[Do not merge] Feat/org level ECs #358
Conversation
WalkthroughDocumentation for enterprise connections has been updated across several files. The changes include renaming titles, adding new sections (such as session sign-out behavior, disabling, and deletion of connections), and introducing the Microsoft Entra ID (SAML) connection type. Additionally, instructions for various connection setups (Cloudflare, Google Workspace, Okta, etc.) have been reorganized and clarified, while a new document has been added for configuring MS Entra ID (SAML). Minor updates to organization-level authentication guidelines have also been incorporated. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Kinde
participant IdP
User->>Kinde: Initiates sign-out
Kinde-->>User: Ends Kinde session
Note over Kinde,IdP: IdP session remains active
sequenceDiagram
participant Admin
participant Kinde
participant IdP
Admin->>Kinde: Initiate "Add SAML Connection"
Kinde-->>Admin: Present connection options (Organization-specific or Shared)
Admin->>Kinde: Select scope and provide configuration details
Kinde->>IdP: Validate configuration (Entity ID, Metadata URL, etc.)
IdP-->>Kinde: Confirm configuration details
Kinde-->>Admin: Connection configured successfully
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
❌ Link Validation Failed |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (10)
src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx (1)
28-29: Minor punctuation suggestion for improved readability.
In the sentence beginning at line 29, consider removing the comma after “organization” so the sentence reads more fluidly. For example:-The easiest way to restrict an enterprise connection to an organization, is to add the connection to the organization and not create it as a shared connection (at the environment level). +The easiest way to restrict an enterprise connection to an organization is to add the connection to the organization and not create it as a shared connection (at the environment level).src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx (1)
36-52: Consistent configuration guidance with a minor nitpick on terminology.
The configuration steps are clear. As a refinement, consider updating phrases such as “sign in process” to “sign‑in process” for consistency with common usage. For example, in the instruction on line 44 (or around the “Home realm domains” description), change “sign in” to “sign‑in”.-... speeds up the sign in process for users of those domains. +... speeds up the sign‑in process for users of those domains.🧰 Tools
🪛 LanguageTool
[uncategorized] ~44-~44: The noun “sign-in” is spelled with a hyphen.
Context: ... Home realm domains. This speeds up the sign in process for users of those domains. Not...(SIGN_UP_HYPHEN)
[uncategorized] ~48-~48: The noun “sign-in” is spelled with a hyphen.
Context: ... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx (1)
44-47: Minor editorial improvements for consistency.
On line 44, the expression “for e.g.” appears. Consider replacing it with either “e.g.” or “for example” to avoid redundancy. Additionally, update “sign in” to “sign‑in” in line 47 for consistent terminology.-1. Enter a random string value for Entity ID, for e.g. `870sa9fbasfasdas23aghkhc12zasfnasd`. +1. Enter a random string value for Entity ID, e.g. `870sa9fbasfasdas23aghkhc12zasfnasd`.-4. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. +4. If you use home realm domains, the sign‑in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign‑in button** option.🧰 Tools
🪛 LanguageTool
[style] ~44-~44: The phrase ‘for e.g.’ is an tautology (‘e.g.’ means ‘for example’). Consider using just “e.g.” or “for example”.
Context: ...er a random string value for Entity ID, for e.g.870sa9fbasfasdas23aghkhc12zasfnasd. 2...(FOR_EG_REDUNDANCY)
[uncategorized] ~46-~46: The noun “sign-in” is spelled with a hyphen.
Context: ... recommend adding these to speed up the sign in process for users of those domains. Not...(SIGN_UP_HYPHEN)
[uncategorized] ~47-~47: The noun “sign-in” is spelled with a hyphen.
Context: .... 4. If you use home realm domains, the sign in button is hidden on the auth screen by ...(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/custom-saml.mdx (1)
56-80: Clear and detailed configuration instructions with minor language refinements.
The configuration steps are comprehensive. A couple of small refinements:
- On line 60, consider replacing “must be configured exactly the same in your identity provider” with “must match the value configured in your identity provider (unless your IdP is Microsoft Azure)” for clarity and brevity.
- On line 66, insert a comma after “but if you do” for proper punctuation.
- On line 71, update “sign in button” to “sign‑in button” for consistency.
