BREAKING   ZITADEL raises $9M Series A to advance cloud-native identity infrastructure OPEN SOURCE   10,000+ GitHub stars · 250+ contributors · 1.2M+ downloads SCALE   160+ customers across North America & Europe STACK   OAuth2 · OIDC · SAML · SCIM · Passkeys · native multi-tenancy FOUNDED   St. Gallen, Switzerland · 2019 · remote-first
ZITADEL logo
ZITADEL — the citadel mark. Photographed straight-on, no drama: an identity company that would rather be plumbing than a landmark.
Company Profile · Identity Infrastructure

ZITADEL.

The open-source identity layer that wants to be as boring, and as reliable, as your database.

Open Source · AGPL-3.0 Developer Tools SaaS Series A Switzerland · Remote
$11.5M
Total Raised
10k+
GitHub Stars
160+
Customers
1.2M+
Downloads
The Story

A Fortress You're Allowed To Read The Blueprints Of

Here is a slightly unfashionable idea about software: the exciting parts of your product are usually not the parts that make or break it. The login screen is a good example. Nobody signs up for your app because the authentication is delightful. But plenty of people leave, or never arrive, because it broke, leaked, or couldn't handle the fact that their company has forty users in three regions who all need different permissions. Identity is infrastructure. And ZITADEL - a Swiss, remote-first, open-source company whose name is German for "citadel" - is built entirely on that observation.

ZITADEL is an identity and access management platform. That is a category with a lot of incumbents and a lot of acronyms, so it's worth being concrete. When a developer plugs ZITADEL into an application, they get the machinery for signing users in and deciding what those users are allowed to do: single sign-on, multi-factor authentication, passkeys, OAuth2, OpenID Connect, SAML, SCIM provisioning, and - the part the company keeps circling back to - native multi-tenancy. You can run the whole thing yourself on your own servers, because it's open source, or you can pay ZITADEL to run it for you in the cloud. Those are the two doors, and the company is comfortable with you walking through either one.

The origin story is the kind that sounds like marketing but is actually just an engineering complaint. Three founders in Switzerland - Florian Forster, Fabienne Bühler, and Maximilian Panne - had spent enough time around enterprise identity systems to reach a conclusion: the tools meant to secure software had quietly become an obstacle to building it. Identity had turned into a barrier rather than an enabler. In 2019 they incorporated a company (originally called CAOS Ltd.) to build the version they wished existed, and released it as open source.

The decision to be open source is not incidental, and it's not charity either. It's a wedge. The dominant commercial player in this space is Auth0, now owned by Okta, and the standard complaint about that model is the bill: pricing that scales with active users has a way of turning a line item into a negotiation. ZITADEL's pitch is that vendor lock-in is a design choice, and they made the opposite one. You can download the source, run it, fork it, and read exactly what it does with your users' credentials. That is a genuinely different value proposition, and it's the reason a small remote team accumulated more than 10,000 stars on GitHub and 250-odd contributors without a large marketing budget.

The multi-tenancy bet

If you want to understand what makes ZITADEL specifically useful rather than just philosophically appealing, look at multi-tenancy. Most authentication tools treat "your product has customers, and those customers have their own users" as an advanced feature you bolt on later. ZITADEL treated it as the foundation. That single decision cascades: organizations, projects, roles, and provisioning all become first-class concepts instead of workarounds.

This is why the company keeps ending up in the same sentence as "B2B." If you're building software sold to other businesses - each with its own directory, its own login rules, its own audit requirements - the boring half of identity is not the login button. It's the provisioning, the role management, and the audit trail somebody's security team asks for at the worst possible moment. ZITADEL stores identity events as an audit-friendly stream, which is the kind of feature nobody demos but everybody eventually needs.

"Identity complexity should never again slow down innovation." That is the whole thesis, and everything else is implementation detail.

The company is written in Go, which matters mostly because it signals the audience: this is a tool for people who care about how it's built, deployed on Kubernetes, wired into Terraform, and extended through APIs. In 2024 ZITADEL shipped an Actions Framework v2, an extensibility layer that lets teams script custom identity logic through API endpoints instead of forking the codebase. That's the paved-road-versus-freedom tension that open-source infrastructure always has to solve, and ZITADEL's answer is: have both.

The AGPL turn

There's a plot point that's easy to skip but shouldn't be. Up through version 2, ZITADEL used the permissive Apache 2.0 license - do basically whatever you want. With version 3, it switched to AGPL-3.0, which is a different kind of promise. AGPL says: if you modify the code and offer it as a service, you have to share your changes, or buy a commercial license. This is the standard move for open-core companies trying to keep the "someone huge runs our software as a paid service and gives nothing back" scenario from eating their business. It's a signal that ZITADEL intends to be a company, not just a project - a subtle but real statement about how they plan to make money.

And how they make money is straightforward: the core is free and you can self-host it forever, but ZITADEL Cloud, enterprise licenses, and support contracts are where revenue comes from. It's open-core, the same broad shape as a lot of successful infrastructure businesses. Third-party estimates put annual revenue around $2 million, which for a company of roughly twenty-some people, three years into building a commercial layer on an open-source base, reads as early and plausible rather than remarkable in either direction.

Investors have taken the shape seriously. In June 2022, Nexus Venture Partners led a $2.5 million seed round. In November 2024, Nexus led again with a $9 million Series A, this time with Floodgate joining - bringing total funding past $11.5 million. The stated use of the money is the unglamorous but honest one: advance cloud-native identity infrastructure. Not "disrupt," not "reinvent." Advance.

