Add SSO connection via self-serve portal
Auth and access
You can configure a self-serve portal to enable authorized organization members to be able to self-manage functions provided by Kinde. Authorized org members can update:
A self-serve portal means your customers can make account changes without contacting you for support. This can save you both time.
If you are on the Kinde Scale plan, you can configure the portal per organization. E.g. allow some functions for some customers and not others.
Each core function within the self-serve portal is governed by a corresponding system permission. For example, the org:write:billing permission allows users to update billing details.
These permissions can be included in your custom roles and assigned to organization members.
We recommend creating custom roles with varying levels of portal access, which you can then assign as needed. For instance, you might create a role that allows members to view billing details but not update them. You can select these permissions within your existing roles, or when you create them.
When configuring org roles, you can specify whether it should be:
When you enable the Members and roles function, authorized members can invite other people into their organization directly from the portal, without you adding users manually or via the API.
Member invitations must also be enabled at the environment level. Go to Settings > Environment > Policies, switch on Allow invitations, and choose the Invite application that invitation links should open. See Set global access policies.
A member can only invite others and assign roles if they have sufficient permission in the organization:
org:write:members permission to open the Add member flow.Open the organization portal and go to Members.
Select Add member.
Enter the new member’s First name, Last name, and Email.
Select the Roles the member will have in the organization.
Select Save.
The person receives an email invitation to join the organization. They can set up a new account or sign in to an existing one to accept. For more on what the invitee sees, see Invited user sign-up experience.
Pending invitations appear in an Invitations list on the Members screen, showing each invitee’s name, email, role, and the date invited.
If invitations are disabled for the environment, the Add member option and the Invitations list are hidden in the portal when members browse Members normally. A bookmarked or direct URL to the add-member screen still loads that page and shows an “Invitations are disabled” message instead of the invite form.
Access to the portal is granted via a one-time link. You then use the link on an ‘account’ or ‘profile’ button in your app to open the Kinde portal screens.
You can generate the link using the user’s access token (recommended).
This method is ideal when you want to generate the portal link on the fly—for example, when a user clicks an “Account” button in your app.
If you’re using the Kinde React SDK, you can use the <PortalLink /> component, which both generates the link and redirects the user:
import {PortalLink} from "@kinde-oss/kinde-auth-react";
<PortalLink>Account</PortalLink>;If you’re not using a Kinde SDK, you can manually call the Account API:
const response = await fetch("/account_api/v1/portal_link", { headers: { Authorization: `Bearer ${userAccessToken}` }});const data = await response.json();window.location = data.url;Optional parameters:
return_url – where to redirect the user after exiting the portal.subnav – specify the portal section to open. See Get self-serve portal link for the supported values.When the user clicks the link you’ve added to your app, the portal opens. The default design is shown below, and we are working on allowing you to style this yourself. The options a member sees depends on their role and what you have chosen to display.