-2. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security. +2. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this option off for maximum security.-The Entity ID you enter here must be configured exactly the same in your identity provider (unless your IdP is Microsoft Azure). +The Entity ID you enter here must match the value in your identity provider (unless your IdP is Microsoft Azure).-We do not recommend leaving this field blank, but if you do we will set ‘email’ as the attribute. +We do not recommend leaving this field blank, but if you do, we will set ‘email’ as the attribute.-8. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. +8. If you use home realm domains, the sign‑in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign‑in button** option.🧰 Tools
🪛 LanguageTool
[style] ~60-~60: ‘exactly the same’ might be wordy. Consider a shorter alternative.
Context: ...ty ID you enter here must be configured exactly the same in your identity provider (unless your ...(EN_WORDINESS_PREMIUM_EXACTLY_THE_SAME)
[grammar] ~66-~66: The usual collocation for “returned” is “to”, not “in”.
Context: ...is value ensures that the email address returned in the SAML response is correctly retrieve...(RETURN_IN_THE)
[uncategorized] ~66-~66: It appears that a comma is missing here.
Context: ... leaving this field blank, but if you do we will set ‘email’ as the attribute. 7. E...(IF_WE_CANT_COMMA)
[uncategorized] ~67-~67: The noun “sign-in” is spelled with a hyphen.
Context: ...dentials and routes them to the correct sign in page. Note that home realm domains need...(SIGN_UP_HYPHEN)
[uncategorized] ~71-~71: The noun “sign-in” is spelled with a hyphen.
Context: ... 8. If you use home realm domains, the sign in button is hidden on the auth screen by ...(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx (3)
41-42: Improved connection type wording with a minor punctuation fix.
At line 41, consider adding a comma after “Currently” for clarity.-4. Select the Microsoft connection type you want and then select **Next**. Currently we support WS Federated and OpenID types. +4. Select the Microsoft connection type you want and then select **Next**. Currently, we support WS Federated and OpenID types.🧰 Tools
🪛 LanguageTool
[uncategorized] ~41-~41: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ...type you want and then select Next. Currently we support WS Federated and OpenID type...(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)
44-48: Consistent instructions for shared connection setup.
Similarly, adjust the punctuation after “Currently” in the shared connection section at line 48:-3. Select the Microsoft connection type you want and then select **Save**. Currently we support WS Federated and OpenID types. +3. Select the Microsoft connection type you want and then select **Save**. Currently, we support WS Federated and OpenID types.🧰 Tools
🪛 LanguageTool
[uncategorized] ~48-~48: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ...type you want and then select Save. Currently we support WS Federated and OpenID type...(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)
62-69: Clear configuration steps with minor textual corrections.
A small typo appears on line 63 where “ad dthis” should be “add this”. Also, for consistency, update “sign in” to “sign‑in” on line 64 and line 67. Additionally, the numbering in this configuration list should be reviewed as the sequence appears to repeat the number “6” and then jumps to “14”. Ensuring correct numbering will improve clarity for your readers.-3. Scroll past the IdP metadata URL and other key attribute fields. We will ad dthis information later. +3. Scroll past the IdP metadata URL and other key attribute fields. We will add this information later.-4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. +4. Enter **Home realm domains**. This speeds up the sign‑in process for users of those domains.-5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. +5. If you use home realm domains, the sign‑in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign‑in button** option.🧰 Tools
🪛 LanguageTool
[grammar] ~63-~63: The word ‘ad’ is a noun or an adjective. A verb or adverb is missing or misspelled here, or maybe a comma is missing.
Context: ...and other key attribute fields. We will ad dthis information later. 4. Enter **Ho...(PRP_MD_NN)
[uncategorized] ~64-~64: The noun “sign-in” is spelled with a hyphen.
Context: ...ome realm domains**. This speeds up the sign in process for users of those domains. ...(SIGN_UP_HYPHEN)
[uncategorized] ~69-~69: The noun “sign-in” is spelled with a hyphen.
Context: ... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/azure.mdx (1)
26-29: Updated “Before you begin” section.
The revised instructions now include the registration process via the Microsoft Entra Admin Center with an appropriate documentation link. Consider adding a punctuation mark after the link to enhance readability.src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx (1)
38-47: Detailed “Configure the connection” instructions.
