go/trace v0.1.0 h1:nUGUK79FOkN0UGUXhBmVBkbu1PYsHe0YyFSPLOD9Npg=
cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g=
+cloud.google.com/go/trace v1.0.0 h1:laKx2y7IWMjguCe5zZx6n7qLtREk4kyE69SXVC0VSN8=
+cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/AlecAivazis/survey/v2 v2.2.15 h1:6UNMnk+YGegYFiPfdTOyZDIN+m08x2nGnqOn15BWcEQ=
github.com/AlecAivazis/survey/v2 v2.2.15/go.mod h1:TH2kPCDU3Kqq7pLbnCWwZXDBjnhZtmsCle5EiYDJ2fg=