Skip to content
  • Build on Kinde
  • Self-service portal

Enable self-serve portal for organizations

You can configure a self-serve portal to enable authorized organization members to be able to self-manage functions provided by Kinde. Authorized org members can update:

A self-serve portal means your customers can make account changes without contacting you for support. This can save you both time.

If you are on the Kinde Scale plan, you can configure the portal per organization. E.g. allow some functions for some customers and not others.

Configure the organization self-serve portal

Link to this section
  1. Go to Settings > Environment > Self-serve portal. Settings for self-serve portal for orgs
  2. Enter the Return URL that you want users to land on when they exit the portal, e.g. your app dashboard.
  3. Add an Organization alias to represent how your customers are referred to in your business, e.g. Account, Partner, Workspace, etc. This will be visible in the interface in the portal.
  4. In the Organization profile section, select the functions you want organization admins to be able to manage. Options for showing hiding settings for org members
  5. Select Save.

Portal access control with system permissions

Link to this section

Each core function within the self-serve portal is governed by a corresponding system permission. For example, the org:write:billing permission allows users to update billing details.

These permissions can be included in your custom roles and assigned to organization members.

We recommend creating custom roles with varying levels of portal access, which you can then assign as needed. For instance, you might create a role that allows members to view billing details but not update them. You can select these permissions within your existing roles, or when you create them.

Roles with system permissions for self-serve portal

When configuring org roles, you can specify whether it should be:

  • Automatically assigned to all new organization members.
  • Automatically assigned to the organization creator.

Invite members from the portal

Link to this section

When you enable the Members and roles function, authorized members can invite other people into their organization directly from the portal, without you adding users manually or via the API.

Who can invite members

Link to this section

A member can only invite others and assign roles if they have sufficient permission in the organization:

  • The member needs the org:write:members permission to open the Add member flow.
  • Each role in the Add member dialog is gated individually—a member can only assign a role if they hold the permission required to grant it. Roles they can’t assign appear disabled. This mirrors the role gating used for Kinde team members, so a member can never grant access broader than their own.

Invite a member

Link to this section
  1. Open the organization portal and go to Members.

  2. Select Add member.

    add member dialog in the organization portal

  3. Enter the new member’s First name, Last name, and Email.

  4. Select the Roles the member will have in the organization.

    • You can select more than one.
    • Unavailable roles are disabled.
  5. Select Save.

    The person receives an email invitation to join the organization. They can set up a new account or sign in to an existing one to accept. For more on what the invitee sees, see Invited user sign-up experience.

Revoke a pending invitation

Link to this section

Pending invitations appear in an Invitations list on the Members screen, showing each invitee’s name, email, role, and the date invited.

  1. Find the invitation in the Invitations list.
  2. Select the actions menu next to it, then select Revoke invitation.

When invitations are turned off

Link to this section

If invitations are disabled for the environment, the Add member option and the Invitations list are hidden in the portal when members browse Members normally. A bookmarked or direct URL to the add-member screen still loads that page and shows an “Invitations are disabled” message instead of the invite form.

Link to this section

Access to the portal is granted via a one-time link. You then use the link on an ‘account’ or ‘profile’ button in your app to open the Kinde portal screens.

You can generate the link using the user’s access token (recommended).

Link to this section

This method is ideal when you want to generate the portal link on the fly—for example, when a user clicks an “Account” button in your app.

Link to this section

If you’re using the Kinde React SDK, you can use the <PortalLink /> component, which both generates the link and redirects the user:

import {PortalLink} from "@kinde-oss/kinde-auth-react";
<PortalLink>Account</PortalLink>;
Link to this section

If you’re not using a Kinde SDK, you can manually call the Account API:

const response = await fetch("/account_api/v1/portal_link", {
headers: {
Authorization: `Bearer ${userAccessToken}`
}
});
const data = await response.json();
window.location = data.url;

Optional parameters:

  • return_url – where to redirect the user after exiting the portal.
  • subnav – specify the portal section to open. See Get self-serve portal link for the supported values.

How the self-serve portal looks

Link to this section

When the user clicks the link you’ve added to your app, the portal opens. The default design is shown below, and we are working on allowing you to style this yourself. The options a member sees depends on their role and what you have chosen to display.

Self-serve portal in Kinde