The “Step 2: Configure the connection” section clearly outlines how to enter key details such as the Connection name, Entity ID, and IdP Metadata URL. Verify that the linked [Home realm domains or IdP discovery] page is up-to-date.🧰 Tools
🪛 LanguageTool
[uncategorized] ~42-~42: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...sure of the file location, enter any URL and we will update this later. ![connec...(COMMA_COMPOUND_SENTENCE)
[uncategorized] ~46-~46: The noun “sign-in” is spelled with a hyphen.
Context: ... Home realm domains. This speeds up the sign in process for users of those domains. Not...(SIGN_UP_HYPHEN)
[uncategorized] ~47-~47: The noun “sign-in” is spelled with a hyphen.
Context: .... 8. If you use home realm domains, the sign in button is hidden on the auth screen by ...(SIGN_UP_HYPHEN)
src/content/docs/authenticate/manage-authentication/organization-auth-experience.mdx (1)
44-52: Guidance on disabling organization authentication.
The “Disable authentication method for an organization” section clearly warns about potential breaking changes and advises ensuring alternative sign-in options.
• Suggestion: Consider rephrasing “the organization will revert back to using the default auth set up” to a more concise “the organization will revert to using the default auth setup.”- If you remove all authentication methods, the organization will revert back to using the default auth set up from the environment level. + If you remove all authentication methods, the organization will revert to using the default auth setup from the environment level.🧰 Tools
🪛 LanguageTool
[style] ~46-~46: Consider using just “revert”.
Context: ...tication methods, the organization will revert back to using the default auth set up from t...(RETURN_BACK)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx(4 hunks)src/content/docs/authenticate/enterprise-connections/azure.mdx(2 hunks)src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx(2 hunks)src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx(3 hunks)src/content/docs/authenticate/enterprise-connections/custom-saml.mdx(2 hunks)src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx(2 hunks)src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx(1 hunks)src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx(2 hunks)src/content/docs/authenticate/manage-authentication/organization-auth-experience.mdx(1 hunks)
🧰 Additional context used
🪛 LanguageTool
src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx
[style] ~44-~44: The phrase ‘for e.g.’ is an tautology (‘e.g.’ means ‘for example’). Consider using just “e.g.” or “for example”.
Context: ...er a random string value for Entity ID, for e.g. 870sa9fbasfasdas23aghkhc12zasfnasd. 2...
(FOR_EG_REDUNDANCY)
[uncategorized] ~46-~46: The noun “sign-in” is spelled with a hyphen.
Context: ... recommend adding these to speed up the sign in process for users of those domains. Not...
(SIGN_UP_HYPHEN)
[uncategorized] ~47-~47: The noun “sign-in” is spelled with a hyphen.
Context: .... 4. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/custom-saml.mdx
[style] ~60-~60: ‘exactly the same’ might be wordy. Consider a shorter alternative.
Context: ...ty ID you enter here must be configured exactly the same in your identity provider (unless your ...
(EN_WORDINESS_PREMIUM_EXACTLY_THE_SAME)
[grammar] ~66-~66: The usual collocation for “returned” is “to”, not “in”.
Context: ...is value ensures that the email address returned in the SAML response is correctly retrieve...
(RETURN_IN_THE)
[uncategorized] ~66-~66: It appears that a comma is missing here.
Context: ... leaving this field blank, but if you do we will set ‘email’ as the attribute. 7. E...
(IF_WE_CANT_COMMA)
[uncategorized] ~67-~67: The noun “sign-in” is spelled with a hyphen.
Context: ...dentials and routes them to the correct sign in page. Note that home realm domains need...
(SIGN_UP_HYPHEN)
[uncategorized] ~71-~71: The noun “sign-in” is spelled with a hyphen.
Context: ... 8. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
src/content/docs/authenticate/enterprise-connections/azure.mdx
[uncategorized] ~68-~68: The noun “sign-in” is spelled with a hyphen.
Context: ...ome realm domains**. This speeds up the sign in process for users of those domains. ...
(SIGN_UP_HYPHEN)
[uncategorized] ~70-~70: The noun “sign-in” is spelled with a hyphen.
Context: .... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
[style] ~71-~71: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...lways show sign-in button** option. 6. If you want, select the Use common endpoint opt...
