Kinde supports the use of Microsoft Entra ID (WS Federated and OpenID) as an enterprise-level authentication method. This service used to be Azure AD.
If you are importing users into Kinde, their Entra ID will be picked up and matched to the relevant connection based on their email address, for a seamless transition to Kinde.
On the tile for the new connection, select Configure.
Enter a Connection name. Make this something you can easily identify, especially if you are adding multiple connections for different business customers.
Select if you want to treat this connection as a trusted provider. A trusted provider is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security.
Enter your Microsoft Azure domain.
Enter the Client ID and Client secret as they appear in the MS Azure portal.
Enter Home realm domains. This speeds up the sign in process for users of those domains.
Note that all home realm domains must be unique across all connections in an environment. For more information about how, see Home realm domains or IdP discovery.
If you want, select the Use common endpoint option. Recommended if you use multi-tenancy.
Select extended attributes:
Extended profile if you want to sync the additional information stored in a user’s Microsoft profile to their Kinde user profile.
Get user groups if you want to sync user groups. Recommended if you manage permissions and access via user groups in Microsoft.
If you want, select Sync user profiles and attributes on sign in. Recommended to keep Kinde user profile data in sync with user profile data from Microsoft.
If you want to enable just-in-time (JIT) provisioning, select the Create a user record in Kinde option. This saves time adding users manually or via API later.
Copy the Callback URL. You’ll need to enter this in your Microsoft app.
In the Applications section, select the applications you want to activate the connection for.
Go to your test application and attempt to sign in.
If you left the Home realm domains field blank in Kinde, when you launch your application, you should see a button to sign in. Click it and go to step 4.
If you completed the Home realm domains field, you should be redirected immediately to your IdP sign in screen.
Enter your IdP details and complete any additional authentication required.
If your users sign in via the Entra ID (formerly Azure AD) enterprise connection in Kinde, when they sign out, they are just signing out of Kinde. They are not fully being signed out of Entra ID.
It also works this way for social connections, where a third party is the identity provider.