Zitadel

Recently, I decided to enhance the security and user experience of my Grafana instance by implementing Single Sign-On (SSO) with Zitadel as the identity provider. I have written an article a year ago for something similar with Zitadel and Tailscale. In this blog post, I’ll share my experience following the process outlined in this helpful article, along with some additional insights and tips I discovered along the way.

What is Zitadel? (to those wonder)

Zitadel is an open-source identity management platform that provides authentication, authorization, and user management functionality. It supports various authentication protocols including OAuth 2.0 and OpenID Connect (OIDC), making it an excellent choice for implementing SSO across multiple applications.

I think Tailscale is a great product. Despite this, I’ve been hesitant to use it for everything due to not being able to use it without using Big Tech as an identity provider. The options have historically been to use either Microsoft, GitHub (basically Microsoft), Google or Apple. None of these companies align with my personal values. One workaround is to use Headscale which is a self-hosted implementation of the Tailscale control server which removes the need to use an identity provider altogether.