(IF_YOU_WANT)
[style] ~73-~73: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...` object of the access token. 8. If you want to sync user groups, select **Get user gro...
(REP_WANT_TO_VB)
[style] ~74-~74: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...nal setup, see below. 9. Select if you want to treat this connection as a trusted prov...
(REP_WANT_TO_VB)
[style] ~75-~75: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...ving this off for maximum security. 10. If you want, select **Sync user profiles and attrib...
(IF_YOU_WANT)
src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx
[uncategorized] ~42-~42: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...sure of the file location, enter any URL and we will update this later. ![connec...
(COMMA_COMPOUND_SENTENCE)
[uncategorized] ~46-~46: The noun “sign-in” is spelled with a hyphen.
Context: ... Home realm domains. This speeds up the sign in process for users of those domains. Not...
(SIGN_UP_HYPHEN)
[uncategorized] ~47-~47: The noun “sign-in” is spelled with a hyphen.
Context: .... 8. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
[style] ~88-~88: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...1db-49b2-8e02-25ca7320cf00/public) 10. If you want, you can change the access to suit your...
(IF_YOU_WANT)
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx
[grammar] ~49-~49: The verb ‘signed into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “signed in to”. For websites and computers, other options are “logged in to” or “logged on to”.
Context: ...uld break existing sessions the user is signed into, for other applications. This behavior ...
(SIGN_INTO)
src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx
[formatting] ~30-~30: If the ‘is’ clause is essential to the meaning, do not use a comma before the clause.
Context: ...restrict an enterprise connection to an organization, is to add the connection to the organizati...
(COMMA_AFTER_PREPOSITION_PHRASES)
[style] ~30-~30: Consider a more expressive alternative.
Context: ...nnection (at the environment level). To do this, follow the relevant procedure for...
(DO_ACHIEVE)
[uncategorized] ~30-~30: The preposition “to” seems more likely in this position.
Context: ...evant procedure for adding a connection in the relevant topic. ## Select a shared...
(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)
src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx
[uncategorized] ~41-~41: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ...type you want and then select Next. Currently we support WS Federated and OpenID type...
(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)
[uncategorized] ~48-~48: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ...type you want and then select Save. Currently we support WS Federated and OpenID type...
(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)
[grammar] ~63-~63: The word ‘ad’ is a noun or an adjective. A verb or adverb is missing or misspelled here, or maybe a comma is missing.
Context: ...and other key attribute fields. We will ad dthis information later. 4. Enter **Ho...
(PRP_MD_NN)
[uncategorized] ~64-~64: The noun “sign-in” is spelled with a hyphen.
Context: ...ome realm domains**. This speeds up the sign in process for users of those domains. ...
(SIGN_UP_HYPHEN)
[uncategorized] ~69-~69: The noun “sign-in” is spelled with a hyphen.
Context: ... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
[style] ~72-~72: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...ally or via API later. 7. Select if you want to treat this connection as a trusted prov...
(REP_WANT_TO_VB)
[style] ~135-~135: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...bdcd-43b6-7130-8c866928b700/public) 5. If you want, customize the token properties by type...
(IF_YOU_WANT)
src/content/docs/authenticate/manage-authentication/organization-auth-experience.mdx
[style] ~46-~46: Consider using just “revert”.
Context: ...tication methods, the organization will revert back to using the default auth set up from t...
(RETURN_BACK)
[style] ~58-~58: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...tion window opens. 5. Confirm that you want to disable the connection. For shared con...
(REP_WANT_TO_VB)
src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx
[uncategorized] ~44-~44: The noun “sign-in” is spelled with a hyphen.
Context: ... Home realm domains. This speeds up the sign in process for users of those domains. Not...
(SIGN_UP_HYPHEN)
[uncategorized] ~48-~48: The noun “sign-in” is spelled with a hyphen.
Context: ... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
🔇 Additional comments (40)
src/content/docs/authenticate/enterprise-connections/enterprise-connections-b2b.mdx (3)
19-21: Clear explanation and enhanced scoping details.
The updated introductory paragraph now clearly outlines the two distinct methods for scoping an enterprise connection at the organization level.
32-37: Clear differentiation for shared connections.
The newly added section outlining how to select a shared enterprise connection is well structured and guides the reader effectively.
55-59: Helpful clarification through the aside.
Adding the note that both the enterprise connection and domain restrictions must pass enhances clarity and sets proper expectations.src/content/docs/authenticate/enterprise-connections/okta-saml-connection.mdx (3)
18-27: Structured steps for adding an Okta connection.
The split of the process into organization‑specific and shared configuration sections makes the instructions easier to follow.
53-62: Comprehensive Okta application setup instructions.
The revised steps for configuring and then completing the setup of the Okta connection improve clarity and guide the user effectively through the process.
80-88: Clear wrap-up of the SAML setup in Kinde.
The instructions for finishing the Okta SAML connection in Kinde are straightforward and complete.src/content/docs/authenticate/enterprise-connections/cloudflare-saml.mdx (4)
16-24: Enhanced introductory guidance with testing recommendations.
The addition of a reminder to set up and test the connection in a non‑production environment improves overall safety and clarity for users.
26-33: Clear instructions for organization‑specific connection setup.
The steps for adding a connection for a specific organization are clearly delineated and easy to follow.
34-41: Well‑structured shared connection flow.
The section describing how to add a connection that can be shared across multiple organizations is clear.
100-108: Concise completion instructions for Cloudflare connection setup.
The final step section clearly summarizes the instructions.src/content/docs/authenticate/enterprise-connections/custom-saml.mdx (2)
38-47: Structured steps for adding a SAML connection in Kinde.
The split into organization‑specific and shared connection additions makes the process more approachable.
81-87: Well‑outlined testing instructions.
The test steps clearly guide the user on how to verify that the SAML connection is working as expected.src/content/docs/authenticate/enterprise-connections/entra-id-saml.mdx (2)
1-12: New documentation file introducing MS Entra ID (SAML) connection.
The front matter and introductory sections are well organized. The clarification about the name change from Azure AD to Microsoft Entra ID is especially helpful.
97-112: Comprehensive guidance for finishing and testing the connection.
The final sections lay out the steps to finish configuring and testing the connection well. One potential improvement is to verify the step numbering—currently, “Step 4” is used for both finishing configuration and testing the connection; consider revising the numbering (for example, “Step 4” and “Step 5”) to avoid confusion.src/content/docs/authenticate/enterprise-connections/azure.mdx (11)
16-19: Clarify rebranding and integration messaging.
The updated messaging on Microsoft Entra ID (with support for WS Federated, OAuth2.0, and SAML) is clear and emphasizes the new linkage to a dedicated SAML topic. Ensure that any downstream references also use the updated terminology.
22-23: Effective aside update on rebranding.
Using the aside to note that Microsoft Entra ID used to be known as Microsoft Azure AD helps users understand the transition.
32-38: Clear introduction to Step 1.
The heading “Add and configure the connection in Kinde” along with the accompanying aside effectively differentiates between organization-specific and shared connections.
40-47: Well-structured steps for specific organization connection.
The step-by-step instructions for adding a connection for a specific organization are concise. If possible, consider including a brief note or link explaining the differences in connection types (WS Federated vs. OAuth2.0).
48-55: Clear steps for shared connection setup.
The instructions for adding a connection that can be shared across multiple organizations are well organized and consistent with other sections.
80-87: Clear callback URL configuration.
The step-by-step instructions for adding the callback URL to your Entra ID app are clear and concise.
88-97: Straightforward connection enabling steps.
The instructions for enabling the connection in Kinde are detailed and easy to follow. You might want to include a reminder to test the connection in a non-production environment if not already noted elsewhere.
100-111: Comprehensive groups claim configuration.
The “Add groups claim to MS Entra ID app” section is well detailed. Ensure that the image link is current and accessible.🧰 Tools
🪛 LanguageTool
[style] ~109-~109: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...bdcd-43b6-7130-8c866928b700/public) 5. If you want, customize the token properties by type...(IF_YOU_WANT)
114-121: Clear ID token customization steps.
The instructions for customizing the ID token in Kinde, including enabling social identity as an additional claim, are well presented.
122-126: Detailed token access group information.
The brief points about where to find group claims in the ID and Access tokens are useful and clear.
127-133: Logical test connection procedure.
