diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/authentication-method.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/authentication-method.png new file mode 100644 index 00000000..07acc2ec Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/authentication-method.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/client-credentials.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/client-credentials.png new file mode 100644 index 00000000..8b25d647 Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/client-credentials.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-application.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-application.png new file mode 100644 index 00000000..93c684db Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-application.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-project.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-project.png new file mode 100644 index 00000000..ae956bf7 Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/create-project.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/project-created.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/project-created.png new file mode 100644 index 00000000..30f3a928 Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/project-created.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/redirect-uris.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/redirect-uris.png new file mode 100644 index 00000000..2479f380 Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/redirect-uris.png differ diff --git a/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/review-application.png b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/review-application.png new file mode 100644 index 00000000..2906fd52 Binary files /dev/null and b/public/docs-static/img/manage/team/single-sign-on/zitadel-idp/review-application.png differ diff --git a/src/pages/manage/team/single-sign-on/index.mdx b/src/pages/manage/team/single-sign-on/index.mdx index c1cc0cde..e9a7a0b9 100644 --- a/src/pages/manage/team/single-sign-on/index.mdx +++ b/src/pages/manage/team/single-sign-on/index.mdx @@ -76,6 +76,12 @@ to integrate with NetBird. Below are the steps to set up different OIDC-complian +### Zitadel + +[Zitadel](https://zitadel.com/) is an open-source, API-first identity infrastructure platform built with multi-tenancy at its core. It provides single sign-on, passwordless authentication, role-based access control, and supports OpenID Connect, OAuth 2.0, and SAML. + + + ### cidaas [cidaas](https://www.cidaas.com/) is a cloud-native Identity and Access Management platform that supports OpenID Connect, OAuth 2.0, and SAML 2.0. It provides single sign-on, multi-factor authentication, user self-service, and fine-grained authorization. diff --git a/src/pages/manage/team/single-sign-on/zitadel.mdx b/src/pages/manage/team/single-sign-on/zitadel.mdx new file mode 100644 index 00000000..f0e7e2d0 --- /dev/null +++ b/src/pages/manage/team/single-sign-on/zitadel.mdx @@ -0,0 +1,85 @@ +import {Note} from "@/components/mdx"; + +# Zitadel on NetBird Cloud + +You can use Zitadel as your Identity Provider with NetBird, but it will require some additional configuration steps. Zitadel is an open-source, API-first identity infrastructure platform built with multi-tenancy at its core. It provides single sign-on, passwordless authentication, role-based access control, and supports OpenID Connect, OAuth 2.0, and SAML. + + + Support for OIDC-compliant IdPs is available on the Team plan and higher. + The Free plan supports Google, Microsoft, and social logins. + + +## Step 1: Create a New Project + +Log in to your Zitadel console at `https://.zitadel.cloud`. Navigate to **Projects** and click **+ Create New Project**. Enter `NetBird` as the project name and click **Continue**. + +

+ zitadel-create-project +

+ +You should see the project dashboard once the project is created. + +

+ zitadel-project-created +

+ +## Step 2: Create a New Application + +Inside your project, click **+ New** to create a new application. Configure the following: +- **Name**: `NetBird` +- **Type**: `Web` + +

+ zitadel-create-application +

+ +Click **Continue**. + +## Step 3: Configure Authentication Method + +Select **Code** as the authentication method. This enables the Authorization Code flow with a client secret. + +

+ zitadel-authentication-method +

+ +Click **Continue**. + +## Step 4: Configure Redirect URIs + +Set the following redirect settings: +- **Redirect URIs**: `https://login.netbird.io/login/callback` +- **Post Logout URIs**: `https://app.netbird.io` + +

+ zitadel-redirect-uris +

+ +Click **Continue** to proceed to the review stage. Verify your application settings and click **Create**. + +

+ zitadel-review-application +

+ +## Step 5: Copy the Client Credentials + +After creation, Zitadel displays the **Client ID** and **Client Secret**. Copy and store these securely — the Client Secret is only shown once. + +

+ zitadel-client-credentials +

+ +## Step 6: Share Configuration with NetBird + +Send the following information to the NetBird support team at support@netbird.io: + +- **Client ID** +- **Client Secret** +- **Zitadel Instance URL** (`https://.zitadel.cloud`) +- **Email domains for your users** + + +We recommend using a secure channel to share the Client Secret. You can send a separate email and use a secret sharing service like:
+- https://onetimesecret.com/en/
+- https://password.link/en
+