From cd2d6d59549b4ef46274462c6dfa1f28dcea885a Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 14:21:45 +1000
Subject: [PATCH 01/18] New topic: Add SSO connection from portal
---
.../self-serve-sso/add-sso-self-serve.mdx | 77 +++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
new file mode 100644
index 000000000..f61b86d82
--- /dev/null
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -0,0 +1,77 @@
+---
+page_id: ab20745f-0918-403a-8103-fc5749082dba
+title: Add SSO connection via self-serve portal
+description: Guide for enabling a business customer to set up their own SSO enterprise connection via the self-serve portal.
+sidebar:
+ order: 7
+relatedArticles:
+ - a2668524-5842-4c68-ab50-30b7e8c3e842
+ - f36bce4a-52bb-4785-865b-6b33356f9838
+topics:
+ - self-serve-portal
+ - organizations
+ - billing
+sdk:
+ - react
+languages:
+ - javascript
+ - jsx
+audience: developers
+complexity: intermediate
+keywords:
+ - organization portal
+ - enterprise connection
+ - SSO
+ - self-serve portal
+updated: 2025-08-25
+featured: false
+deprecated: false
+ai_summary: Guide for enabling a business customer to set up their own SSO enterprise connection via the self-serve portal.
+---
+
+
+
+Your business customers who have their own organizations in Kinde, can now set up and manage their own SSO connections. This can save time going back and forth trying to swap app credentials. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
+
+## Before your orgs can set up a SSO connection
+
+- Ensure that you have switched on the option in the [self-serve portal settings](/build/set-up-options/self-serve-portal-for-orgs/)
+- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/)
+- Add a domain to the verified domains list for the org (see below).
+
+### Add a verified domain to the customer organization in Kinde
+
+This is like pre-setting the home realm domain for a connection.
+
+1. Open the organization record in Kinde.
+2. Go to **Policies** in the menu.
+3. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you truncate to include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
+4. Select **Save**.
+
+## Add an SSO connection via the self-serve portal
+
+Provide these instructions to the customer in case they need assistance.
+
+1. Navigate to the self-serve portal and select **SSO**.
+2. Select **Add connection**.
+3. Select the connection type and then select **Next**. The configuration dialog opens.
+4. Select the domains that are allowed to use this connection.
+5. Complete the other fields with details from your IdP, e.g. **Entity ID**, provisioning options, mapping, certificates, etc.
+6. Copy the **ACS URL** - you will need to add this to your IdP application.
+7. If you are ready to, **Enable the connection**.
+8. Select **Save**.
+
+## Enable or disable a connection
+
+1. Navigate to the self-serve portal and select **SSO**.
+2. Select the three dots menu on the connection card, and choose **Enable** or **Disable**.
+
+## Delete a connection
+
+1. Navigate to the self-serve portal and select **SSO**.
+2. Select the three dots menu on the connection card, and choose **Delete**.
+3. Confirm that you want to delete the connection.
From 2351219a1fa53a0bb855771e6c7c305cb4487bbf Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 14:24:26 +1000
Subject: [PATCH 02/18] Update sidebarData.ts
---
src/data/sidebarData.ts | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/data/sidebarData.ts b/src/data/sidebarData.ts
index 1eb64e538..d623da517 100644
--- a/src/data/sidebarData.ts
+++ b/src/data/sidebarData.ts
@@ -151,6 +151,11 @@ const sidebarData = [
autogenerate: {directory: "authenticate/enterprise-connections"},
collapsed: false
},
+ {
+ label: "Self-serve connections",
+ autogenerate: {directory: "authenticate/self-serve-sso/"},
+ collapsed: false
+ },
{
label: "Multi-factor auth",
autogenerate: {directory: "authenticate/multi-factor-auth"},
From 79d18ed8f4e38a86521c2e92746677cec361dc00 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 14:38:52 +1000
Subject: [PATCH 03/18] New topic
---
.../manage-self-serve-connections.mdx | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
diff --git a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
new file mode 100644
index 000000000..1d47920b1
--- /dev/null
+++ b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
@@ -0,0 +1,31 @@
+---
+page_id: 6bfab126-8887-4030-97aa-f44335fe489d
+title: Manage connections added by customers
+description: This is a support topic for when a business customer sets up their own SSO enterprise connection via the self-serve portal.