The “Step 4: Test the connection” instructions provide a clear and logical process for verifying the connection.src/content/docs/authenticate/enterprise-connections/custom-saml-google-workspace.mdx (4)
20-28: Clear bifurcation of connection types.
The opening lines clearly explain that connections can be made available either to a specific organization or shared across multiple organizations, which improves user clarity.
30-36: Well-structured steps for shared connection setup.
The steps provided for adding a connection that is shared across multiple organizations are consistent in format and easy to follow.
52-91: Comprehensive Google Workspace Admin Console configuration.
The “Step 3: Configure Google Workspace Admin Console” section is thorough and benefits from annotated images that illustrate each step (e.g., adding a custom SAML app, setting identity details, etc.). Be sure to confirm that all image URLs remain valid over time.🧰 Tools
🪛 LanguageTool
[style] ~68-~68: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...er a Description for the app. 3. If you want, upload an icon for the app. 4. Sele...(IF_YOU_WANT)
[style] ~88-~88: This phrasing can be overused. Try elevating your writing with a more formal alternative.
Context: ...1db-49b2-8e02-25ca7320cf00/public) 10. If you want, you can change the access to suit your...(IF_YOU_WANT)
91-106: Clear final configuration steps.
The “Step 4: Upload metadata file” and “Step 5: Complete Kinde configuration” sections are concise and give users a clear call to action to activate the connection. A brief reminder to verify the correct environment (production vs. non-production) might be helpful.src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx (6)
3-3: Title update reflecting improved scope.
Changing the title to “Manage enterprise connections” better communicates the document’s focus on configuration and management.
22-23: Addition of Microsoft Entra ID (SAML) connection type.
The new list item for “Microsoft Entra ID (SAML)” enriches the documentation by highlighting an additional supported connection method.
41-42: Enhanced clarity on identity handling.
The revised explanation makes it clear that users with enterprise identities are managed solely via the IdP, which helps set proper expectations.
47-50: Informative session sign out behavior section.
This new section explains that signing out only affects the Kinde session—an important detail to avoid disrupting users’ other active sessions.🧰 Tools
🪛 LanguageTool
[grammar] ~49-~49: The verb ‘signed into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “signed in to”. For websites and computers, other options are “logged in to” or “logged on to”.
Context: ...uld break existing sessions the user is signed into, for other applications. This behavior ...(SIGN_INTO)
83-99: Comprehensive guidance for disabling connections.
The “Disable an enterprise connection” section, including the warning aside, offers clear, step-by-step instructions. Ensure that phrasing remains consistent with similar sections in the documentation.
101-113: Thorough instructions for deleting connections.
The “Delete an enterprise connection” section provides clear warnings about the irreversible nature of the deletion process and outlines the necessary steps.src/content/docs/authenticate/manage-authentication/organization-auth-experience.mdx (5)
20-24: Clarification on authentication method scopes.
The revised explanation now effectively distinguishes between shared (environment-level) and organization-specific (enterprise) authentication methods, which aids user understanding.
26-29: Revised “Set authentication methods for an organization” section.
This updated section title and introduction clearly convey that the process covers both shared connections and organization-level enterprise connections.
32-33: Clear override behavior explanation.
The note that setting authentication for an organization completely overrides the environment-level pattern (except for method availability) is well explained.
36-43: Intuitive step-by-step guide.
The sequential instructions for viewing organization details, selecting authentication, and activating advanced features are clear and actionable.
54-62: Step-by-step checklist for disabling connections.
The detailed instructions provided for disabling an authentication method ensure that users understand the process. Consistency with similar sections elsewhere in the documentation is maintained.🧰 Tools
🪛 LanguageTool
[style] ~58-~58: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...tion window opens. 5. Confirm that you want to disable the connection. For shared con...(REP_WANT_TO_VB)
| ## Step 2: Configure the connection | ||
|
|
||
| 1. On the tile for the new connection, select **Configure**. | ||
| 2. Enter a **Connection name.** Make this something you can easily identify, especially if you are adding multiple connections for different business customers. | ||
| 1. Enter a **Connection name.** Make this something you can easily identify, especially if you are adding multiple connections for different business customers. | ||
|
|
||
| <Aside type="warning"> | ||
|
|
||
| If you plan to import users into Kinde, make sure the connection name matches the connection name in the Entra ID record. | ||
|
|
||
| </Aside> | ||
|
|
||
| 3. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security. | ||
| 4. Enter your **Microsoft Azure domain.** | ||
| 5. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | ||
| 6. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | ||
| 2. Enter your **Microsoft Azure domain.** | ||
| 3. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | ||
| 4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | ||
| Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/). | ||
| 7. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. | ||
| 8. If you want, select the **Use common endpoint** option. Recommended if you use multi-tenancy. | ||
| 9. Select **Extended profile** if you want to sync the additional information stored in a user’s Microsoft profile to their Kinde user profile. Extended attributes data is included in the `extra_claims` object of the access token. | ||
| 10. If you want to sync user groups, select **Get user groups**. Recommended if you manage permissions and access via user groups in Microsoft. You also need to do some additional setup, see below. | ||
| 11. If you want, select **Sync user profiles and attributes on sign in**. Recommended to keep Kinde user profile data in sync with user profile data from Microsoft. If you choose this option, ensure that the global profile sync preference is also switched on in **Settings > Environment > Policies**. | ||
| 12. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later. | ||
| 13. Copy the **Callback URL**. You’ll need to enter this in your Microsoft app. | ||
| 14. In the **Applications** section, select the applications you want to activate the connection for. | ||
| 15. Select **Save**. | ||
| 5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Thorough configuration instructions with a minor rebranding note.
The “Step 2: Configure the connection” section is detailed and covers all necessary fields.
• Suggestion: Consider updating the phrase “Enter your Microsoft Azure domain.” to “Enter your Microsoft Entra domain.” to keep the branding consistent.
• Also, review the hyphenation for “sign-in” (e.g. in the phrase “sign-in button”) to ensure consistency as per style guidelines.
-2. Enter your **Microsoft Azure domain.**
+2. Enter your **Microsoft Entra domain.**📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Step 2: Configure the connection | |
| 1. On the tile for the new connection, select **Configure**. | |
| 2. Enter a **Connection name.** Make this something you can easily identify, especially if you are adding multiple connections for different business customers. | |
| 1. Enter a **Connection name.** Make this something you can easily identify, especially if you are adding multiple connections for different business customers. | |
| <Aside type="warning"> | |
| If you plan to import users into Kinde, make sure the connection name matches the connection name in the Entra ID record. | |
| </Aside> | |
| 3. Select if you want to treat this connection as a trusted provider. A [trusted provider](/authenticate/about-auth/identity-and-verification/) is one that guarantees the email they issue is verified. We recommend leaving this off for maximum security. | |
| 4. Enter your **Microsoft Azure domain.** | |
| 5. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | |
| 6. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | |
| 2. Enter your **Microsoft Azure domain.** | |
| 3. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | |
| 4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | |
| Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/). | |
| 7. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. | |
| 8. If you want, select the **Use common endpoint** option. Recommended if you use multi-tenancy. | |
| 9. Select **Extended profile** if you want to sync the additional information stored in a user’s Microsoft profile to their Kinde user profile. Extended attributes data is included in the `extra_claims` object of the access token. | |
| 10. If you want to sync user groups, select **Get user groups**. Recommended if you manage permissions and access via user groups in Microsoft. You also need to do some additional setup, see below. | |
| 11. If you want, select **Sync user profiles and attributes on sign in**. Recommended to keep Kinde user profile data in sync with user profile data from Microsoft. If you choose this option, ensure that the global profile sync preference is also switched on in **Settings > Environment > Policies**. | |
| 12. If you want to enable just-in-time (JIT) provisioning, select the **Create a user record in Kinde** option. This saves time adding users manually or via API later. | |
| 13. Copy the **Callback URL**. You’ll need to enter this in your Microsoft app. | |
| 14. In the **Applications** section, select the applications you want to activate the connection for. | |
| 15. Select **Save**. | |
| 5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. | |
| ## Step 2: Configure the connection | |
| 1. Enter a **Connection name.** Make this something you can easily identify, especially if you are adding multiple connections for different business customers. | |
| <Aside type="warning"> | |
| If you plan to import users into Kinde, make sure the connection name matches the connection name in the Entra ID record. | |
| </Aside> | |
| 2. Enter your **Microsoft Entra domain.** | |
| 3. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | |
| 4. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | |
| Note that all home realm domains must be unique across all connections in an environment. For more information about how, see [Home realm domains or IdP discovery](/authenticate/enterprise-connections/home-realm-discovery/). | |
| 5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the **Always show sign-in button** option. |
🧰 Tools
🪛 LanguageTool
[uncategorized] ~68-~68: The noun “sign-in” is spelled with a hyphen.
