zitadel

Secrets & Credentials

An open‑source, self‑hostable identity and access management platform that provides SSO, MFA, passkeys, OIDC, SAML, SCIM, multi‑tenancy and a full audit trail.

Track releases GitHub Website

Go Latest v3.4.10 · 1mo ago Security brief →

Features

Full identity stack (SSO, MFA, Passkeys, OIDC, SAML, SCIM)
Built‑in multi‑tenancy with hierarchical organization model
Comprehensive event‑driven audit trail and webhook support

Recent releases

View all 21 releases →

v3.4.10 Bug fix 1mo

Fixed LDAP username filter escaping.

Full changelog

3.4.10 (2026-05-04)

Bug Fixes

ldap: escape username filter (59fa301)

View release on GitHub

v4.15.0 Bug fix 1mo

Notable features

Improved client details dialog UX in console

Full changelog

4.15.0 (2026-05-04)

Bug Fixes

console: delete role assignment in admin profile #10376 (#11867) (c1e62e1)
console: display actions v1 with correct permissions #12001 (#12068) (1358d08)
ldap: escape username filter (a56d4bf)
login: lru-cache compatibility, improve session error handling (#12099) (760cd7e)
login: resolve localized legal links in signup (#11913) (73f8e28), closes #11907

Features

console: improve client details dialog ux #11834 (#11836) (c32b880)

Performance Improvements

optimize docs static generation cost (#12108) (aac5305)

View release on GitHub

v4.14.0 New feature 1mo

Security fixes

OIDC opaque token encryption
Invalid JWT assertion error handling

Notable features

x.509 certificate system-api-user tokens
ECDSA and ED25519 public keys
PKCS#1 key support

Full changelog

4.14.0 (2026-04-24)

Bug Fixes

console: always show settings page to admin (#11779) (2f81454), closes #10912
console: disallow smtp double create #8964 (#11868) (aeddf0e)
console: Fix onboarding link for user login guide (#11958) (677450e)
console: jwt provider callback urls #11589 (#11966) (bfbf943)
console: normalize empty OIDC redirect uri updates #12053 (#12067) (c16667b)
console: pass data to user delete dialog (#11595) (4706a80)
console: update protoc-gen-js (#12046) (a1cd331)
grpc: increase MaxSendMsgSize (#12066) (31ac2a4)
grpc: return 401 for unauthenticated v1 gateway errors (#11786) (5b4e6ec), closes #11730
invalid jwt assertion error handling (#11933) (1c04220), closes /github.com/zitadel/oidc/blob/main/pkg/oidc/verifier.go#L195
login: add OIDC/SAML requestId to resend invite / resend email code (#11927) (501091c)
login: ClassifiedConnectError breaking ConnectError instanceof checks (#12022) (72bbfd4), closes #11903 #11926
login: improve error classification (#11926) (6b9062f), closes #11923
login: invite flow instead of email verification for users with no primary method, improve sending behaviour (#11837) (fa1d9e8), closes #10929
login: load SSL_CERT_DIR certificates without requiring hashed filenames (#12029) (95f61c7)
login: preserve OIDC request context during email verification (#11990) (b61ad1e)
login: prevent duplicate email-code verification issue (#11893) (c1919db), closes #11857
login: replace custom SWR cache with lru-cache (#11945) (c3b0982)
login: respect branding themeMode for theme toggle, fix CSP (#11903) (643088f), closes #11721
oidc: use authenticated encryption for opaque tokens (#12017) (4ad07d2), closes #11315
propagate non-NotFound errors from instance interceptor (#12019) (52f9d7e)

Features

add option to use x.509 certificate system-api-user tokens (#11876) (9a00c49), closes #11442
allow ECDSA and ED25519 public keys (#11819) (bce7c48), closes #8433 #8433
console: improve org search performance in create project grant page #11121 (#12057) (7e20724)
login: add Portuguese (pt) translations for Login V2 (#11897) (88ba29c), closes #11782 #11782
login: add ZITADEL_API_AWAITINITIALCONN support (#12032) (ad6b5b1)
login: simplify login client auth and support PKCS#1 keys (#11888) (810b344)
support standard OTEL env vars via autoexport (#11864) (3f1a29f)

View release on GitHub

v4.13.1 Bug fix 2mo

Fixed admin initialization emails not being sent, enabled recovery codes to be active on creation, and reverted feature key naming for backward compatibility.

View release on GitHub

v4.13.0 New feature 2mo

Security fixes