zitadel

zitadel

Official

Docker app from Darklesc's Repository

Overview

ZITADEL as identity experience platform provides all the features for identity management, secure authentication, and access management for your customers, employees, devices or services. Our platform makes it easy to deploy a hosted, multi-factor secured login, offer single sign-on, allow users to bring existing identities, integrate with our APIs, and keep informed with our event-based audit trail. Working with Postgres 16 and 17. Please replace --masterkey “MasterkeyNeedsToHave32Characters” in Post Arguments with a safe one. Default username: zitadel-admin@zitadel.localhost Default password: Password1! In the above username, replace localhost with your configured external domain, if any. e.g. with zitadel-admin@zitadel.sso.my.domain.tld

ZITADEL Logo ZITADEL Logo

GitHub Workflow Status (with event) GitHub contributors

The Identity Infrastructure for Developers

ZITADEL is an open-source identity and access management platform built for teams that need more than basic auth. Whether you're securing a SaaS product, building a B2B platform, or self-hosting a production IAM stack — ZITADEL gives you everything out of the box: SSO, MFA, Passkeys, OIDC, SAML, SCIM, and a battle-tested multi-tenancy model.

No vendor lock-in. No compromise on control. Just a robust, API-first identity platform you can own.


🏡 Website  |  💬 Chat  |  📋 Docs  |  🧑‍💻 Blog  |  📞 Contact


Why ZITADEL

We built ZITADEL to handle the hardest IAM challenges at scale — starting with multi-tenancy.

ZITADEL FusionAuth Keycloak Auth0/Okta
Open-source
Self-hostable
Infrastructure-level tenants ✅ Instances (High scale) ✅ Tenants 🟡 Realms (Scaling limits) ❌ (Multi-tenant = multi-account)
B2B Organizations ✅ Native & Unlimited 🟡 via Entity Management ✅ (Recent addition) 🟡 (Plan/Account dependent)
Full audit trail ✅ Comprehensive Event Stream* 🟡 Audit logs 🟡 Audit logs 🟡 Audit logs
Passkeys (FIDO2)
Actions / webhooks 🟡 via SPI
API-first (gRPC + REST) 🟡 REST only 🟡 REST only 🟡 REST only
SaaS + self-host parity ➖ N/A ➖ N/A

ZITADEL Cloud and self-hosted ZITADEL run the same codebase.

Key differentiators for architects:

  • Relational core, event-driven soul — every mutation is written as an immutable event for a complete, API-accessible audit trail. Unlike systems that log only select activities, ZITADEL provides a comprehensive event stream that can be audited or streamed to external systems via Webhooks.
  • Strict multi-tenant hierarchy — Identity System → Organizations → Projects, with isolated data and policy scoping at multiple levels
  • API-first design — every resource and action is available via connectRPC, gRPC, and HTTP/JSON APIs
  • Zero-downtime updates and horizontal scalability without external session stores

Get Started in 3 Minutes

👉 Quick Start Guide

ZITADEL Self-Hosted

# Docker Compose — up and running in under 3 minutes
curl -LO https://raw.githubusercontent.com/zitadel/zitadel/main/deploy/compose/docker-compose.yml \
  && curl -LO https://raw.githubusercontent.com/zitadel/zitadel/main/deploy/compose/.env.example \
  && cp .env.example .env \
  && docker compose up -d --wait

Full deployment guides:

Need professional support for your self-hosted deployment? Contact us.

ZITADEL Cloud (SaaS)

Start for free at zitadel.com — no credit card required. Available in US · EU · AU · CH. Pay-as-you-go pricing.


Integrate with the V2 API

ZITADEL exposes every capability over a typed API. Here's how to create a user with the V2 REST API:

curl -X POST https://$ZITADEL_DOMAIN/v2/users/human \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "alice@example.com",
    "profile": { "givenName": "Alice", "familyName": "Smith" },
    "email": { "email": "alice@example.com", "sendCode": {} }
  }'

Explore the full API reference — including connectRPC and gRPC transports — or jump straight to quickstart examples.


Features

Authentication

Multi-Tenancy

Integration

Self-Service & Admin

Deployment

Track upcoming features on our roadmap and follow our changelog for recent updates.


Showcase

Login V2

Our new, fully customizable login experience — documentation


Adopters & Ecosystem

Used in production by organizations worldwide. See the full Adopters list — and add yours by submitting a pull request.


How To Contribute

ZITADEL is built in the open and welcoming to contributions of all kinds.

Contributors

Made with contrib.rocks.


Security

Security policy: SECURITY.md

Vulnerability Disclosure Policy — how to responsibly report security issues.

Technical Advisories are published for major issues that could impact security or stability in production.

License

AGPL-3.0 — see LICENSING.md for the full licensing policy, including Apache 2.0 and MIT exceptions for specific directories.

Install Zitadel on Unraid in a few clicks.

Find Zitadel in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for Zitadel Review the template variables and paths Click Install

Categories

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/zitadel/zitadel:latest
Last Updated2026-07-15
First Seen2024-11-03

Runtime arguments

Web UI
http://[IP]:[PORT:8080]/
Network
bridge
Shell
sh
Privileged
false
Extra Params
--restart unless-stopped

Template configuration

DATABASE POSTGRES HOSTVariable
Target
ZITADEL_DATABASE_POSTGRES_HOST
Default
db
DATABASE POSTGRES PORTVariable
Target
ZITADEL_DATABASE_POSTGRES_PORT
Default
5432
DATABASE POSTGRESVariable
Target
ZITADEL_DATABASE_POSTGRES_DATABASE
Default
zitadel
Value
zitadel
DATABASE POSTGRES USER USERNAMEVariable
Target
ZITADEL_DATABASE_POSTGRES_USER_USERNAME
Default
zitadel
Value
zitadel
DATABASE POSTGRES USER PASSWORDVariable
Target
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
Default
zitadel
Value
zitadel
DATABASE POSTGRES USER SSL MODEVariable
Target
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
Default
disable
Value
disable
DATABASE POSTGRES ADMIN USERNAMEVariable
Target
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME
Default
postgres
DATABASE POSTGRES ADMIN PASSWORDVariable
Target
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD
Default
postgres
DATABASE POSTGRES ADMIN SSL MODEVariable
Target
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE
Default
disable
Value
disable
EXTERNAL SECUREVariable
Target
ZITADEL_EXTERNALSECURE
Default
false
Value
false
EXTERNAL DOMAINVariable
Target
ZITADEL_EXTERNALDOMAIN
Default
localhost
WEB UIPorttcp
Target
8080
Default
8080