mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 09:33:39 +00:00
27be460c07
* onboarding components, routing, steps * onboarding component, toc * fix onboarding mixin * header * refactor docs * fix layout * cleanup routing * docs routing * fix conventions * de en routing * docs, guide contents, nav * rem i18n support * fix routing from docs * rollup onwarn changes, preload * update svelte plugin, update rollup config * move docs * revert img style, remove code table * rem de completely * rollup optim, template * angular quickstart, quickstart overview page, update deps * fix link * pack, slug * prefetch binding, hidden links * export log * guards route ch * fix homepage * angular docs * docs * resolve fsh * overview * docs * docs * packages fix race condition * nav, home link * add vue, aspnet * doc optimizations * embed status pal * angular guide * angular guide * dotnet, angular guide * viewbox * typo * block onboarding route for non iam writers * set links from component data * fix: fetch org context in guard, more main cnt (#1192) * change get started guide, fix code blockquotes, typos * flutter guide * h2 spacing * highlight strong * plus * rm start sublinks * add proxy quickstart * regex * prevent outside click, fix project grant write Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
78 lines
1.8 KiB
Markdown
78 lines
1.8 KiB
Markdown
---
|
|
title: Identity Providers
|
|
---
|
|
|
|
### What are Identity Providers
|
|
|
|
Identity providers or in short idps are external systems to which **ZITADEL** can create a **federation** or use their **directory service**.
|
|
Normally federation uses protocols like [OpenID Connect 1.0](https://openid.net/connect/), [OAuth 2.0](https://oauth.net/2/) and [SAML 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
|
|
|
|
Some examples include:
|
|
|
|
**Social Providers**
|
|
|
|
- Google Account
|
|
- Microsoft Live Account
|
|
- Apple ID
|
|
- GitHub
|
|
- GitLab
|
|
- ...
|
|
|
|
**Enterprise Providers**
|
|
|
|
- Azure AD Tenant
|
|
- Gsuite hosted domain
|
|
- ...
|
|
|
|
**Generic**
|
|
|
|
- ADFS
|
|
- ADDS
|
|
- Keycloak
|
|
- LDAP
|
|
|
|
### What is Identity Brokering
|
|
|
|
ZITADEL supports the usage as identity broker, by linking multiple external IDPs into one user.
|
|
With identity brokering the client, that relies on ZITADEL, doesn't need to care about the linking of identity.
|
|
|
|
<details>
|
|
<summary>Example</summary>
|
|
tbd.
|
|
</details>
|
|
|
|
### Manage Identity Providers
|
|
|
|
> Screenshot here
|
|
|
|
### Federation Protocols
|
|
|
|
Currently supported are the following protocols.
|
|
|
|
- OpenID Connect 1.0
|
|
- OAuth 2.0
|
|
|
|
SAML 2.0 will follow later on.
|
|
|
|
### Storage Federation
|
|
|
|
> This is a work in progress.
|
|
|
|
Storage federation is a means of integrating existing identity storage like [LDAP](https://tools.ietf.org/html/rfc4511) and [ADDS](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview).
|
|
With this process **ZITADEL** can authenticate users with LDAP Binding and SPNEGO for ADDS. It is also possible to synchronize the users just-in-time or scheduled.
|
|
|
|
#### Sync Settings
|
|
|
|
Here we will document all the different sync options
|
|
|
|
- Read-only
|
|
- Writeback
|
|
- just-in-time sync
|
|
- scheduled sync
|
|
|
|
> TBD
|
|
|
|
### Audit identity provider changes
|
|
|
|
> Screenshot here
|