Zitadel, Single Sign On, and OAuth. It's Impressive!
Zitadel is the ‘new kid on the block’ when it comes to Identity and Access Management. They have bold ambitions and so far I’m really impressed by its extensive support and features, many of which improve existing solutions such as Keycloak.
In this video I show how to deploy and configure Zitadel in Docker, with an example of integrating Portainer Single Sign On with it.
Zitadel Docker Files:
https://github.com/JamesTurland/JimsGarage/tree/main/Zitadel
Zitadel Docs:
https://zitadel.com/docs
Recommended Hardware: https://github.com/JamesTurland/JimsGarage/blob/main/Homelab-Buyer’s-Guide/Q3-2023.md
Discord: https://discord.gg/qW5vEBekz5
Twitter: https://twitter.com/jimsgarage_
Reddit: https://www.reddit.com/user/Jims-Garage
GitHub: https://github.com/JamesTurland/JimsGarage
00:00 – Introduction to Zitadel
01:04 – Zitadel Overview
03:34 – Docker Compose Config Overview
11:00 – Deploying With Docker
12:53 – Zitadel GUI & Portainer Setup
20:20 – Overview of Other Features
by Jim’s Garage
linux smtp server
Nice video on not only the installation but also the setup, some concepts, and actual demo. It would be really great if you could create another video to explain in more details the setup and the use cases of roles/grants on a per app-basis as you mentioned.
Hi Jim, another cool security approach is the open source application freeipa – a central user management for Linux with extended possibilities for the restrictive use of sudo commands and system services such as RDP, SSH etc.
hello jim , thanks for the great videos keep it up, please i have a question related to reverse proxy "treafik" how can i use it without a domain name <serverIP/myapp1> <serverip/myapp2> in local environment
Hi Jim
Thank you very much for this great video 👍
It’s interesting to see how zitadel is used and how we can further improve
Is this better than Authentik?
ty for the share Jim.
However i'm confused how exactly do you get this to work with traefik. I saw that you covered how to do it for portainer. But what about other docker containers? How do you go about getting those containers to use zitadel for authentication using traefik (auth forward is the term i believe) ?
Do i have to add traefik labels? any examples :} ??
*update
i noticed that DudeItsDallyBoy has a similar question as me
Really slick looking project! I'll be giving this a shot in my homelab. Have you found a way to integrate the authentication with Proxmox? If it's in the documentation, I'm still watching this vid, so haven't delved into the docs for Zitadel yet, but will.
Another great video Jim, keep ‘em coming. I will definitely be playing with this in the HL, curious to compare it to keycloak and authentik.
Hey Jim awesome video as always. Question. Can I use zitadel for apps that don't offer OAUTH / OIDC natively. I was holding off on doing Authentik until you this video was out as it seems to be newer and more feature rich. Do you know if Zitadel offers a proxy? I could find anything in the documentation regarding it? Ideally i would want to use treafik middleware to secure apps that don't support OAUTH or OIDC by forcing sign in via a proxy page before allowing access to my apps. Similar to how Authelia works.
Hey Jim, thank you for your time in making these videos. Just wanted to say your videos are becoming more and more irrelevant to me as a simple homelabber. I know you have been working hard on Kubernetes series which was good for learning but most of the apps that I have seen recently are very irrelevant or overkill for a simple homelab. I know you have a range of audience you cater too and maybe your focus is complex enterprise level homelab but for simple users like me I would hope to see more awesome apps that are helpful and relevant to my day to day life. Please don't take it as a negative review. I really enjoy the way you introduce an app and make it simple to understand, which I have not even seen with many seasoned youtubers. Cheers.
Very nice! Another fenomenal option for authentication.
Can I make a request? Since you mentioned on this video, about the plain passwords on the compose files. It is a flaw we all do have. It would be really nice to explore solutions like Hashicopr's Vault for instance and create some content around it.
Thanks!
Just got comfortable with Authentik. Although there are things still can’t make work, BUT should I switch over to Zitadel? Or there are not much more upsides to it in a homelab environment..
Jim, your videos are top notch. Keep them coming. Looking forward to advanced zitadel videos from you with more explaining on different type of integrations ❤
Thanks for the video. Really cool! I think Zitadel is more "homelabby" wheres keycloak is more "enterprisy". Keycloak has too much Red Hat fluff added which I personally don't like as much in homelabs.
I'm a bit confused though. You said you were using docker volume mounts, when in your docker compose file, only 1 volume mount (in service zitadel) is a docker volume mount, and the other 3 are bind mounts. So it's a mix of both. I guess your explanation was focused on "as their recommendation", which makes total sense. That bit before still might be confusing for beginners
Hi Jim, thank you as always for this guide! Awesome!
I was wondering if you know and maybe in the future you will be able to make a nice complete guide for MailCow which is a fantastic personal mail server!
There are few guides out there and they all show that you must have the server running on an external provider that gives you the possibility of using reverse proxy. However, I saw that there is the possibility of using Google as SMTP, but for me it's all a bit complicated.
I installed MailCow locally on Docker and it works well except that I can't implement the rest as an external SMTP server part.
It would be great if you could make a nice comprehensive guide!
Great Demo. Thanks
I know what I'll be doing this weekend 😀