ZITADEL Docs
Integrate & AuthenticateActionsV1

Code examples

Actions are a powerful tool to extend ZITADEL and you might wonder what use cases actions can be used for.

This page provides a non-exhaustive list of possibilities which is provided by examples. If a use case is missing feel free to contribute an issue or pull request to the repository, thanks in advance 🤗.

Customize OIDC response

Append claims returned on OIDC requests.

Triggers

Set hardcoded claim

Extend the claims by a hardcoded value.

Code example
https://github.com/zitadel/actions/blob/main/examples/add_claim.js

Set dynamic claim from user metadata

Extend the claims by dynamically read metadata from a user and sets the picture-claim if idpPicture-metadata value is present.

Code example
https://github.com/zitadel/actions/blob/main/examples/add_picture_claim_from_idp_metadata.js

Set dynamic claim from organization metadata

Extend the claims by dynamically read metadata from an organization and sets the present metadata.

Code example
https://github.com/zitadel/actions/blob/main/examples/org_metadata_claim.js

Custom role mapping in claims

Some products require specific role mapping from ZITADEL, no worries we got you covered 😉

Code example
https://github.com/zitadel/actions/blob/main/examples/custom_roles.js

Custom role mapping including org metadata in claims

There's even a possibility to use the metadata of organizations the user is granted to

Code example
https://github.com/zitadel/actions/blob/main/examples/custom_roles_org_metadata.js

Customize SAML response

Append attributes returned on SAML requests.

Triggers

Custom role mapping in attributes

Some products require specific role mapping from ZITADEL, no worries we got you covered 😉

Code example
https://github.com/zitadel/actions/blob/main/examples/set_custom_attribute.js

Set dynamic attribute from organization metadata

Extend the attributes by dynamically read metadata from an organization and sets the present metadata.

Code example
https://github.com/zitadel/actions/blob/main/examples/org_metadata_attribute.js

Manipulate user

You can automate manual tasks like setting default grants during user creation.

Set email always verified

Useful if you trust the provided information or don't want the users to verify their e-mail addresses.

Triggers

Code example
https://github.com/zitadel/actions/blob/main/examples/verify_email.js

Add grants to users

Allows you to add default user grants to a user after it was created or federated.

Triggers

Code example
https://github.com/zitadel/actions/blob/main/examples/add_user_grant.js

Add metadata to users

Adding metadata to users allows you to set default metadata on users.

Triggers

Code example
https://github.com/zitadel/actions/blob/main/examples/add_metadata.js

Use provided fields of identity providers

If you want to ensure that the data of a user are always up-to-date, you can automatically update user fields during authentication and save time of your customers and your team.

Trigger

Fields provided by Okta as OIDC IdP

If you use Okta as an identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/okta_identity_provider.js

Fields provided by Gitlab

If you use Gitlab as an identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/gitlab_identity_provider.js

Fields provided by Github

If you use Github as an identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/github_identity_provider.js

Claims provided by a generic OIDC identity provider

If you use a generic OIDC identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/set_idp_picture_metadata.js

Attributes provided by Okta as SAML IDP

If you use Okta as an identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/okta_saml_prefil_register_form.js

Attributes provided by Microsoft Entra as SAML IDP

If you use Microsoft Entra as SAML identity provider you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/entra_id_saml_prefil_register_form.js

Attributes provided by a generic SAML identity provider

If you use a SAML identity provider like mocksaml you can improve the onboarding experience of new users by prefilling some basic information during authentication.

Code example
https://github.com/zitadel/actions/blob/main/examples/post_auth_saml.js

Context aware execution

Based on the context the execution path of an action can change. ZITADEL allows complex execution paths of course. 😎

Based on auth request information

Execution paths might change based on the application initiating the authentication.

Triggers

Code example
https://github.com/zitadel/actions/blob/main/examples/execute_action_on_specific_app.js

This example uses zitadel's log module

Check authentication error

Your action can also check for errors during the login process.

Triggers

Code example
https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js

This example uses zitadel's log module

Throw an error

Allows you to limit the user interaction. The error thrown will be shown to the user if the action is not allowed to fail.

Code example
https://github.com/zitadel/actions/blob/main/examples/throw_error.js

Was this page helpful?

Modules

Previous Page

Internal Authentication Flow

Next Page

On this page

Customize OIDC responseTriggersSet hardcoded claimSet dynamic claim from user metadataSet dynamic claim from organization metadataCustom role mapping in claimsCustom role mapping including org metadata in claimsCustomize SAML responseTriggersCustom role mapping in attributesSet dynamic attribute from organization metadataManipulate userSet email always verifiedTriggersAdd grants to usersTriggersAdd metadata to usersTriggersUse provided fields of identity providersTriggerFields provided by Okta as OIDC IdPFields provided by GitlabFields provided by GithubClaims provided by a generic OIDC identity providerAttributes provided by Okta as SAML IDPAttributes provided by Microsoft Entra as SAML IDPAttributes provided by a generic SAML identity providerContext aware executionBased on auth request informationTriggersCheck authentication errorTriggersThrow an error