+sidebar:
+ order: 7
+relatedArticles:
+ - ab20745f-0918-403a-8103-fc5749082dba
+ - a2668524-5842-4c68-ab50-30b7e8c3e842
+ - f36bce4a-52bb-4785-865b-6b33356f9838
+topics:
+ - self-serve-portal
+ - organizations
+ - billing
+sdk:
+ - react
+languages:
+ - javascript
+ - jsx
+audience: developers
+complexity: intermediate
+keywords:
+ - organization portal
+ - enterprise connection
+ - SSO
+ - self-serve portal
+updated: 2025-08-25
+featured: false
+deprecated: false
+ai_summary: This is a support topic for when a business customer sets up their own SSO enterprise connection via the self-serve portal.
+---
From 8b41f28a224ab8784a6c5ff01b4d31636a304980 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 14:39:11 +1000
Subject: [PATCH 04/18] Side bar order
---
.../docs/authenticate/self-serve-sso/add-sso-self-serve.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index f61b86d82..5116adb53 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -3,7 +3,7 @@ page_id: ab20745f-0918-403a-8103-fc5749082dba
title: Add SSO connection via self-serve portal
description: Guide for enabling a business customer to set up their own SSO enterprise connection via the self-serve portal.
sidebar:
- order: 7
+ order: 1
relatedArticles:
- a2668524-5842-4c68-ab50-30b7e8c3e842
- f36bce4a-52bb-4785-865b-6b33356f9838
From ecba5784d33c52a3f712e0a3aaf6328066667193 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 16:14:40 +1000
Subject: [PATCH 05/18] New topic draft
---
.../manage-self-serve-connections.mdx | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
index 1d47920b1..31475fe5f 100644
--- a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
@@ -29,3 +29,44 @@ featured: false
deprecated: false
ai_summary: This is a support topic for when a business customer sets up their own SSO enterprise connection via the self-serve portal.
---
+
+If you allow your business customers to set up and manage their own SSO enterprise connections in your app, this topic describes how to help manage and troubleshoot the connections.
+
+Self-serve portal connections for accessing your site or app are fully under your control. Even though your customer can do the basic configuration, there are some things you'll want to manage on your side, such as provisioning, upstream params, etc.
+
+## Troubleshoot self-serve SSO connections
+
+If a customer can't sign in using the SSO connection they set up, check these things.
+
+- They have added the ACS URL to the application on their identity provider side
+- They have a verified domain (home realm domain) selected in the configuration
+- The email they are trying to test belongs to the verified domain
+- The credentials and certificates are all valid
+- The connection is enabled and is being accessed in the relevant environment
+- The org code is being passed when a user goes to sign in
+- If there are any issues with upstream params being parsed
+- All required fields are included in the configuration, including key attributes (if relevant)
+
+## How to access and manage enterprise connections created by your customers
+
+1. Open the organization for the customer.
+2. In the left menu, select **Authentication**. The customer's connections are shown.
+3. Select the three dots on the connection, and select **Edit**.
+4. In the connection configuration window, make the changes you want, and select **Save**.
+
+## Enable or disable a connection
+
+You might need to disable a connection if you think it has been compromised or at the customer's request.
+
+1. Open the organization for the customer.
+2. In the left menu, select **Authentication**. The customer's connections are shown.
+3. Select the three dots menu on the connection card, and choose **Enable** or **Disable**.
+
+## Delete a connection
+
+This completely disables and deletes the connection. This action can't be reversed.
+
+1. Open the organization for the customer.
+2. In the left menu, select **Authentication**. The customer's connections are shown.
+3. Select the three dots menu on the connection card, and choose **Delete**.
+4. Confirm that you want to delete the connection.
