How to deploy ZITADEL on Kubernetes?

ZITADEL provides detailed Kubernetes deployment guides using Helm charts or YAML manifests, requiring PostgreSQL setup and ingress configuration. The documentation includes production-ready steps for scalability and updates.

ZITADEL vs Keycloak for multi-tenant apps?

ZITADEL offers stricter multi-tenancy with hierarchical instances and organizations, plus API-first design, while Keycloak uses realms with potential scaling limits. Choose ZITADEL for advanced audit trails and control; Keycloak for a larger plugin ecosystem.

Does ZITADEL support social logins like Google?

Yes, ZITADEL supports enterprise IdPs and social logins via OpenID Connect and SAML, with pre-built templates for common providers like Google, as documented in the identity brokering guides.

How to implement MFA in ZITADEL?

MFA is built-in with options for OTP, U2F, OTP Email, and SMS. You can configure it per organization or project via the administration console or APIs, with detailed steps in the authentication guides.

What databases does ZITADEL support?

ZITADEL requires PostgreSQL version 14 or higher as its primary database, and it does not natively support alternatives like MySQL or MongoDB, which may constrain deployment choices.

Is ZITADEL free for commercial use?

Yes, the self-hosted version is open-source under AGPL-3.0, allowing free commercial use. The cloud SaaS version has a pay-as-you-go pricing model, but there's no vendor lock-in for self-hosting.

Zitadel

AGPL-3.0Gov4.13.1

An open-source identity and access management platform with multi-tenancy, SSO, MFA, and API-first design for developers.

Visit Website

What is Zitadel?

ZITADEL is an open-source identity and access management platform that simplifies identity infrastructure for developers. It provides a comprehensive suite of authentication and authorization features, including SSO, MFA, passkeys, and multi-tenancy, all accessible via an API-first design. The platform solves the problem of securing applications with robust, scalable identity management without vendor lock-in.

Target Audience

Developers and teams building SaaS products, B2B platforms, or any application requiring production-grade IAM with multi-tenancy, self-hosting capabilities, and API-driven integration.

Value Proposition

Developers choose ZITADEL for its strict multi-tenant hierarchy, event-driven audit trail, and API-first design that offers parity between SaaS and self-hosted deployments. Its open-source nature and comprehensive feature set provide control and flexibility without compromising on enterprise-grade capabilities.

Overview

ZITADEL - Identity infrastructure, simplified for you.

Use Cases

Best For

Securing SaaS products with multi-tenant identity management

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

GitHub

13.6k stars1.0k forks0 contributors

Building B2B platforms with customizable onboarding and self-service

Self-hosting a production IAM stack with zero-downtime updates

Integrating identity via typed APIs (gRPC, REST) for machine-to-machine workflows

Implementing comprehensive audit trails and SOC/SIEM integration

Deploying scalable identity infrastructure with Docker or Kubernetes

Not Ideal For

Startups or small projects that only need basic username/password authentication without SSO or multi-tenancy
Teams lacking dedicated DevOps resources to manage self-hosted deployments with Docker or Kubernetes
Applications requiring out-of-the-box, heavily branded login UIs with minimal frontend development effort

Pros & Cons

Pros

Strict Multi-Tenancy Hierarchy

Supports a layered model with instances, organizations, and projects for isolated data and policies, ideal for complex B2B scenarios as highlighted in the comparison table.

API-First Design

Every resource is accessible via connectRPC, gRPC, and REST APIs, enabling seamless programmatic integration, with comprehensive documentation and examples.

Immutable Audit Trail

All mutations are recorded as events, providing a complete audit stream that can be exported to SOC/SIEM systems, a key differentiator emphasized in the features.

Scalable Deployment

Offers zero-downtime updates and horizontal scalability without external session stores, supported by Docker Compose and Kubernetes guides for production environments.

Cons

High Operational Overhead

Self-hosting requires managing PostgreSQL, container orchestration, and high availability, which can be complex and resource-intensive for teams without infrastructure expertise.

Steep Integration Effort

The API-centric approach means developers must build custom integrations rather than using drop-in modules, increasing initial setup time compared to more opinionated services.

Evolving Ecosystem

While feature-rich, the third-party plugin and community contribution ecosystem is less mature than established competitors like Auth0 or Keycloak, potentially limiting ready-made solutions.

Open Source Alternative To

Zitadel is an open-source alternative to the following products:

Auth0

Auth0 is a cloud-based identity and access management platform that provides authentication and authorization services for applications. It supports single sign-on, multi-factor authentication, and social login integrations.

F

FusionAuth

Keycloak

Keycloak is an open-source identity and access management solution that provides single sign-on, user federation, and social login capabilities for web applications and services.

Okta

An identity and access management platform that provides secure authentication, authorization, and user management for applications.

Frequently Asked Questions

Home

IAM

Keycloak

Open Source Identity and Access Management For Modern Applications and Services

The authentication glue you need.

Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.

Stars17,084

Forks1,558

Last commit10 days ago

Casdoor

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

Stars13,460

Forks1,658

Last commit3 days ago