MCPcopy
hub / github.com/zitadel/zitadel

github.com/zitadel/zitadel @v5.0.0-base sqlite

repository ↗ · DeepWiki ↗ · release v5.0.0-base ↗
35,708 symbols 143,177 edges 4,129 files 8,479 documented · 24%
README
<img src="https://github.com/zitadel/zitadel/raw/v5.0.0-base/apps/docs/public/img/logos/zitadel-logo-dark@2x.png#gh-light-mode-only" alt="ZITADEL Logo" max-height="200px" width="auto" />
<img src="https://github.com/zitadel/zitadel/raw/v5.0.0-base/apps/docs/public/img/logos/zitadel-logo-light@2x.png#gh-dark-mode-only" alt="ZITADEL Logo" max-height="200px" width="auto" />







<a href="https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/zitadel/zitadel" alt="Open in Dev Container">
    <img src="https://img.shields.io/static/v1?label=Dev%20Containers&message=Open&color=blue" /></a>
<a href="https://github.com/zitadel/zitadel/blob/main/LICENSE" alt="License">
    <img src="https://badgen.net/github/license/zitadel/zitadel/" /></a>
<a href="https://bestpractices.coreinfrastructure.org/projects/6662">
    <img src="https://bestpractices.coreinfrastructure.org/projects/6662/badge"></a>
<a href="https://github.com/semantic-release/semantic-release" alt="semantic-release">
    <img src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg" /></a>
<a href="https://github.com/zitadel/zitadel/actions" alt="ZITADEL Release">
    <img alt="GitHub Workflow Status (with event)" src="https://img.shields.io/github/actions/workflow/status/zitadel/zitadel/build.yml?event=pull_request"></a>
<a href="https://zitadel.com/docs/support/software-release-cycles-support" alt="Release">
    <img src="https://badgen.net/github/release/zitadel/zitadel/stable" /></a>
<a href="https://goreportcard.com/report/github.com/zitadel/zitadel" alt="Go Report Card">
    <img src="https://goreportcard.com/badge/github.com/zitadel/zitadel" /></a>
<a href="https://codecov.io/gh/zitadel/zitadel" alt="Code Coverage">
    <img src="https://codecov.io/gh/zitadel/zitadel/branch/main/graph/badge.svg" /></a>
<a href="https://github.com/zitadel/zitadel/graphs/contributors" alt="Contributors">
    <img alt="GitHub contributors" src="https://img.shields.io/github/contributors/zitadel/zitadel"></a>
<a href="https://discord.gg/YgjEuJzZ3x" alt="Discord Chat">
    <img src="https://badgen.net/discord/online-members/YgjEuJzZ3x" /></a>







<a href="https://openid.net/certification/#OPs" alt="OpenID Connect Certified">
    <img src="https://github.com/zitadel/zitadel/raw/v5.0.0-base/apps/docs/public/img/logos/oidc-cert.png" /></a>

The Identity Infrastructure for Developers

ZITADEL is an open-source identity and access management platform built for teams that need more than basic auth. Whether you're securing a SaaS product, building a B2B platform, or self-hosting a production IAM stack — ZITADEL gives you everything out of the box: SSO, MFA, Passkeys, OIDC, SAML, SCIM, and a battle-tested multi-tenancy model.

No vendor lock-in. No compromise on control. Just a robust, API-first identity platform you can own.


🏡 Website  |  💬 Chat  |  📋 Docs  |  🧑‍💻 Blog  |  📞 Contact


Why ZITADEL

We built ZITADEL to handle the hardest IAM challenges at scale — starting with multi-tenancy.

ZITADEL FusionAuth Keycloak Auth0/Okta
Open-source
Self-hostable
Infrastructure-level tenants ✅ Instances (High scale) ✅ Tenants 🟡 Realms (Scaling limits) ❌ (Multi-tenant = multi-account)
B2B Organizations ✅ Native & Unlimited 🟡 via Entity Management ✅ (Recent addition) 🟡 (Plan/Account dependent)
Full audit trail ✅ Comprehensive Event Stream* 🟡 Audit logs 🟡 Audit logs 🟡 Audit logs
Passkeys (FIDO2)
Actions / webhooks 🟡 via SPI
API-first (gRPC + REST) 🟡 REST only 🟡 REST only 🟡 REST only
SaaS + self-host parity ➖ N/A ➖ N/A

ZITADEL Cloud and self-hosted ZITADEL run the same codebase.

Key differentiators for architects: - Relational core, event-driven soul — every mutation is written as an immutable event for a complete, API-accessible audit trail. Unlike systems that log only select activities, ZITADEL provides a comprehensive event stream that can be audited or streamed to external systems via Webhooks. - Strict multi-tenant hierarchy — Identity System → Organizations → Projects, with isolated data and policy scoping at multiple levels - API-first design — every resource and action is available via connectRPC, gRPC, and HTTP/JSON APIs - Zero-downtime updates and horizontal scalability without external session stores


Get Started in 3 Minutes

👉 Quick Start Guide

ZITADEL Self-Hosted

# Docker Compose — up and running in under 3 minutes
curl -LO https://raw.githubusercontent.com/zitadel/zitadel/main/deploy/compose/docker-compose.yml \
  && curl -LO https://raw.githubusercontent.com/zitadel/zitadel/main/deploy/compose/.env.example \
  && cp .env.example .env \
  && docker compose up -d --wait

Full deployment guides: - Docker Compose - Kubernetes

Need professional support for your self-hosted deployment? Contact us.

ZITADEL Cloud (SaaS)

Start for free at zitadel.com — no credit card required. Available in US · EU · AU · CH. Pay-as-you-go pricing.


