PickYourTechPickYourTech home
ZITADEL logo

ZITADEL

Multi‑tenant identity platform delivering secure, self‑service authentication.

Identity & SSO

ZITADEL provides a turnkey, API‑first identity solution with multi‑tenant management, OIDC, OAuth2, SAML, Passkeys, MFA, SCIM and unlimited audit, deployable via Docker, Kubernetes or SaaS.

ZITADEL banner

Overview

Overview

ZITADEL is an API‑first identity infrastructure designed for developers and enterprises that need robust, multi‑tenant user management. It supports B2B, CIAM, and partner scenarios with self‑service portals, branding, and an immutable audit trail.

Core Capabilities

The platform offers a full suite of authentication methods—including OpenID Connect, OAuth2, SAML, LDAP, Passkeys (FIDO2), and multifactor options—plus a SCIM 2.0 server for automated provisioning. Actions let you run custom code or webhooks on events, while GRPC and REST APIs expose every resource for seamless integration.

Deployment Options

ZITADEL can be self‑hosted on Linux, macOS, Docker Compose, or Kubernetes, requiring PostgreSQL ≥ 14. For hands‑free operation, ZITADEL Cloud provides a managed SaaS offering with a free tier and global regions. Zero‑downtime updates and high scalability make it suitable for production workloads.

Highlights

API‑first design with GRPC & REST endpoints
Native multi‑tenant architecture with self‑service UI
Comprehensive authentication methods (OIDC, OAuth2, SAML, Passkeys, MFA)
Event‑sourced audit trail and customizable actions

Pros

  • Fast local deployment (under 3 minutes) with Docker Compose
  • Rich set of authentication protocols out of the box
  • Scalable multi‑tenant model suitable for B2B and CIAM
  • Extensible via actions, webhooks, and multiple SDKs

Considerations

  • Requires PostgreSQL (v14+) as an external dependency
  • Advanced customizations may need Go development expertise
  • Self‑hosted setup demands container or Kubernetes knowledge
  • Feature breadth can be overkill for simple single‑tenant apps

Managed products teams compare with

When teams consider ZITADEL, these hosted platforms usually appear on the same shortlist.

Amazon Cognito logo

Amazon Cognito

Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps

Auth0 logo

Auth0

Cloud-based identity management platform for adding user authentication and authorization to applications

Clerk logo

Clerk

User authentication and identity APIs for web and mobile apps

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Startups building SaaS platforms needing tenant isolation
  • Enterprises integrating legacy LDAP or SAML providers
  • Developers seeking an open‑source alternative to Auth0 or Keycloak
  • Teams that want audit‑ready identity with event sourcing

Not ideal when

  • Projects with only a single user and no multi‑tenant requirements
  • Environments where PostgreSQL cannot be installed
  • Teams lacking container/Kubernetes expertise for self‑hosting
  • Use cases requiring a lightweight library rather than a full identity server

How teams use it

Secure React SPA with OIDC PKCE

Implement OpenID Connect Authorization Code flow with PKCE, enabling seamless login and token handling using ZITADEL’s OIDC endpoints.

Password‑less login with Passkeys

Leverage FIDO2/WebAuthn support to replace passwords, providing phishing‑resistant authentication for end‑users.

B2B partner onboarding via SCIM

Automate user provisioning across multiple tenant organizations using ZITADEL’s SCIM 2.0 server.

Custom workflow automation with Actions

Trigger external APIs or webhooks on login, registration, or role changes, extending ZITADEL’s core behavior without modifying source code.

Tech snapshot

Go82%
TypeScript12%
HTML3%
SCSS2%
CSS1%
JavaScript1%

Tags

identityuseroidcfido2passkeysauthorizationopenid-connectloginoauth2scimsso2famultitenancymfaauthenticationsaml

Frequently asked questions

What databases does ZITADEL support?

ZITADEL uses PostgreSQL (version 14 or newer) as its persistent store.

Can I run ZITADEL locally for development?

Yes, a Docker‑compose setup lets you start a full instance on Linux, macOS, or Windows in under three minutes.

Is there a hosted SaaS version?

ZITADEL Cloud offers a managed service with a free tier and pay‑as‑you‑go pricing across multiple regions.

How does ZITADEL handle audit logging?

All events are stored via an event‑sourcing pattern, providing an immutable, unlimited audit trail.

What programming languages have SDKs?

Official SDKs are available for Go, TypeScript, and other popular languages; community SDKs exist for additional runtimes.

Project at a glance

Active
Visit siteView repo
Stars
12,778
Watchers
12,778
Forks
920
LicenseAGPL-3.0
Repo age5 years old
Last commit12 hours ago
Primary languageGo

Last synced 12 hours ago