diff --git a/docs/self-hosting/advanced/authentication.mdx b/docs/self-hosting/advanced/authentication.mdx
index 203007efd65cb..7269323533e3f 100644
--- a/docs/self-hosting/advanced/authentication.mdx
+++ b/docs/self-hosting/advanced/authentication.mdx
@@ -7,7 +7,8 @@ Currently supported identity verification services include:
- [Auth0](/en/self-hosting/advanced/sso-providers/auth0)
- [Microsoft Entra ID](/en/self-hosting/advanced/sso-providers/microsoft-entra-id)
- [Authentik](/en/self-hosting/advanced/sso-providers/authentik)
-- [Github](/en/self-hosting/advanced/sso-providers/github
+- [Github](/en/self-hosting/advanced/sso-providers/github)
+- [ZITADEL](/en/self-hosting/advanced/sso-providers/zitadel)
Click on the links to view the corresponding platform's configuration documentation.
@@ -23,6 +24,7 @@ The order corresponds to the display order of the SSO providers.
| Microsoft Entra ID | `azure-ad` |
| Authentik | `authentik` |
| Github | `github` |
+| ZITADEL | `zitadel` |
## Other SSO Providers
diff --git a/docs/self-hosting/advanced/authentication.zh-CN.mdx b/docs/self-hosting/advanced/authentication.zh-CN.mdx
index 3a141131e9568..435aea242b739 100644
--- a/docs/self-hosting/advanced/authentication.zh-CN.mdx
+++ b/docs/self-hosting/advanced/authentication.zh-CN.mdx
@@ -8,6 +8,7 @@ LobeChat 支持配置外部身份验证服务,供企业 / 组织内部使用
- [Microsoft Entra ID](/zh/self-hosting/advanced/sso-providers/microsoft-entra-id)
- [Authentik](/zh/self-hosting/advanced/sso-providers/authentik)
- [Github](/zh/self-hosting/advanced/sso-providers/github)
+- [ZITADEL](/zh/self-hosting/advanced/sso-providers/zitadel)
点击链接可以查看对应平台的配置文档。
@@ -23,6 +24,7 @@ LobeChat 支持配置外部身份验证服务,供企业 / 组织内部使用
| Microsoft Entra ID | `azure-ad` |
| Authentik | `authentik` |
| Github | `github` |
+| ZITADEL | `zitadel` |
## 其他 SSO 提供商
diff --git a/docs/self-hosting/advanced/sso-providers/zitadel.mdx b/docs/self-hosting/advanced/sso-providers/zitadel.mdx
new file mode 100644
index 0000000000000..192bfedb41a50
--- /dev/null
+++ b/docs/self-hosting/advanced/sso-providers/zitadel.mdx
@@ -0,0 +1,65 @@
+# Configure ZITADEL Authentication Service
+
+
+ ### Create ZITADEL Application
+
+ Log in to the console of your ZITADEL instance using an account with at least a [`Project Owner` role](https://zitadel.com/docs/guides/manage/console/managers#roles), navigate to (or [create](https://zitadel.com/docs/guides/manage/console/projects#create-a-project)) the project you'd like to host your application in, and click the **New** button to create an application.
+
+
+
+ Fill in the name, choose **Web** as the application type, and click **Continue**.
+
+
+
+ Choose **Code** as the authentication method.
+
+
+
+ In the **Redirect URIs** field, fill in:
+
+ ```
+ http(s)://your-domain/api/auth/callback/zitadel
+ ```
+
+
+
+
+ - You can fill in or modify redirect URIs after creating the application, but make sure the filled URL is consistent with the deployed URL.
+ - Replace `http(s)://your-domain` with the actual URL that LobeChat is deployed to.
+
+
+ Confirm the configuration and click **Create**.
+
+
+
+ Save the **ClientId** and **ClientSecret** for later use.
+
+
+
+ In the application settings page, navigate to the **URLs** tab, and save the **issuer** URL.
