mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-18 22:07:32 +00:00
9f0638fac9
* test spell check * fix indenting * test * add something to test * test spellcheck * spelling improvements * improve spelling and ignore list * Update site/docs/start/00-quick-start.de.md
73 lines
1.8 KiB
Markdown
73 lines
1.8 KiB
Markdown
---
|
||
title: Identity Providers
|
||
---
|
||
|
||
### What are Identity Providers
|
||
|
||
Identity providers or in short idps are external systems to which **ZITADEL** can create a **federation** or use their **directory service**.
|
||
Normally federation uses protocols like [OpenID Connect 1.0](https://openid.net/connect/), [OAuth 2.0](https://oauth.net/2/) and [SAML 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
|
||
|
||
Some examples include:
|
||
|
||
#### Social Providers
|
||
|
||
- Google Account
|
||
- Microsoft Live Account
|
||
- Apple ID
|
||
- GitHub
|
||
- GitLab
|
||
- ...
|
||
|
||
#### Enterprise Providers**
|
||
|
||
- Azure AD Tenant
|
||
- Gsuite hosted domain
|
||
- ...
|
||
|
||
### Generic
|
||
|
||
- ADFS
|
||
- ADDS
|
||
- Keycloak
|
||
- LDAP
|
||
|
||
### What is Identity Brokering
|
||
|
||
ZITADEL supports the usage as identity broker, by linking multiple external idps into one user.
|
||
With identity brokering the client which relies on ZITADEL does not need to care about the linking of identity.
|
||
|
||
### Manage Identity Providers
|
||
|
||
> Screenshot here
|
||
|
||
### Federation Protocols
|
||
|
||
Currently supported are the following protocols.
|
||
|
||
- OpenID Connect 1.0
|
||
- OAuth 2.0
|
||
|
||
SAML 2.0 will follow later on.
|
||
|
||
### Storage Federation
|
||
|
||
> This is a work in progress.
|
||
|
||
Storage federation is a means of integrating existing identity storage like [LDAP](https://tools.ietf.org/html/rfc4511) and [ADDS](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview).
|
||
With this process **ZITADEL** can authenticate users with LDAP Binding and SPNEGO for ADDS. It is also possible to synchronize the users just-in-time or scheduled.
|
||
|
||
#### Sync Settings
|
||
|
||
Here we will document all the different sync options
|
||
|
||
- Read-only
|
||
- Writeback
|
||
- just-in-time sync
|
||
- scheduled sync
|
||
|
||
> TBD
|
||
|
||
### Audit identity provider changes
|
||
|
||
> Screenshot here
|