ZITADEL

ZITADEL

Website

API-first identity and access management platform for applications

RepositoryWebsiteDemo
12.7kstars
916forks
Last commit: 1d ago
Repo age: 6y old

ZITADEL is an identity and access management platform for authenticating users and securing applications. It provides hosted and custom login options, supports modern standards like OIDC/OAuth2 and SAML, and is designed with multi-tenancy in mind for B2B and CIAM scenarios.

Key Features

  • Multi-tenant organizations with team and project management
  • Single Sign-On with OpenID Connect and OAuth 2.x flows
  • SAML 2.0 support for enterprise federation
  • Multifactor authentication (OTP) and passkeys (FIDO2/WebAuthn)
  • Role-based access control (RBAC) and permission management
  • Self-service user registration and account management
  • API-first platform with gRPC and REST APIs
  • SCIM 2.0 server for automated user provisioning
  • Event-sourced architecture with an audit trail

Use Cases

  • Centralized authentication for web and mobile apps using OIDC/OAuth2
  • B2B SaaS user management with isolated organizations and delegated admin
  • Enterprise integrations via SAML and automated provisioning via SCIM

Limitations and Considerations

  • Requires PostgreSQL (commonly version 14+) as the primary storage backend

ZITADEL combines standards-based authentication with strong multi-tenancy and extensibility, making it suitable for both customer-facing and internal identity scenarios. It can be operated with a hosted login or integrated more deeply via APIs for fully custom experiences.

Categories:

Identity & Access Management (IAM)SSO & Federated Identity (OIDC/SAML)

Tags:

# Authentication# IAM# OAuth2# Authorization# RBAC# OIDC# Audit Logging# SAML# Two-Factor Authentication

Tech Stack:

GoGoPostgreSQLPostgreSQLKubernetesKubernetesDockerDockerTypeScriptTypeScript
D
Docker ComposegRPCgRPCRESTREST
Share:

Similar Services

PocketBase

PocketBase

Lightweight open-source realtime backend with embedded SQLite

55.3k
3k
Last commit: 1d ago

Open-source Go backend providing embedded SQLite, realtime (SSE) subscriptions, auth (JWT/OAuth2), file storage, admin UI and REST-style APIs for web and mobile apps.

Alternative to:
PocketBase Cloud
PocketBase Cloud+17
Keycloak

Keycloak

Open-source identity and access management with SSO

32.3k
8k
Last commit: 21h ago

Keycloak is an open-source IAM server providing single sign-on, user federation, and centralized authentication and authorization using OIDC, OAuth 2.0, and SAML.

Alternative to:
Okta
Okta+19
Authelia

Authelia

Self-hosted IAM with SSO and multi-factor authentication

26.4k
1.3k
Last commit: 1d ago

Authelia is an open-source IAM and authentication server providing SSO, MFA, and access control for web apps, with OpenID Connect/OAuth 2.0 and reverse-proxy integration.

Alternative to:
Auth0
Auth0+16
Infisical

Infisical

Open-source platform for secrets, PKI certificates, and privileged access

24.5k
1.7k
Last commit: 20h ago

Infisical is an open-source platform to manage and deliver app secrets, certificates (PKI), SSH credentials, and encryption keys across teams and infrastructure.

Alternative to:
HashiCorp Vault
HashiCorp Vault+9
authentik

authentik

Open-source Identity Provider (IdP) for SSO, OIDC, and SAML

19.7k
1.4k
Last commit: 17h ago

Open-source IdP delivering SSO, OAuth2/OIDC, SAML2, LDAP, RADIUS, MFA, WebAuthn, conditional access and application-proxy capabilities for self-hosted deployments.

Alternative to:
Okta
Okta+19
Teleport

Teleport

Identity-aware access proxy for infrastructure and internal apps

19.7k
2k
Last commit: 17h ago

Secure access platform for servers, Kubernetes, databases, desktops, and web apps with SSO/MFA, short-lived certificates, and full session auditing.

Alternative to:
Twingate
Twingate+16