Kinde’s authentication super-features: Advanced organizations
By Claire Mahoney —
If your business is more complex than a shopfront, then you know how challenging it can be to meet the needs of every client, business, user cohort, and individual customer at the same time. That’s what Kinde’s advanced organization features are for.
They’re a superset of advanced functions that help you tailor flexible and secure authentication experiences for every kind of customer you have. Here’s some of the ways you can use advanced orgs.
One size does not fit all when it comes to authentication. Each of your clients probably has different security requirements, preferences, and compliance needs.
With advanced orgs, you can set up different authentication methods for each organization, so that some customers can use single sign-on (SSO), some use social logins, and others use traditional email authentication. Add MFA for some orgs and keep it simple for others.
A workplace management software company has a finance industry customer in London who requires strict SAML auth for their employees. However, the cool startup in San Francisco just wants phone / passwordless to keep it simple.
To speed up the onboarding experience, you can add a domain allowlist so users signing up with certain email domains can join their organization without hassle, and users with the wrong email are kept out. You can lock out new registrations, or allow users to auto-join an organization based on their domain.
This feature is ideal for companies that manage large teams and want to simplify onboarding, but maintain the security of domain restrictions. Less admin for you and them, a better experience for end users.
A point-of-sale SaaS company has many large retail stores as customers. Instead of manually checking access rights for every new shop assistant, at each store, they enter a domain allowlist for each organization to manage system access. When sales staff use their company email to sign in, they’ll join the right organization/retailer.
Get role-based access control from day one by defining default roles for new users in each organization. So whenever someone new joins an org, they are immediately given the appropriate permissions, without any manual configuration.
This feature is ideal if you’re using orgs to separate user groups, like ‘members’, ‘coaches’, ‘volunteers’, ‘administrators’.
You can also use it if you want to assign a ‘basic role’ for everyone new to an org, and then expand permissions on request. Assigning basic roles automatically during account creation saves time and can reduce errors during provisioning.
A large accounting firm provides services to businesses as well as individuals. They manage each user group in separate organizations in Kinde. When Bob signs up as an individual, he’s automatically given access to basic tax information and online forms. When Betty signs her law firm up for accounting services, her and her staff get access to enterprise services, including online lodgements, and taxation advice.
Kinde supports custom domains per organization, so you can provide a branded and consistent auth experience for your customers. Ideal for companies who require allowlisting as part of authentication, and who want their users to have a seamless and familiar experience.
But it’s not all about brand. We all know how much code glue goes into hiding the seams between systems. Custom domains make it easy to hide your true identity and give organization customers an experience that is unique, cohesive and secure.
A farming wholesaler has multiple online retail stores. They run
veggies.com,flowers.com, andpoultry.comas separate organizations, each with their own custom domains, under the one Kinde business.
Provide a higher level of security for customers who demand it with multi-factor authentication (MFA) per org.
Configure MFA so it’s required for some users, while exempting others. For example, exclude the IT team from using MFA so they can handle issues more efficiently, but make sure everyone else uses it for maximum security.
In an advanced organization, you can also exclude specific enterprise connections from MFA, which is especially useful if it’s already available through the enterprise identity provider. Why double up?
A SaaS web app for managing high school attendance allows teachers to record class attendance, students to lodge medical certificates and other documents, and school administrators to manage class roles and reports. The administrators and students do not require MFA to sign in, but because teachers sign in during class, they must use MFA to keep records secure and protect against tampering.
- Custom auth per organization – Cater to every auth need, from enterprise SSO to social access to email sign up.
- Custom domain per organization – Support for a branded, owned experience that feels familiar.
- Domain allowlist & auto-join – Simplified onboarding that allows users to join an org based on their email domain.
- Assign default roles per organization – Automatically assign roles to new users when they join an organization.
- Multi-factor authentication per organization – Enable MFA where needed, and configure exemptions for specific enterprise connections and user roles.
Whether you want to improve the user experience, reduce administrative overheads, or meet stringent compliance requirements, advanced organizations features give you the tools you need.