From 5762f37c23693cc7391593f1e2c680dbd3664d09 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 16:41:15 +1000
Subject: [PATCH 06/18] typo
---
.../docs/authenticate/self-serve-sso/add-sso-self-serve.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index 5116adb53..c4cd8df46 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -35,7 +35,7 @@ This feature is only available on the [Kinde Scale plan](https://kinde.com/prici
-Your business customers who have their own organizations in Kinde, can now set up and manage their own SSO connections. This can save time going back and forth trying to swap app credentials. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
+Your business customers who have their own organizations in Kinde, can now set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
## Before your orgs can set up a SSO connection
From 8a37814d71adc06e35376eabe79f214cc2599a54 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 17:35:24 +1000
Subject: [PATCH 07/18] Edit
---
.../self-serve-sso/manage-self-serve-connections.mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
index 31475fe5f..2a84ddc1c 100644
--- a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
@@ -32,7 +32,7 @@ ai_summary: This is a support topic for when a business customer sets up their o
If you allow your business customers to set up and manage their own SSO enterprise connections in your app, this topic describes how to help manage and troubleshoot the connections.
-Self-serve portal connections for accessing your site or app are fully under your control. Even though your customer can do the basic configuration, there are some things you'll want to manage on your side, such as provisioning, upstream params, etc.
+Self-serve portal connections for accessing your site or app are fully under your control. Even though your customer can do the basic configuration, there are some things you'll probably want to manage on your side, such as provisioning behavior and other connection defaults.
## Troubleshoot self-serve SSO connections
@@ -51,7 +51,7 @@ If a customer can't sign in using the SSO connection they set up, check these th
1. Open the organization for the customer.
2. In the left menu, select **Authentication**. The customer's connections are shown.
-3. Select the three dots on the connection, and select **Edit**.
+3. Select the three dots on the connection, and select **Configure**.
4. In the connection configuration window, make the changes you want, and select **Save**.
## Enable or disable a connection
From 64f8808e2f92b8076bc781cfc18e7e34b43cc7ba Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 17:48:47 +1000
Subject: [PATCH 08/18] New topic
---
.../self-manage-sso-per-org.mdx | 44 +++++++++++++++++++
1 file changed, 44 insertions(+)
create mode 100644 src/content/docs/authenticate/self-serve-sso/self-manage-sso-per-org.mdx
diff --git a/src/content/docs/authenticate/self-serve-sso/self-manage-sso-per-org.mdx b/src/content/docs/authenticate/self-serve-sso/self-manage-sso-per-org.mdx
new file mode 100644
index 000000000..79b84c4ed
--- /dev/null
+++ b/src/content/docs/authenticate/self-serve-sso/self-manage-sso-per-org.mdx
@@ -0,0 +1,44 @@
+---
+page_id: 2a54764d-eb85-4905-8098-9c4e7a5073d7
+title: Switch on SSO self-management per organization
+description: Set up access to the self-serve portal SSO function at the org-level
+sidebar:
+ order: 3
+relatedArticles:
+ - a2668524-5842-4c68-ab50-30b7e8c3e842
+ - f36bce4a-52bb-4785-865b-6b33356f9838
+topics:
+ - self-serve-portal
+ - organizations
+ - enterprise SSO
+sdk:
+ - react
+languages:
+ - javascript
+ - jsx
+audience: developers
+complexity: intermediate
+keywords:
+ - organization portal
+ - enterprise connection
+ - SSO
+ - self-serve portal
+updated: 2025-08-25
+featured: false
+deprecated: false
+ai_summary: Set up access to the self-serve portal SSO function at the org-level
+---
+
+
+
+You can give specific permission for an organization to set up and manage SSO connections, without giving it to all organizations in your business.
+
+1. In Kinde, open the organization you want to give access.
+2. In the side menu, select **Self-serve portal**.
+3. Switch on the SSO function.
+4. Select **Save**.
+
From 4426679cb834fcc34f76f559fb43d7166caf2f76 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 25 Aug 2025 17:49:03 +1000
Subject: [PATCH 09/18] Update manage-self-serve-connections.mdx
---
.../self-serve-sso/manage-self-serve-connections.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
index 2a84ddc1c..34fac898b 100644
--- a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
@@ -3,7 +3,7 @@ page_id: 6bfab126-8887-4030-97aa-f44335fe489d
title: Manage connections added by customers
description: This is a support topic for when a business customer sets up their own SSO enterprise connection via the self-serve portal.
