Skip to content
Documentation
  • There are no suggestions because the search field is empty.

Enterprise Onboarding Term: What to Expect

Learn how Zitadel partners with Enterprise customers during their first months to ensure a secure, highly available, and seamless integration.

When adopting a modern Identity and Access Management (IAM) platform like ZITADEL, a successful initial setup is critical to the long-term security, scalability, and performance of your applications.

To help our customers navigate this transition, we offer a dedicated Onboarding Term. During this period, we provide intensive knowledge transfer, architecture reviews, and direct collaboration with our engineering team to ensure your ZITADEL implementation is set up for success from day one.

Who is eligible for the Onboarding Term?

Onboarding help and the dedicated Onboarding Term are exclusively available for ZITADEL Enterprise contracts (both for ZITADEL Cloud Enterprise and ZITADEL Self-Hosted Enterprise subscriptions).

Open-Source Users: If you exclusively use our open-source version, please visit our public Discord Community or participate in our GitHub Discussions for setup advice.

Pro/SaaS Users: Standard cloud support channels are available to assist with day-to-day platform questions.

Duration and Collaboration Model

 The onboarding term is typically one to two months, although this may be adjusted based on the specific complexity and requirements of your agreement.
 
During this term, you will have direct access to our core engineering team through Technical Account Management (TAM). Communication takes place over your designated enterprise support channels (ticket system, email, Slack, virtual meetings).
 
Topics & Scope of the Onboarding Term

 

The exact scope of your onboarding is tailored to your unique architecture. Our primary goal is to help your team build a deep understanding of how to configure, operate, integrate, and secure ZITADEL.

1. Administration & Configuration

  • Walkthrough of Features: Setting up your ZITADEL Instance, Organizations, Projects, and Applications.
  • Instance Settings: Fine-tuning policies (password complexity, lockout policies, multi-factor authentication requirements).
  • API Configuration: Proper usage of ZITADEL’s V2 Authentication and Management APIs.

2. Architecture & Integration

  • Architecture Review: Validating your planned integration design against ZITADEL best practices.
  • Client Integration Best Practices: Guiding your developers on using our SDKs, OIDC, SAML, or custom session APIs.
  • Token Validation: Best practices for validating JWTs and accessing user info within your APIs.

3. Migration Support

  • User Importing: Guidance on how to migrate your existing user base, metadata, and password hashes into ZITADEL without downtime.
  • Schema Mapping: Helping map your legacy user roles and structures to ZITADEL’s organization and project roles.

4. DevOps & Operations (Primarily for Self-Hosted Enterprise)

  • Installation Troubleshooting: Assistance with the initial deployment, configuration, and database connectivity (PostgreSQL).
  • Observability Setup: Explaining how to configure logging, error tracking, tracing, and metrics (Prometheus/OpenTelemetry) for your instance.
  • Backup & Operations Best Practices: Ensuring your operational runbooks are designed for high-availability.

5. Security Best Practices & Go-Live Checkup

  • Security Scans & Policies: Double-checking your security profiles, domain discovery configurations, and administrator access control.
  • Go-Live Audit: Conducting a pre-launch checkup to verify the health and security of your integration before actual users log in.

What is Out of Scope?

To maintain the efficiency of our engineering team, certain operational and application-side tasks are strictly out of scope for ZITADEL engineers. Your team is responsible for:

In-Scope (We advise & troubleshoot) Out-of-Scope (You build & manage)

Troubleshooting database connectivity

Setting up, managing, scaling, or maintaining your database storage/clusters.

Suggesting integration best practices

Writing, debugging, or maintaining your application's proprietary codebase.

Validating deployment prerequisites

End-to-end configuration of your network, firewalls, DNS, or custom Kubernetes setup.

Reviewing observability endpoints

Integrating and setting up your company’s internal monitoring/alerting software.

Guidance on ZITADEL scaling parameters

Comprehensive performance testing (load testing) of your local infrastructure.

Transition to Standard Support

Once your Onboarding Term is complete and your application is successfully live, your engagement will transition to our Standard Enterprise Support team.

Your Technical Account Manager (TAM) will hand off your architecture documentation and history to our support engineers. You will continue to benefit from the 24/7 priority support SLOs and ongoing support from your TAM.