Technical Advisory 10000

Date and Version

Version: 2.32.0

Date: Calendar Week 32

Description

Currently, by default, users are directed to the "Select Account Page" on the ZITADEL login. However, this can be modified by including a prompt or a login hint in the authentication request.

As a result of this default behavior, users who already have an active session in one application and wish to log in to a second one will need to select their user account, even if no other session is active.

To address this, we are going to change this behavior so that users will be automatically authenticated when logging into a second application, as long as they only have one active session.

Statement

This behaviour change was tracked in the following issue: Reuse current session if no prompt is selected and released in version v2.32.0

Mitigation

If you want to prompt users to always select their account on purpose, please make sure to include the select_account prompt in your authentication request.

Impact

Once this update has been released and deployed, your users will be automatically authenticated No action will be required on your part if this is the intended behavior.

Date and Version​

Description​

Statement​

Mitigation​

Impact​

Date and Version

Description

Statement

Mitigation

Impact