From the course: Complete Guide to Open Source Security
Setting up the ZITADEL directory
From the course: Complete Guide to Open Source Security
Setting up the ZITADEL directory
- [Instructor] A Zitadel instance is designed to manage users and is based on a hierarchy of organization and project. An organization represents a business within which there are one or more projects. We can see here that we're running the default Zitadel organization. We could rename this if we wanted to. Typically, a Zitadel deployment would have one organization, but in B2B scenarios with federated identity, there could be multiple. A project is a logical separation within an organization and is a container for apps roles and authorization policies for the resources it contains. When we check projects, we find that we do have a project already. It's the Zitadel Project, which acts as a default project for everyone. If we select it, we can see there's already the management API, admin API, authentication API and console, active as Authorizations. Let's create our own project and we'll call it AI Proxy and continue and save. We'll now go to roles and we'll add a new role, which we'll call Dev with a display name of developer. And we're not going to be using groups, but we'll call this group one and save. Users are created at the organizational level and are granted access to the resources within one or more projects. They can be assigned different roles which define the permissions and privileges they have within the project. Let's add a user to the Zitadel directory. We'll select users and new, and we get a user profile form to complete. So let's do that. So email, we'll put in penny@example.com. For the username we'll have pdfender and given name, Penny, family name, Fender and as we won't bother with a nickname. And as this is a familiarization exercise, we'll check both email verified and set Initial password. We'll enter the password. I'm using Stingray7 and that meets the requirements. We'll select the gender as female and the language as English. And we won't bother with a phone number. We'll just create the user. And when we select users, we can see that Penny is registered and active. So if we click on Penny and check that profile again and select authorizations, we can see Penny has an empty list of authorizations. So let's click new and we'll add the AI proxy and we'll add the dev roll and save. And we can see Penny now has the AI proxy project authorization as a developer. We can also add service accounts to our directory for machine to machine processes. We can do this by selecting users, service users and new. And we'll call the account service one and we'll take the default bearer and create. We've now created our service account. Okay, going back into service again, we'll click on actions and generate a Client Secret and we'll copy that and we'll save it and close. So we've now got a directory service with which we can manage both human users and service accounts.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.