mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
ea2aa27f15
* rename to overview * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * add grafana tutorial * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * reviewed documentation * reviewed documentation * wip * wip * wip * wip * wip * wip * examples * ts example * wip with grafana * screenshots and grafana * figure out oauth proxy * authz oauth proxy * move img * merge from master * cleaned up name for management roles * corrected small typo in code * Intro for orgs, spelling, ref to mgmt roles * removed inline comments * Update 00-quick-start.en.md * Update 02-organisations.en.md * Update site/docs/administrate/03-projects.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 03-projects.en.md * Update 04-clients.en.md * Update site/docs/administrate/07-policies.en.md Co-authored-by: Florian Forster <florian@caos.ch> * Update 09-authorizations.en.md Co-authored-by: Florian Forster <florian@caos.ch>
106 lines
5.4 KiB
Markdown
106 lines
5.4 KiB
Markdown
---
|
|
title: Users
|
|
---
|
|
|
|
### What are users
|
|
|
|
In **ZITADEL** there are different [users](administrate#Users). Some belong to dedicated [organisations](administrate#Organisations) other belong to the [global organisation](administrate#Global_organisation). Some of them are human [users](administrate#Users) others are machines.
|
|
Nonetheless we treat them all the same in regard to [roles](administrate#Roles) management and audit trail.
|
|
|
|
#### Human vs. Service Users
|
|
|
|
The major difference between human vs. machine [users](administrate#Users) is the type of credentials that can be used: With machine [users](administrate#Users) there is only a non-interactive logon process possible. As such we utilize “JWT as Authorization Grant”.
|
|
|
|
> TODO Link to “JWT as Authorization Grant” explanation.
|
|
|
|
### How ZITADEL handles usernames
|
|
|
|
**ZITADEL** is built around the concept of [organisations](administrate#Organisations). Each [organisation](administrate#Organisations) has its own pool of usernames which includes human and service [users](administrate#Users).
|
|
|
|
For example a [user](administrate#Users) with the username `road.runner` can only exist once in the [organisation](administrate#Organisations) `ACME`. **ZITADEL** will automatically generate a "logonname" for each [user](administrate#Users) consisting of `{username}@{domainname}.{zitadeldomain}`. Without [verifying the domain name](administrate#Verify_a_domain_name) this would result in the logonname `road.runner@acme.zitadel.ch`.
|
|
|
|
> If you use a dedicated instance **ZITADEL** replace `zitadel.ch` with your domain name.
|
|
|
|
If someone [verifies a domain name](administrate#Verify_a_domain_name) within the organisation, **ZITADEL** will generate additional logonames for each [user](administrate#Users) with the verified domain. For example if the domain is `acme.ch` the resulting logonname would be `road.runner@acme.ch` in addition to the already generated `road.runner@acme.zitadel.ch`.
|
|
|
|
> Domain verification also removes the logonname from all [users](administrate#Users), who might have used this combination in the [global organisation](administrate#Global_organisation).
|
|
> Relating to example with `acme.ch` if a user in the [global organisation](administrate#Global_organisation), let's call him `coyote`, used `coyote@acme.ch` this logonname will be replaced with `coyote@randomvalue.tld`
|
|
> **ZITADEL** notifies the user about this change
|
|
|
|
### Manage Users
|
|
|
|
#### Search Users
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_list_search.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_list_search.png" itemprop="thumbnail" alt="User list Search" />
|
|
</a>
|
|
<figcaption itemprop="caption description">User list Search</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
Image 1: User List Search
|
|
|
|
#### Create Users
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_list.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_list.png" itemprop="thumbnail" alt="User list" />
|
|
</a>
|
|
<figcaption itemprop="caption description">User list</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_create_form.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_create_form.png" itemprop="thumbnail" alt="User Create Form" />
|
|
</a>
|
|
<figcaption itemprop="caption description">User Create Form</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_create_done.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_create_done.png" itemprop="thumbnail" alt="User Create Done" />
|
|
</a>
|
|
<figcaption itemprop="caption description">User Create Done</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
#### Set Password
|
|
|
|
> Screenshot here
|
|
|
|
### Manage Service Users
|
|
|
|
> Screenshot here
|
|
|
|
### Manage User Authorisations
|
|
|
|
> Screenshot here
|
|
|
|
### Manage User ZITADEL Roles
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_manage_roles_1.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_manage_roles_1.png" itemprop="thumbnail" alt="Manage ZITADEL Roles 1" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage ZITADEL Roles 1</figcaption>
|
|
</figure>
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_user_manage_roles_2.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_user_manage_roles_2.png" itemprop="thumbnail" alt="Manage ZITADEL Roles 2" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage ZITADEL Roles 2</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
### Audit user changes
|
|
|
|
> Screenshot here
|