+
+
+
+ ### Configure Environment Variables
+
+ When deploying LobeChat, you need to configure the following environment variables:
+
+ | Environment Variable | Type | Description |
+ | ----------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+ | `ENABLE_OAUTH_SSO` | Required | Enable single sign-on (SSO) for LobeChat. Set to `1` to enable single sign-on. |
+ | `NEXTAUTH_SECRET` | Required | Key used to encrypt Auth.js session tokens. You can generate a key using the following command: `openssl rand -base64 32` |
+ | `SSO_PROVIDERS` | Optional | Select the single sign-on provider for LoboChat. Use `zitadel` for ZITADEL. |
+ | `ZITADEL_CLIENT_ID` | Required | Client ID (`ClientId` as shown in ZITADEL) of the ZITADEL application |
+ | `ZITADEL_CLIENT_SECRET` | Required | Client Secret (`ClientSecret` as shown in ZITADEL) of the ZITADEL application |
+ | `ZITADEL_ISSUER` | Required | Issuer URL of the ZITADEL application |
+ | `ACCESS_CODE` | Required | Add a password to access this service. You can set a sufficiently long random password to "disable" access code authorization. |
+ | `NEXTAUTH_URL` | Optional | The URL is used to specify the callback address for the execution of OAuth authentication in Auth.js. It needs to be set only when the default address is incorrect. `https://example.com/api/auth` |
+
+
+ You can refer to the related variable details at [📘Environment Variables](/en/self-hosting/environment-variables/auth#zitadel).
+
+
+
+
+ After successful deployment, users will be able to authenticate and use LobeChat using existing users configured in ZITADEL.
+
diff --git a/docs/self-hosting/advanced/sso-providers/zitadel.zh-CN.mdx b/docs/self-hosting/advanced/sso-providers/zitadel.zh-CN.mdx
new file mode 100644
index 0000000000000..c05f01198e58c
--- /dev/null
+++ b/docs/self-hosting/advanced/sso-providers/zitadel.zh-CN.mdx
@@ -0,0 +1,65 @@
+# 配置 ZITADEL 身份验证服务
+
+
+ ### 创建 ZITADEL 应用
+
+ 使用具有 [`Project Owner` 角色](https://zitadel.com/docs/guides/manage/console/managers#roles)的账户登录到 ZITADEL 实例控制台,进入(或[创建](https://zitadel.com/docs/guides/manage/console/projects#create-a-project))该应用所属的项目,点击「创建」按钮创建应用。
+
+
+
+ 填写应用名称,应用类型选择「Web」,点击「继续」。
+
+
+
+ 选择「Code」作为身份验证方式。
+
+
+
+ 在「重定向 URLs」字段中填写:
+
+ ```
+ http(s)://your-domain/api/auth/callback/zitadel
+ ```
+
+
+
+
+ - 可以创建应用后再填写或修改重定向 URL,但请确保填写的 URL 与部署的 URL 一致。
+ - 请将 `http(s)://your-domain` 替换为 LobeChat 部署的实际 URL。
+
+
+ 确认配置并点击「创建」。
+
+
+
+ 记录下「ClientId」和「ClientSecret」备用。
+
+
+
+ 在应用设置页面中,切换到「URLs」选项卡,记录下「issuer」URL。
+
+
+
+ ### 配置环境变量
+
+ 部署 LobeChat 时,您需要配置以下环境变量:
+
+ | 环境变量 | 类型 | 描述 |
+ | ----------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+ | `ENABLE_OAUTH_SSO` | 必选 | 为 LobeChat 启用单点登录(SSO)。设置为 `1` 以启用单点登录。 |
+ | `NEXTAUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成密钥:`openssl rand -base64 32` |