sidebar:
- order: 7
+ order: 2
relatedArticles:
- ab20745f-0918-403a-8103-fc5749082dba
- a2668524-5842-4c68-ab50-30b7e8c3e842
From bd907f3dd88fb2b66165a5622ff5dcadc060d16a Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Tue, 26 Aug 2025 11:13:17 +1000
Subject: [PATCH 10/18] Update sidebarData.ts
---
src/data/sidebarData.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/data/sidebarData.ts b/src/data/sidebarData.ts
index d623da517..d0f12e57e 100644
--- a/src/data/sidebarData.ts
+++ b/src/data/sidebarData.ts
@@ -152,7 +152,7 @@ const sidebarData = [
collapsed: false
},
{
- label: "Self-serve connections",
+ label: "Self-serve SSO",
autogenerate: {directory: "authenticate/self-serve-sso/"},
collapsed: false
},
From 8f2c1e9642741a28b6ec669cd6f2318b7893ec6d Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Fri, 19 Sep 2025 11:00:46 +1000
Subject: [PATCH 11/18] Update manage-self-serve-connections.mdx
---
.../self-serve-sso/manage-self-serve-connections.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
index 34fac898b..f7fb70a4a 100644
--- a/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/manage-self-serve-connections.mdx
@@ -1,6 +1,6 @@
---
page_id: 6bfab126-8887-4030-97aa-f44335fe489d
-title: Manage connections added by customers
+title: Manage SSO connections added by customers
description: This is a support topic for when a business customer sets up their own SSO enterprise connection via the self-serve portal.
sidebar:
order: 2
From bac38fc261d14823474a73a974a51a3e478efb68 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Fri, 19 Sep 2025 11:06:09 +1000
Subject: [PATCH 12/18] Update add-sso-self-serve.mdx
Minor edits
---
.../self-serve-sso/add-sso-self-serve.mdx | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index c4cd8df46..de6d62331 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -35,7 +35,7 @@ This feature is only available on the [Kinde Scale plan](https://kinde.com/prici
-Your business customers who have their own organizations in Kinde, can now set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
+Your business customers who have their own organizations in Kinde can set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
## Before your orgs can set up a SSO connection
@@ -49,7 +49,7 @@ This is like pre-setting the home realm domain for a connection.
1. Open the organization record in Kinde.
2. Go to **Policies** in the menu.
-3. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you truncate to include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
+3. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
4. Select **Save**.
## Add an SSO connection via the self-serve portal
@@ -59,11 +59,12 @@ Provide these instructions to the customer in case they need assistance.
1. Navigate to the self-serve portal and select **SSO**.
2. Select **Add connection**.
3. Select the connection type and then select **Next**. The configuration dialog opens.
-4. Select the domains that are allowed to use this connection.
-5. Complete the other fields with details from your IdP, e.g. **Entity ID**, provisioning options, mapping, certificates, etc.
-6. Copy the **ACS URL** - you will need to add this to your IdP application.
-7. If you are ready to, **Enable the connection**.
-8. Select **Save**.
+4. Add a name for the connection - this name will be shown to end users when they sign in.
+5. Select the domains that are allowed to use this connection.
+6. Complete the other fields with details from your IdP, e.g. **Entity ID**, provisioning options, mapping, certificates, etc.
+7. Copy the **ACS URL** - you will need to add this to your IdP application.
+8. If you are ready to, **Enable the connection**.
+9. Select **Save**.
## Enable or disable a connection
From 131445054dad0b564d13fb85e70f191b4c7d9e21 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Fri, 19 Sep 2025 11:19:13 +1000
Subject: [PATCH 13/18] Added activating advanced org in procedure
---
.../authenticate/self-serve-sso/add-sso-self-serve.mdx | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index de6d62331..34e385f95 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -37,7 +37,7 @@ This feature is only available on the [Kinde Scale plan](https://kinde.com/prici
Your business customers who have their own organizations in Kinde can set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
-## Before your orgs can set up a SSO connection
+## Before an organization can set up a SSO connection
- Ensure that you have switched on the option in the [self-serve portal settings](/build/set-up-options/self-serve-portal-for-orgs/)
- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/)
@@ -48,9 +48,10 @@ Your business customers who have their own organizations in Kinde can set up and
This is like pre-setting the home realm domain for a connection.
1. Open the organization record in Kinde.
-2. Go to **Policies** in the menu.
-3. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
-4. Select **Save**.
+2. If prompted, in the **Activate advanced organization features** box, select **Activate**.
