User management is about managing user records, and controlling what users can do and access within your product. You can set this up to be simple or complex, depending on your company’s needs.

Whether or not you manage multiple organizations in Kinde, all users need to belong to at least one organization. You can specify which organization users are added to, or else they are added to the default organization.

You can add users to other organizations or change the organizations they belong to at any time.

If a user belongs to multiple organizations, they will be prompted to select an organization when they sign in.

By default, users will be allowed to sign up to your applications without being invited. If you would prefer your users to be invitation only, go to Settings > Environment > Details and switch off the Allow user to sign up option.

Tip: If users can sign themselves up, you might want to also set a default role for new users.

When a user signs in, their profile details (email, name, etc.) from the external provider (MS Azure, Google, etc.) are updated in Kinde as well. For example, if you manage user access via a MS Azure AD connection, then their Azure AD profile is synced to Kinde each time they sign in.

We recommend keeping this switched on, but you can disable it in Settings > Environment > Details by switching off the Sync user profiles and attributes on sign in option.

You can add users manually or import them from a CSV file. If you are transferring user details from another service, such as Auth0, you need to obtain the details from the service before you can import.

Permissions and roles are defined at the ‘Business’ level in your Kinde account - which is the global level; but they are applied per user at an ‘organization’ level. This means you just have to create them once and they are made available across your whole business structure.

Kinde provides the ability to set individual permissions at a user level, and to create roles (sets of permissions) for easier user management.

A user can be assigned multiple roles, and assigned permissions on top of these. We recommend you work out a model for managing this, starting with basic permissions.

Recommended approach

While everyone’s needs are different, we recommend you write your code based on permissions, not roles, as it gives you more control and will scale better when you are managing a lot of users.