Skip to content

Zitadel : How to setup and configure the PIX ‐ Identity Management

Jump to bottom
Jonas Berx edited this page Jul 10, 2023 · 1 revision

I. Note

Refer to the documentation on https://zitadel.com/docs in case something is unclear.

II. Create a new Zitadel instance

In case you wish to create the zitadel instance from scratch, here's how to do it:

  1. Create a docker compose according to the documentation: https://zitadel.com/docs/self-hosting/deploy/compose
  2. Configure the Zitadel instance on creation with the following config files: https://zitadel.com/docs/self-hosting/manage/configure

When you preconfigure the Zitadel instance, you will still have to configure the Projects/Application in Zitadel itself. You can only preconfigure the Organization setup. (Zitadel does support Terraform, I have not meddled with that, but feel free to try :) )

III. Configure the Zitadel initial instance.

Depending on how you set up the instance, the root login and password are in your config files or you can find them somewhere on the links posted in II. Log into the instance and go to Projects tab. (You may be asked to change your password on first login.)

Click "create a new project" and name it.

  1. Once created, create a new Application in the project. Depending on the type of project you want, the choice can differ. We choose: "Web application".
  2. Choose your preferred authentication system, we use the recommended PKCE.
  3. Configure the callback and redirect url, this is optional and can be configured later.
  4. Copy the generated client-ID (project_id@name_of_application)

IV. Configure the newly created Application.

In Token settings, don't forget to enable the checkbox: "User Info inside ID Token". This allows us to extract the user information from Zitadel for use in our own application.

Remember when working in a dev environment or you dont need HTTPS yet, enable the "Development mode" selector in the "Redirect Settings".

The URL's tab contains all of the important url's as well as the Discovery Endpoint configuration.

V. Configuring a Service User for API manipulation.

Not everyone will be able to set up an email server. This prevents you from creating new users from the register screen. Luckily we can use the API to circumvent this restriction.

  1. In the Users tab, select Service Users and create a new user.
  2. Enter the details for the new user and select Bearer token.
  3. Store the token somewhere safe as it will not be accesible anymore after closing the creation screen.
  4. Add the newly created service user to the Project Admin group with the required roles for the manipulations you wish to do. (User mangement, ...) We can now append this token to API requests like https://zitadel.com/docs/apis/resources/mgmt/management-service-add-human-user (SOON TO BE DEPRECATED)

VI. Done!

You should now have successfully configured the Zitadel instance to get started. More information can always be found in the Documentation, as well as their discord server, where devs will actively help you out if you run into trouble. (Github also still exists but is slower in response time)

Clone this wiki locally