From 251777c2839f5edd2fbabb9368b007bac35ed226 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 14 Nov 2025 12:12:54 -0500
Subject: [PATCH] Fix https://github.com/fosrl/pangolin/issues/1851

---
 manage/identity-providers/zitadel.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/manage/identity-providers/zitadel.mdx b/manage/identity-providers/zitadel.mdx
index 08720f6..3a2ebd4 100644
--- a/manage/identity-providers/zitadel.mdx
+++ b/manage/identity-providers/zitadel.mdx
@@ -44,6 +44,10 @@ When you click create, you'll be shown the `ClientSecret` and `ClientId`. Make s
   Click `Token settings` then change `Auth Token Type` to `JWT` and check the `User Info inside ID Token` box finally hit `Save`.
 </Step>
 
+<Step title="Enable User Claims in ID Token">
+  Still in `Token settings`, check the box for `Include user's roles in the ID Token`. This enables Zitadel to include necessary user profile claims (including `preferred_username`) in the ID token, which Pangolin requires for user identification.
+</Step>
+
 <Step title="Note Endpoints">
   Open `URLs` and make note of:
   - `Authorization Endpoint`