Open-source identity infrastructure for SSO, MFA, passkeys, OIDC, SAML, and SCIM
- Stars14.1k
- Forks1.1k
- Open Issues1.1k
AGPL-3.0
- Go
- TypeScript
- MDX
About ZITADEL
ZITADEL is an open-source identity and access management platform for teams that need more than basic authentication. It covers SSO, MFA, passkeys, OIDC, SAML, and SCIM for SaaS products, B2B platforms, and self-hosted IAM stacks, with vendor lock-in avoided through an API-first model.
It uses strict multi-tenancy with Identity System, Organizations, and Projects, and every mutation is written as an immutable event for an API-accessible audit trail. Resources are available through connectRPC, gRPC, and HTTP/JSON APIs, with webhooks, custom code, token enrichment, RBAC, self-registration, custom branding, and hosted login.
ZITADEL Cloud and self-hosted ZITADEL run the same codebase. The stack uses PostgreSQL 14 or newer, supports zero-downtime updates and horizontal scalability without external session stores, and is licensed under AGPL-3.0 with some Apache 2.0 and MIT exceptions.
Key features
- SSO, MFA, passkeys, OIDC, SAML, and SCIM
- Strict multi-tenancy with identity system, orgs, and projects
- API access via connectRPC, gRPC, and HTTP/JSON
- Immutable event stream with API-accessible audit trail
- Self-registration, custom branding, and hosted login
Details
- First released
- 2020
- Platforms
- Web · Docker
- Deployment
- self-hostable · cloud
- Database
- PostgreSQL 14+
- Architecture
- API-first, event-driven, multi-tenant
- Audit trail
- Immutable event stream