Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Auth and access
  • Self-serve SSO

Add SSO connection via self-serve portal

Your business customers who have their own organizations in Kinde can set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.

Before an organization can set up an SSO connection

Link to this section
  • Ensure that you have switched on the option in the self-serve portal settings
  • Check that the person setting up the connection has the right role and permissions. They need to be an Admin.
  • Add a domain to the verified domains list for the org (see below). Connections can only be set up for verified domains.

Add a verified domain to the customer organization in Kinde

Link to this section

This is like pre-setting the home realm domain for a connection.

  1. Open the organization record in Kinde.
  2. If prompted, in the Activate advanced organization features box, select Activate.
  3. Go to Policies in the menu.
  4. In the Verified domains text field, add the customer’s domain or domains. Add each on a new line. Make sure you include only the domain, e.g. mybusiness.com and not the full domain URL such as http://www.mybusiness.com.
  5. Select Save.

Add an SSO connection via the self-serve portal (Instructions for end-users)

Link to this section

Provide these instructions to the customer in case they need assistance.

  1. Navigate to the self-serve portal and select SSO.
  2. Select Add connection.
  3. Select the connection type and then select Next. The configuration dialog opens.
  4. Add a name for the connection - this name will be shown to end users when they sign in.
  5. Complete the other fields with details from your IdP, e.g. Entity ID, provisioning options, mapping, certificates, etc.
  6. Copy the ACS URL - you will need to add this to your IdP application.
  7. Select Save.

Finish setting up the connection for the organization (Instructions for Kinde admin)

Link to this section

There are some enterprise connection functions that are only configurable by you in Kinde. After the customer has entered their details, you can finish setting up the connection.

Open the connection in Kinde and adjust any of the following settings (if relevant):

  • Create a user record in Kinde - Add users if they do not exist when signing in. This is switched on by default.
  • Always show sign-in button - Show the SSO button on the app home screen. This is switched on by default.
  • Auto-add users - Allows users to join the organization if their credentials are accepted. Default is switched on.
  • Upstream params - these have the following default, but more can be added at the customer’s request. 
    {
        "login_hint": {
            "alias": "login_hint"
          }
    }

Make the connection available to end-users

Link to this section

This is the process for end-users to make the connection live. It can also be enabled in the Kinde admin.

  1. Open the connection configuration dialog via the self-service portal (end users).
  2. Select the Enable for organization option.
  3. Select Save.

Enable or disable a connection

Link to this section
  1. Navigate to the self-serve portal and select SSO.
  2. Select the three dots menu on the connection card, and choose Enable or Disable.

Delete a connection

Link to this section
  1. Navigate to the self-serve portal and select SSO.
  2. Select the three dots menu on the connection card, and choose Delete.
  3. Confirm that you want to delete the connection.

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email