27be460c07
* onboarding components, routing, steps * onboarding component, toc * fix onboarding mixin * header * refactor docs * fix layout * cleanup routing * docs routing * fix conventions * de en routing * docs, guide contents, nav * rem i18n support * fix routing from docs * rollup onwarn changes, preload * update svelte plugin, update rollup config * move docs * revert img style, remove code table * rem de completely * rollup optim, template * angular quickstart, quickstart overview page, update deps * fix link * pack, slug * prefetch binding, hidden links * export log * guards route ch * fix homepage * angular docs * docs * resolve fsh * overview * docs * docs * packages fix race condition * nav, home link * add vue, aspnet * doc optimizations * embed status pal * angular guide * angular guide * dotnet, angular guide * viewbox * typo * block onboarding route for non iam writers * set links from component data * fix: fetch org context in guard, more main cnt (#1192) * change get started guide, fix code blockquotes, typos * flutter guide * h2 spacing * highlight strong * plus * rm start sublinks * add proxy quickstart * regex * prevent outside click, fix project grant write Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
9.2 KiB
| title |
|---|
| Organizations |
What are organizations
Organizations are comparable to tenants of a system or OU's (organizational units) if we speak of a directory based system. ZITADEL is organized around the idea that
- multiple organizations share the same System
- these organizations can grant each other rights to self-manage certain things (eg, delegating roles)
- organizations are a vessels for users and projects
Global organization
The global organization holds users that are not assigned to any other organization in the System. Thus ZITADEL provides a global organization for users who manage their accounts on their own.
Example
Let's look at our example company `acme.ch`: Suppose ACME sells online-tickets for concert venues. ACME created an organization `iam` to manage their own enterprise users (employees) and projects to manage the provided services. They also created an organization `b2b-partner-1`, allowing the partner self-manage their access. A partner could be a concert venue, that can administrate the backend of the service (e.g. posting new concerts, setting up billing, ...), and you want to allow them to self-manage access of users (e.g. employees of the venue) to their backend. Lastly, the organization `global` holds all the b2c customers of `acme.ch` that registered to the service to buy concert tickets.Create an organization without existing login
ZITADEL allows you to create a new organization without a pre-existing user. For ZITADEL.ch you can create a org by visiting the Register organization
Screenshot here
Dedicated Instance
For dedicated ZITADEL instances this URL might be different, but in most cases should be something like https://accounts.YOURDOMAIN.TLD/register/orgCreate an organization with existing login
You can simply create a new organization by visiting the ZITADEL Console and clicking "new organization" in the upper left corner.
Screenshot here
Dedicated Instance
For dedicated ZITADEL instances this URL might be different, but in most cases should be something like `https://console.YOURDOMAIN.TLD`Verify a domain name
Once you created your organization you will receive a generated domain name from ZITADEL for your organization. For example if you call your organization ACME you will receive acme.zitadel.ch as name. Furthermore the users you create will be suffixed with this domain name. To improve the user experience you can verify a domain name which you control. If you control acme.ch you can verify the ownership by DNS or HTTP challenge.
After the domain is verified your users can use both domain names to log-in. The user "coyote" can now use "coyote@acme.zitadel.ch" and "coyote@acme.ch".
An organization can have multiple domain names, but only one of it can be primary. The primary domain defines which login name ZITADEL displays to the user, and also what information gets asserted in access_tokens (preferred_username).
Browse to your organization by visiting https://console.zitadel.ch/org.
Add the domain to your organization by clicking the button Add Domain.
Input the domain in the input field and click Add
Do not delete the verification code ZITADEL will recheck the ownership from time to time
When the verification is successful you have the option to activate the domain by clicking Set as primary
This changes the preferred loginnames of your users as indicated here.
Congratulations your are done! You can check this by visiting https://console.zitadel.ch/users/me
This only works when the user is member of this organization
Manage Organization ZITADEL Roles
You can assign users management roles to your new organization.
Audit organization changes
All changes to the organization are displayed on the organization menu within ZITADEL Console organization menu. Located on the right hand side under "activity".
Screenshot here