ef3b7482cd
* chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
1.9 KiB
| title |
|---|
| Users |
What are users
In ZITADEL there are different users. Some belong to dedicated organisations other belong to the global org. Some of them are human users others are machines. Nonetheless we treat them all the same in regard to roles management and audit trail.
Human vs. Service Users
The major difference between humane vs. machine users is the type of credentials who can be used. With machine users there is only a non interactive login process possible. As such we utilize “JWT as Authorization Grant”.
TODO Link to “JWT as Authorization Grant” explanation.
How ZITADEL handles usernames
ZITADEL is built around the concept of organisations. Each organisation has it's own pool of usernames which include human and service users.
For example a user with the username alice can only exist once the org. ACME. ZITADEL will automatically generate a "logonname" for each user consisting of {username}@{domainname}.{zitadeldomain}. Without verifying the domain name this would result in the logonname alice@acme.zitadel.ch. If you use a dedicated ZITADEL replace zitadel.ch with your domain name.
If someone verifies a domain name within the org. ZITADEL will generate additional logonames for each user with that domain. For example if the domain is acme.ch the resulting logonname would be alice@acme.ch and as well the generated one alice@acme.zitadel.ch.
Domain verification also removes the logonname from all users who might have used this combination in the global org. Relating to example with
acme.chif a user in the global org, let's call himbobusedbob@acme.chthis logonname will be replaced withbob@randomvalue.tldZITADEL notifies the user about this change
Manage Users
Create User
Screenshot here
Set Password
Screenshot here
Manage Service Users
Screenshot here
Authorizations
Screenshot here
Audit user changes
Screenshot here