Integrate with the V2 API

ZITADEL exposes every capability over a typed API. Here's how to create a user with the V2 REST API:

curl -X POST https://$ZITADEL_DOMAIN/v2/users/human \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "alice@example.com",
    "profile": { "givenName": "Alice", "familyName": "Smith" },
    "email": { "email": "alice@example.com", "sendCode": {} }
  }'

Explore the full API reference — including connectRPC and gRPC transports — or jump straight to quickstart examples.


Features

Authentication - Single Sign On (SSO) · Username/Password · Passkeys (FIDO2 / WebAuthn) - MFA: OTP, U2F, OTP Email, OTP SMS - LDAP · Enterprise IdPs and social logins - OpenID Connect certified · SAML 2.0 · Device authorization - Machine-to-machine: JWT Profile, PAT, Client Credentials - Token exchange and impersonation - Custom sessions for flows beyond OIDC/SAML - Hosted Login V2

Multi-Tenancy - Identity brokering with pre-built IdP templates - Customizable B2B onboarding with self-service for customers - Delegated role management to third parties - Domain discovery

Integration - gRPC, connectRPC, and REST APIs for every resource - Actions: webhooks, custom code, token enrichment - RBAC · SCIM 2.0 Server - Audit log and SOC/SIEM integration - SDKs and example apps

Self-Service & Admin - Self-registration with email/phone verification - Administration Console for orgs and projects - Custom branding per organization

Deployment - PostgreSQL (≥ 14) · Zero-downtime updates · High scalability

Track upcoming features on our roadmap and follow our changelog for recent updates.


Showcase

Login V2

Our new, fully customizable login experience — documentation


Adopters & Ecosystem

Used in production by organizations worldwide. See the full Adopters list — and add yours by submitting a pull request.


How To Contribute

ZITADEL is built in the open and welcoming to contributions of all kinds.

Contributors

Made with contrib.rocks.


Security

Security policy: SECURITY.md

Vulnerability Disclosure Policy — how to responsibly report security issues.

Technical Advisories are published for major issues that could impact security or stability in production.

License

AGPL-3.0 — see LICENSING.md for the full licensing policy, including Apache 2.0 and MIT exceptions for specific directories.

Extension points exported contracts — how you extend this code

Entry (Interface)
Entry contains a value of type `V` to be cached. `I` is the type by which indices are identified, typically an enum for [11 …
backend/v3/storage/cache/cache.go
Entry (Interface)
Entry contains a value of type `V` to be cached. `I` is the type by which indices are identified, typically an enum for [11 …
internal/cache/cache.go
Command (Interface)
Command is the intent to store an event into the eventstore [32 implementers]
internal/eventstore/event.go
User (Interface)
User contains the information of a federated user. [7 implementers]
internal/idp/provider.go
Queue (Interface)
go:generate mockgen -typed -package mock -destination ./mock/queue.mock.go . Queue [5 implementers]
internal/notification/handlers/queue.go
EncryptionAlgorithm (Interface)
go:generate mockgen -typed -package crypto -destination ./crypto.mock.go . EncryptionAlgorithm [4 implementers]
internal/crypto/crypto.go
Tx (Interface)
(no doc) [7 implementers]
internal/database/database.go
OrgAdmin (Interface)
(no doc) [17 implementers]
internal/command/org.go

Core symbols most depended-on inside this repo

NewAggregate
called by 2169
internal/repository/org/aggregate.go
identifier
called by 2048
internal/query/search_query.go
NewAggregate
called by 1981
internal/repository/instance/aggregate.go
Aggregate
called by 1979
internal/eventstore/event.go
Helper
called by 1949
internal/test/filled_checker.go
ThrowInvalidArgument
called by 1630
internal/zerrors/invalid_argument.go
Errorf
called by 1553
internal/test/filled_checker.go
NewAggregate
called by 1192
internal/repository/user/aggregate.go

Shape

Method 18,373
Function 10,548
Struct 4,770
Class 986
Interface 426
TypeAlias 388
FuncType 169
Enum 48

Languages

Go88%
TypeScript12%

Modules by API surface

backend/v3/domain/mock/human_user.mock.go646 symbols
backend/v3/domain/mock/idp_intent.mock.go340 symbols
console/src/app/services/mgmt.service.ts267 symbols
backend/v3/domain/mock/login_settings.mock.go262 symbols
backend/v3/domain/mock/branding_settings.mock.go256 symbols
backend/v3/domain/mock/session.mock.go214 symbols
backend/v3/domain/mock/project.mock.go202 symbols
backend/v3/domain/mock/administrator.mock.go196 symbols
backend/v3/domain/mock/machine_user.mock.go190 symbols
backend/v3/domain/mock/secret_generator_settings.mock.go184 symbols
backend/v3/storage/database/dbmock/database.mock.go182 symbols
backend/v3/domain/mock/user.mock.go178 symbols

Dependencies from manifests, versioned

cel.dev/exprv0.24.0 · 1×
cloud.google.com/gov0.121.6 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.8 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
cloud.google.com/go/monitoringv1.24.2 · 1×
cloud.google.com/go/profilerv0.4.3 · 1×
cloud.google.com/go/storagev1.57.1 · 1×
cloud.google.com/go/tracev1.11.6 · 1×
connectrpc.com/grpcreflectv1.3.0 · 1×

Datastores touched

dbnameDatabase · 1 repos
dbDatabase · 1 repos
dsndbDatabase · 1 repos
fromdsnDatabase · 1 repos
mydbDatabase · 1 repos
postgresDatabase · 1 repos

For agents

$ claude mcp add zitadel \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact