MS Azure AD enterprise authentication (beta)

BETA FEATURE: We’re still working on this, but you can request early access and help us make it better.

Kinde supports the use of Microsoft Azure AD (WS Federated and OpenID) as an enterprise-level authentication method.

If you are importing users into Kinde, their Azure ID will be picked up and matched to the relevant connection based on their email address, for a seamless transition to Kinde.

• Your app needs to be registered with the Microsoft identity platform.
• We recommend you test connections in a non-production environment before activating in a live environment.

Add the connection

1. In Kinde, go to Settings > Environment > Authentication.
2. Scroll down to the Enterprise Connections section and select Add connections. The Add connection window opens.
3. Select the connection type you want to add and then select Add. Currently we support WS Federated and OpenID types. The connection type is added.

Configure the connection

1. On the tile for the new connection, select Configure.
2. Enter a Connection name. Make this something you can easily identify internally. If you plan to import users into Kinde, make sure the connection name matches the connection name you currently use.
3. Enter your Microsoft Azure AD domain.
4. Enter the Client ID and Client secret. These are known as the Secret value and Secret key in Microsoft.
5. Enter Home realm domains. This speeds up the sign in process for users of those domains.
6. If you want, select the Use common endpoint option. Recommended if you use multi-tenancy in MS Azure AD.
7. Select extended attributes:
   • Extended profile if you want to sync the additional information stored in a user’s MS Azure AD profile to their Kinde user profile.
   • Get user groups if you want to sync user groups. Recommended if you manage permissions and access via user groups in MS Azure AD.
8. If you want, select Sync user profiles and attributes on sign in. Recommended to keep Kinde user profile data in sync with user profile data from MS Azure AD.
9. Copy the Callback URL. You’ll need to enter this in your Microsoft Azure AD app.
10. In the Applications section, select the applications you want to activate the connection for.
11. Select Save.

Add the callback URL to MS Azure AD

1. Log in to the MS Azure Portal (https://portal.azure.com) using your AzureAD account.
2. Open the Azure Active Directory page by searching for it in the search bar.
3. In the left menu, select App Registrations.
4. If no applications are listed, select the All applications tab
5. Select your application.
6. Select the Redirect URIs links on the right.
7. Select Add URI.
8. In the relevant field, enter your callback URL (from Step 9 above)
9. Select Save.

Make sure you test each connection before enabling in production for your users.

1. In Kinde, go to Settings > Environment > Authentication.
2. Scroll down to the Enterprise Connections section and select Configure on the connection you want to edit.
3. In the connection details window, update the settings you want.
4. In the Applications section, disconnect or reconnect your applications.
5. Select Save.

• Import users in bulk
• Manage users across organizations