Kinde makes authentication easy by providing a range of methods to choose from.
Allow your users to sign up or sign in:
- by invitation only
- using self-sign-up (default)
- with a password
- passwordless
- with a phone number (Beta feature)
- with a range of social sign in options, like Google, Apple, Slack, and more
- via enterprise auth such as Microsoft Azure AD and SAML
Authentication can be set per environment, and can be changed for different applications, e.g. your production web app and mobile app can have different authentication requirements.
You can start simple with email self-sign-up, and then add more options as needed, such as social sign in and multi-factor authentication.
Support for multiple subdomains
Kinde supports multi-domain authentication where the primary domain is the same, but there are different subdomains. For example. website.yourdomain.com, app.yourdomain.com, docs.yourdomain.com.
This is similar to how Google manages authentication for calendar.google.com, mail.google.com, etc.
See also, Manage authentication across applications.
No support for multiple primary domains
Kinde does not support authentication for different primary domains within one Kinde account. For example, we don’t support authentication for yourbusiness.com, yourotherbusiness.com, and anotherbusiness.com through one Kinde business.
You can only have one domain per Kinde business because each domain is treated as having a separate authentication pattern and user pool.
This is similar to how Google manages google.com auth separately to youtube.com auth even though they are both owned by the same company.
If your business is set up so users sign in with passwords, you can be assured that Kinde uses a hashing algorithm and never stores passwords as text. Specifically, we use Blowfish for hashing, both in transit and at rest.
When setting up third party authentication, such as social sign in or enterprise sign in like SAML, ensure you have added the third party Client ID and Client Secret (Keys) to the configuration screens in your live environment. If you don’t enter these details, Kinde will fallback to use our own credentials as proxy and this will cause rate limiting. This is okay for local development environments, but not for live production environments.
Before setting up authentication, think about what your audience preferences are and how you want to manage access in the short and longer term. Enabling social sign in GitHub, for example, might be expected if your audience are software developers.
Here’s a common set of tasks for getting started.
Authentication and access