Context: ...ome realm domains**. This speeds up the sign in process for users of those domains. ...
(SIGN_UP_HYPHEN)
[uncategorized] ~70-~70: The noun “sign-in” is spelled with a hyphen.
Context: .... 5. If you use home realm domains, the sign in button is hidden on the auth screen by ...
(SIGN_UP_HYPHEN)
Deploying kinde-docs-previews with
|
| Latest commit: |
c911d92
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://87970de1.kinde-docs-previews.pages.dev |
| Branch Preview URL: | https://feat-org-level-ecs.kinde-docs-previews.pages.dev |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx (2)
41-41: Clarify Identity Sourcing Wording
The updated explanation now states that “identity information is sourced with the identity provider (IdP)”. For clarity and conventional usage, consider revising this to “sourced from the identity provider.”
47-50: Refine Session Sign Out Behavior Explanation
The section clearly details that signing out only affects the Kinde session, preserving the IdP session. However, the phrase “signed into” in line 49 should be updated to “signed in to” for clarity.Apply the following diff to fix the phrasing:
- ... break existing sessions the user is signed into, for other applications. + ... break existing sessions the user is signed in to, for other applications.🧰 Tools
🪛 LanguageTool
[grammar] ~49-~49: The verb ‘signed into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “signed in to”. For websites and computers, other options are “logged in to” or “logged on to”.
Context: ...uld break existing sessions the user is signed into, for other applications. This behavior ...(SIGN_INTO)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx(5 hunks)
🧰 Additional context used
🪛 LanguageTool
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx
[grammar] ~49-~49: The verb ‘signed into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “signed in to”. For websites and computers, other options are “logged in to” or “logged on to”.
Context: ...uld break existing sessions the user is signed into, for other applications. This behavior ...
(SIGN_INTO)
🔇 Additional comments (5)
src/content/docs/authenticate/enterprise-connections/about-enterprise-connections.mdx (5)
3-3: Title Update Reflects Management Focus
The new title "Manage enterprise connections" clearly signals the shifted focus toward managing these connections rather than just describing them.
22-22: New Enterprise Connection Type Added
The addition of "Microsoft Entra ID (SAML)" enriches the list of supported connection types. Please verify that the linked documentation exists and is correctly referenced.
59-59: Clear Separation of Routing and Security
The note at line 59 effectively distinguishes that the routing feature is independent of security or access control.
83-104: New Section: Disable an Enterprise Connection
The newly added section provides a clear, step-by-step guide on disabling an enterprise connection along with a prominent safety warning via the Aside. Consider including a brief note on potential follow-up actions or troubleshooting steps in case issues arise post-disablement.
105-120: New Section: Delete an Enterprise Connection
The deletion instructions are detailed and include an appropriate irreversible action warning. You might also consider adding a cross-reference to support or troubleshooting documentation in case users run into issues after deletion.
| 4. Enter your **Microsoft Azure domain.** | ||
| 5. Enter the **Client ID** and **Client secret** as they appear in the MS Azure portal. Make sure you use the **Value** of the client secret. | ||
| 6. Enter **Home realm domains**. This speeds up the sign in process for users of those domains. | ||
| 2. Enter your **Microsoft Azure domain.** |
| 3. Select **Save**. | ||
|
|
||
| Here’s what happens: | ||
| Enterprise connections are common for B2B setups where each business customer is represented as an organization in Kinde, and that organization is linked to one or more connections. There are two different ways to scope an enterprise connection and restrict it to the organization level. | ||
|
|
||
| - When the `org_code` is passed to Kinde as part of the authentication url, the correct sign-in option is shown. |
There was a problem hiding this comment.
sign-in options are shown. (they could have multiple
STILL IN DRAFT
Update to all enterprise connection topics
New topic for Microsoft Entra SAML
Update to org-level auth management
Summary by CodeRabbit