+ | `SSO_PROVIDERS` | 可选 | 为 LobeChat 选择单点登录提供程序。对于 ZITADEL,请填写 `zitadel`。 |
+ | `ZITADEL_CLIENT_ID` | 必选 | ZITADEL 应用的 Client ID(`ClientId`)。 |
+ | `ZITADEL_CLIENT_SECRET` | 必选 | ZITADEL 应用的 Client Secret(`ClientSecret`)。 |
+ | `ZITADEL_ISSUER` | 必选 | ZITADEL 应用的 OpenID Connect 颁发者(issuer)URL。 |
+ | `ACCESS_CODE` | 必选 | 添加访问此服务的代码。您可以设置一个足够长的随机密码以「禁用」访问码授权。 |
+ | `NEXTAUTH_URL` | 可选 | 该 URL 用于指定 Auth.js 中执行 OAuth 认证的回调地址。仅当默认地址不正确时才需要设置。`https://example.com/api/auth` |
+
+
+ 您可以在 [📘 环境变量](/zh/self-hosting/environment-variables/auth#zitadel) 中查看相关变量的详细信息。
+
+
+
+
+ 部署成功后,用户将能够通过 ZITADEL 中配置的用户进行身份验证并使用 LobeChat。
+
diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx
index 7eadef328626a..f2cb8b429baad 100644
--- a/docs/self-hosting/environment-variables/auth.mdx
+++ b/docs/self-hosting/environment-variables/auth.mdx
@@ -117,6 +117,29 @@ LobeChat provides a complete authentication service capability when deployed. Th
- Default: `-`
- Example: `dd262976ac0931d947e104891586a053f3d3750b`
+## ZITADEL
+
+### `ZITADEL_CLIENT_ID`
+
+- Type: Required
+- Description: Client ID of the ZITADEL application. This can be found under your application in the ZITADEL console.
+- Default: `-`
+- Example: `123456789012345678@your-project`
+
+### `ZITADEL_CLIENT_SECRET`
+
+- Type: Required
+- Description: Client Secret of the ZITADEL application.
+- Default: `-`
+- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
+
+### `ZITADEL_ISSUER`
+
+- Type: Required
+- Description: Issuer of the ZITADEL application. This is usually the URL of the ZITADEL instance, and can be found in `URLs` tab of your application in the console.
+- Default: `-`
+- Example: `https://your-instance-abc123.zitadel.cloud`
+
Currently, we only support providers above. If you need to use other identity verification service
providers, you can submit a [feature
diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx
index de2432424cb6f..ae2a3e693bb18 100644
--- a/docs/self-hosting/environment-variables/auth.zh-CN.mdx
+++ b/docs/self-hosting/environment-variables/auth.zh-CN.mdx
@@ -118,6 +118,29 @@ LobeChat 在部署时提供了完善的身份验证服务能力,以下是相
- Default: `-`
- Example: `dd262976ac0931d947e104891586a053f3d3750b`
+## ZITADEL
+
+### `ZITADEL_CLIENT_ID`
+
+- 类型:必选
+- 描述:ZITADEL 应用的 Client ID。您可以在 ZITADEL 控制台应用设置中找到 Client ID。
+- 默认值:`-`
+- 示例:`123456789012345678@your-project`
+
+### `ZITADEL_CLIENT_SECRET`
+
+- 类型:必选
+- 描述:ZITADEL 应用的 Client Secret。
+- 默认值:`-`
+- 示例:`9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
+
+### `ZITADEL_ISSUER`
+
+- 类型:必选
+- 描述:ZITADEL 应用的 OpenID Connect 颁发者(issuer),通常为 ZITADEL 实例的 URL。您可以在 ZITADEL 控制台应用设置中的 `URLs` 选项卡中找到 issuer。
+- 默认值:`-`
+- 示例:`https://your-instance-abc123.zitadel.cloud`
+
如果您需要使用其他身份验证服务提供商,可以提交
[功能请求](https://github.com/lobehub/lobe-chat/issues/new/choose) 或 Pull Request。