# ZITADEL SSO

Use this guide when your organization signs in with ZITADEL. Lettermint connects to a ZITADEL OIDC application.

{/* Screenshot placeholder: /docs/images/sso/providers/zitadel-oidc-application.png */}

## Before you start

You need access to the ZITADEL project that should contain the Lettermint application. Create an OIDC application and register the Lettermint OIDC callback URL from the SSO guide as a redirect URI.

## ZITADEL setup

1. Open your ZITADEL instance.
2. Create or select a project for Lettermint.
3. Add an OIDC application.
4. Configure it as a web application with a client secret.
5. Add the Lettermint OIDC callback URL from the SSO guide as an allowed redirect URI.
6. Copy the client ID and client secret.

## Lettermint setup

In the Lettermint SSO setup screen, choose **ZITADEL** and enter:

| Field | Value |
|-------|-------|
| Domain | Your managed email domain, for example `example.com`. |
| Metadata URL | `https://{instance}/.well-known/openid-configuration` |
| Client ID | The ZITADEL client ID. |
| Client secret | The ZITADEL client secret. |

Use the full public hostname for `{instance}`.

## References

- [ZITADEL: Generic OIDC identity provider](https://zitadel.com/docs/guides/integrate/identity-providers/generic-oidc)
- [ZITADEL: OpenID Connect in custom login UI](https://zitadel.com/docs/guides/integrate/login-ui/oidc-standard)