Kinde gives you many options for setting up user authentication so you can choose how you want users to access your business and sign in.

You can set authentication at the organization level and apply it to your applications, or you can set it up individually for each application.

1. Go to Settings > Environment > Authentication.
2. Select Configure for the authentication option you want. See descriptions below.
3. In the window that appears, switch the authentication option on or off for each application you have.
4. Select Save.
5. Repeat from step 2 for each authentication option.

You can also set up unique authentication for each of your applications. To do this, view the Application details and then select Authentication in the side menu.

Select from the options listed below.

Note that you cannot use passwordless and password authentication for the same app.

If you want users to authenticate via email using a password, switch on Email authentication and choose Password.

This means users have to select and remember a password. The password needs to be at least 8 characters and popular passwords are blocked. If allowing this method, you should encourage users to use a password manager to increase security.

Users will be prompted to verify their email address when they first sign up, using a one time code.

Rest assured that Kinde uses a secure hashing algorithm and never stores passwords as text. Specifically, we use Blowfish for hashing, both in transit and at rest.

❗ If you switch your users from passwordless to password, Kinde will first check if a password exists for the user when they next sign in. If a password doesn’t exist, we verify the email address and ask user to set the password. The next time they sign in, they will use the email + password. Note that they enter their password on a different screen to their email.

If you want users to authenticate without having to set a password, switch on Email authentication and choose Passwordless.

When you activate this option, users will be sent a one-time password (OTP) to confirm their identity when they sign in. This option is more secure than using passwords, which need to be stored and protected by the user.

Users will be prompted to verify their email address when they first sign up, also using an OTP.

Kinde does not currently support magic links as a passwordless authentication method, as they are less secure than an OTP.

You can let users sign up and sign in using social profiles. This requires some admin setup work and developer skills.

Returning users matched by email Unlike some other authentication providers, Kinde automatically matches some accounts on sign up by matching verified email addresses. This means that if a user signs up with Google the first time, and they come back and sign up again with Slack, and the same email is detected (and the emails are verified), then the accounts get linked.

See the individual social sign in instructions.

Kinde supports the use of Microsoft Azure AD and SAML as an enterprise-level single sign on (SSO) authentication methods. These methods are more suited to big corporate and government organizations.