Who it's actually for

The identity market in 2026 is crowded, and ZITADEL is refreshingly specific about where it wins. Keycloak is the feature-complete, ecosystem-heavy open-source giant. Ory and SuperTokens win on composable, API-first architectures. Auth0 and WorkOS trade self-hosting for a hands-off managed experience. ZITADEL's claim is narrower and therefore more credible: if you need real multi-tenancy, SCIM provisioning, and a genuine audit trail, and you'd like it open source, it is the most capable option on the market. Knowing exactly who you're for is an underrated form of product strategy.

What you can actually do with it is the mundane, useful list: stand up secure login for a new app in an afternoon; add passwordless and passkeys without treating them as a premium upsell; give your enterprise customers their own isolated tenant with their own identity provider federated in; automate user provisioning so nobody's off-boarding by hand; and keep the whole thing on infrastructure you control, in a jurisdiction you choose - a point that lands especially well with European teams navigating GDPR and data residency.

A company shaped like its product

It's worth noting how the company is built, because it rhymes with what it sells. ZITADEL is remote-first, with roots in St. Gallen and an address in San Francisco - a foot on each continent, which is convenient for a business whose customers are split between North America and Europe. The culture the founders describe is the familiar developer-tools posture: results over hours, flexible schedules, generous time off, and a development model that is transparent because it has to be. When your codebase is public, "transparent" stops being a value statement and becomes an operating condition. The community is not a marketing channel bolted onto the side; the 250-plus contributors and 1.2 million downloads are the distribution.

That community math is the quietly interesting part of the story. A small team - somewhere in the twenties, headcount-wise - is maintaining one of the more-starred identity projects on GitHub, shipping enterprise features like SCIM and an extensibility framework, and running a commercial cloud on top of it. Open source is a strange kind of leverage: slow to build, hard to fake, and difficult for a better-funded competitor to simply buy. ZITADEL's bet is that in identity - a category where trust is the entire product and "just trust us" is a weak pitch - being readable is a durable advantage. You don't have to take their word for what happens to your users' credentials. You can go read the code. In a market built on secrets, that turns out to be a surprisingly good place to stand.

None of this is thrilling, and that appears to be the point. The measure of success for an identity platform is not how often you think about it. It's how rarely you have to. ZITADEL is trying to make authentication the kind of thing that works, disappears into the stack, and lets you go build the actual product. Whether it becomes the default open-source identity layer is still an open question. But it has picked a real problem, taken a clear position on it, and it's being run by people who seem genuinely annoyed by the status quo - which, in infrastructure, is usually where the good tools come from.

Enterprise identity management had become a barrier to innovation rather than an enabler.

The founding observation · ZITADEL
The Founders

Three People, One Complaint

FF

Florian Forster

Co-founder & CEO
FB

Fabienne Bühler

Co-founder & Chief Product Officer
MP

Maximilian Panne

Co-founder & Chief Operating Officer
What You Get

Products & Building Blocks

Since 2020

ZITADEL (Open Source)

AGPL-3.0, Go-based IAM with auth, native multi-tenancy, OAuth2, OIDC, SAML, SCIM, passkeys and user management. Self-hostable.

Since 2022

ZITADEL Cloud

Fully managed SaaS with the same API-first feature set - for teams that would rather not run the servers themselves.

2024

Actions Framework v2

Custom triggers and executions through API endpoints, so you script your own identity logic without forking the project.

2024

SCIM & Provisioning

Automated user provisioning, sync and lifecycle management across external directories and systems.

Follow The Money

Funding History

Seed · 2022
$2.5M · Nexus VP
Series A · 2024
$9M · Nexus VP + Floodgate

Total raised to date: $11.5M+ across two rounds.

The Road So Far

Timeline

2019

Founded in Switzerland

Forster, Bühler and Panne start the company (as CAOS Ltd.) in St. Gallen to rethink enterprise identity.

2020

Open-source platform launches

ZITADEL ships as an open-source, API-first identity and access management platform.

2022

$2.5M seed round

Nexus Venture Partners leads a seed round to grow the team and the cloud offering.

2023

License shifts to AGPL-3.0

With v3, ZITADEL moves from Apache 2.0 to AGPL-3.0 and crosses 10,000 GitHub stars.

2024

$9M Series A

Nexus leads a $9M Series A with Floodgate to advance cloud-native identity infrastructure.

The Field

Who Else Is In The Room

The identity market is crowded. ZITADEL's edge is narrow and deliberate: the most capable open-source option when you need real multi-tenancy, provisioning and audit.

Keycloak
Auth0 / Okta
Ory
FusionAuth
SuperTokens
Authentik
WorkOS
Watch & Learn

Demos & Interviews

Questions

Frequently Asked

What is ZITADEL?
ZITADEL is an open-source identity and access management (IAM) platform providing authentication, authorization and native multi-tenancy for developers - supporting OAuth2, OIDC, SAML, SCIM, passkeys and MFA. It can be self-hosted or used as a managed cloud service.
Is ZITADEL free and open source?
Yes. The core platform is open source under the AGPL-3.0 license and can be self-hosted for free. ZITADEL also sells a managed cloud version and enterprise licenses for teams that want hosting, support and commercial terms.
How is ZITADEL different from Auth0 or Keycloak?
ZITADEL is API-first, written in Go, and treats multi-tenancy as a core feature, which makes it especially strong for B2B and SaaS products. Unlike Auth0 it can be fully self-hosted, and compared with Keycloak it emphasizes a cleaner developer API and a managed cloud option.
Who founded ZITADEL and where is it based?
It was founded in 2019 in St. Gallen, Switzerland by Florian Forster (CEO), Fabienne Bühler (CPO) and Maximilian Panne (COO). The company is remote-first and also lists a San Francisco address.
How much funding has ZITADEL raised?
ZITADEL has raised more than $11.5M in total, including a $2.5M seed round in 2022 and a $9M Series A in 2024, both led by Nexus Venture Partners, with Floodgate joining the Series A.