* additional content * even more content
8.0 KiB
title |
---|
Organisations |
What are organisations
Organisations are comparable to tenants of a system or OU's (organisational units) if we speak of a directory based system. ZITADEL is organised around the idea that multiple organisations share the same System and that they can grant each other rights so self manage certain things.
Global organisation
ZITADEL provides a global organisation for users who manage their accounts on their own. Think of this like the difference between a "Microsoft Live Login" vs. "AzureAD User" or if you think of Google "Gmail" vs "Gsuite".
Create an organisation without existing login
ZITADEL allows you to create a new organisation without a pre-existing user. For ZITADEL.ch you can create a org by visiting the Register organisation
Screenshot here
For dedicated ZITADEL instances this URL might be different, but in most cases should be something like https://accounts.YOURDOMAIN.TLD/register/org
Create an organisation with existing login
You can simply create a new organisation by visiting the ZITADEL Console and clicking "new organisation" in the upper left corner.
Screenshot here
For dedicated ZITADEL instances this URL might be different, but in most cases should be something like https://console.YOURDOMAIN.TLD
Verify a domain name
Once you created your organisation you will receive a generated domain name from ZITADEL for your organisation. For example if you call your organisation ACME
you will receive acme.zitadel.ch
as name. Furthermore the users you create will be suffixed with this domain name. To improve the user experience you can verify a domain name which you control. If you control acme.ch you can verify the ownership by DNS or HTTP challenge.
After the domain is verified your users can use both domain names to log-in. The user "coyote" can now use "coyote@acme.zitadel.ch" and "coyote@acme.ch".
An organisation can have multiple domain names, but only one of it can be primary. The primary domain defines which login name ZITADEL displays to the user, and also what information gets asserted in access_tokens (preferred_username).
Browse to your organisation by visiting https://console.zitadel.ch/org.
Add the domain to your organisation by clicking the button Add Domain.
Input the domain in the input field and click Add
Do not delete the verification code ZITADEL will recheck the ownership from time to time
When the verification is successful you have the option to activate the domain by clicking Set as primary
This changes the preferred loginnames of your users as indicated here.
Congratulations your are done! You can check this by visiting https://console.zitadel.ch/users/me
This only works when the user is member of this organisation
Manage Organisation ZITADEL Roles
Audit organisation changes
All changes to the organisation are displayed on the organisation menu within ZITADEL Console organisation menu. Located on the right hand side under "activity".
Screenshot here