Skip to content
  • Auth and access
  • About authentication

About Kinde authentication

Kinde makes authentication easy by providing a range of methods to choose from.

Allow your users to sign up or sign in:

Authentication can be set per environment, and can be changed for different applications, e.g. your production web app and mobile app can have different authentication requirements.

You can start simple with email self-sign-up, and then add more options as needed, such as social sign in and multi-factor authentication.

Multi-domain authentication

Link to this section

Support for multiple subdomains

Kinde supports multi-domain authentication where the primary domain is the same, but there are different subdomains. For example.,,

This is similar to how Google manages authentication for,, etc.

See also, Manage authentication across applications.

No support for multiple primary domains

Kinde does not support authentication for different primary domains within one Kinde account. For example, we don’t support authentication for,, and through one Kinde business.

You can only have one domain per Kinde business because each domain is treated as having a separate authentication pattern and user pool.

This is similar to how Google manages auth separately to auth even though they are both owned by the same company.

Password security

Link to this section

If your business is set up so users sign in with passwords, you can be assured that Kinde uses a hashing algorithm and never stores passwords as text. Specifically, we use Blowfish for hashing, both in transit and at rest.

Rate limiting if third party keys not entered

Link to this section

When setting up third party authentication, such as social sign in or enterprise sign in like SAML, ensure you have added the third party Client ID and Client Secret (Keys) to the configuration screens in your live environment. If you don’t enter these details, Kinde will fallback to use our own credentials as proxy and this will cause rate limiting. This is okay for local development environments, but not for live production environments.

Get started with authentication

Link to this section

Before setting up authentication, think about what your audience preferences are and how you want to manage access in the short and longer term. Enabling social sign in GitHub, for example, might be expected if your audience are software developers.

Here’s a common set of tasks for getting started.

  1. Set up user authentication
  2. Add social sign in
  3. Enable multi-factor authentication