TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-15 04:18:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
ea2aa27f15
zitadel/site/docs/administrate/06-users.en.md
mffap ea2aa27f15
docs: improvement to semantics (#944) 
* rename to overview

* wip

* wip

* wip

* wip

* wip

* wip

* examples

* ts example

* wip with grafana

* add grafana tutorial

* screenshots and grafana

* figure out oauth proxy

* authz oauth proxy

* move img

* merge from master

* reviewed documentation

* reviewed documentation

* wip

* wip

* wip

* wip

* wip

* wip

* examples

* ts example

* wip with grafana

* screenshots and grafana

* figure out oauth proxy

* authz oauth proxy

* move img

* merge from master

* cleaned up name for management roles

* corrected small typo in code

* Intro for orgs, spelling, ref to mgmt roles

* removed inline comments

* Update 00-quick-start.en.md

* Update 02-organisations.en.md

* Update site/docs/administrate/03-projects.en.md

Co-authored-by: Florian Forster <florian@caos.ch>

* Update 03-projects.en.md

* Update 04-clients.en.md

* Update site/docs/administrate/07-policies.en.md

Co-authored-by: Florian Forster <florian@caos.ch>

* Update 09-authorizations.en.md

Co-authored-by: Florian Forster <florian@caos.ch>
2020-12-01 16:56:33 +01:00

5.4 KiB
Raw Blame History

title
Users

What are users

In ZITADEL there are different users. Some belong to dedicated organisations other belong to the global organisation. Some of them are human users others are machines. Nonetheless we treat them all the same in regard to roles management and audit trail.

Human vs. Service Users

The major difference between human vs. machine users is the type of credentials that can be used: With machine users there is only a non-interactive logon process possible. As such we utilize “JWT as Authorization Grant”.

TODO Link to “JWT as Authorization Grant” explanation.

How ZITADEL handles usernames

ZITADEL is built around the concept of organisations. Each organisation has its own pool of usernames which includes human and service users.

For example a user with the username road.runner can only exist once in the organisation ACME. ZITADEL will automatically generate a "logonname" for each user consisting of {username}@{domainname}.{zitadeldomain}. Without verifying the domain name this would result in the logonname road.runner@acme.zitadel.ch.

If you use a dedicated instance ZITADEL replace zitadel.ch with your domain name.

If someone verifies a domain name within the organisation, ZITADEL will generate additional logonames for each user with the verified domain. For example if the domain is acme.ch the resulting logonname would be road.runner@acme.ch in addition to the already generated road.runner@acme.zitadel.ch.

Domain verification also removes the logonname from all users, who might have used this combination in the global organisation. Relating to example with acme.ch if a user in the global organisation, let's call him coyote, used coyote@acme.ch this logonname will be replaced with coyote@randomvalue.tld ZITADEL notifies the user about this change

Manage Users

Search Users

User list Search
User list Search

Image 1: User List Search

Create Users

User list
User list
User Create Form
User Create Form
User Create Done
User Create Done

Set Password

Screenshot here

Manage Service Users

Screenshot here

Manage User Authorisations

Screenshot here

Manage User ZITADEL Roles

Manage ZITADEL Roles 1
Manage ZITADEL Roles 1
Manage ZITADEL Roles 2
Manage ZITADEL Roles 2

Audit user changes

Screenshot here