+3. Go to **Policies** in the menu.
+4. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
+5. Select **Save**.
## Add an SSO connection via the self-serve portal
From 19a28f1090476e101540654aa71dbeace3860b95 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Fri, 19 Sep 2025 11:20:31 +1000
Subject: [PATCH 14/18] Update add-sso-self-serve.mdx
---
.../docs/authenticate/self-serve-sso/add-sso-self-serve.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index 34e385f95..c01669194 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -40,7 +40,7 @@ Your business customers who have their own organizations in Kinde can set up and
## Before an organization can set up a SSO connection
- Ensure that you have switched on the option in the [self-serve portal settings](/build/set-up-options/self-serve-portal-for-orgs/)
-- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/)
+- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/). They need to be an Admin.
- Add a domain to the verified domains list for the org (see below).
### Add a verified domain to the customer organization in Kinde
From 1e3e75a6242097ae959254dc72b16f9e37a9bb77 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 22 Sep 2025 10:19:26 +1000
Subject: [PATCH 15/18] Update to separate customer and founder settings.
---
.../self-serve-sso/add-sso-self-serve.mdx | 29 ++++++++++++++-----
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index c01669194..69f33da82 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -41,7 +41,7 @@ Your business customers who have their own organizations in Kinde can set up and
- Ensure that you have switched on the option in the [self-serve portal settings](/build/set-up-options/self-serve-portal-for-orgs/)
- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/). They need to be an Admin.
-- Add a domain to the verified domains list for the org (see below).
+- Add a domain to the verified domains list for the org (see below). Connections can only be set up for verified domains.
### Add a verified domain to the customer organization in Kinde
@@ -53,7 +53,7 @@ This is like pre-setting the home realm domain for a connection.
4. In the **Verified domains** text field, add the customer's domain or domains. Add each on a new line. Make sure you include only the domain, e.g. `mybusiness.com` and not the full domain URL such as `http://www.mybusiness.com`.
5. Select **Save**.
-## Add an SSO connection via the self-serve portal
+## Add an SSO connection via the self-serve portal (Instructions for end-users)
Provide these instructions to the customer in case they need assistance.
@@ -61,11 +61,26 @@ Provide these instructions to the customer in case they need assistance.
2. Select **Add connection**.
3. Select the connection type and then select **Next**. The configuration dialog opens.
4. Add a name for the connection - this name will be shown to end users when they sign in.
-5. Select the domains that are allowed to use this connection.
-6. Complete the other fields with details from your IdP, e.g. **Entity ID**, provisioning options, mapping, certificates, etc.
-7. Copy the **ACS URL** - you will need to add this to your IdP application.
-8. If you are ready to, **Enable the connection**.
-9. Select **Save**.
+5. Complete the other fields with details from your IdP, e.g. **Entity ID**, provisioning options, mapping, certificates, etc.
+6. Copy the **ACS URL** - you will need to add this to your IdP application.
+7. Select **Save**.
+
+## Finish setting up the connection for the organization (Instructions for Kinde admin)
+
+There are some enterprise connection functions that are only configurable by you in Kinde. After the customer has entered their details, you can finish setting up the connection.
+
+Open the connection in Kinde and adjust any of the following settings (if relevant):
+- **Create a user record in Kinde** - Add users if they do not exist when signing in. This is switched on by default.
+- **Always show sign-in button** - Show the SSO button on the app home screen. This is switched on by default.
+- **Auto-add users** - Allows users to join the organization if their credentials are accepted. Default is switched on.
+- **Upstream params** - these have the following default, but more can be added at the customer's request.
+ ```txt
+ {
+ "login_hint": {
+ "alias": "login_hint"
+ }
+ }
+ ```
## Enable or disable a connection
From fc1bbc54dd8d2470f19cd68a5794d0c0557829e1 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Wed, 24 Sep 2025 08:47:58 +1000
Subject: [PATCH 16/18] Update add-sso-self-serve.mdx
---
.../authenticate/self-serve-sso/add-sso-self-serve.mdx | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index 69f33da82..6d4c21ea2 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -82,6 +82,14 @@ Open the connection in Kinde and adjust any of the following settings (if releva
}
```
+## Make the connection available to end-users
+
+This is the process for end-users to make the connection live. It can also be enabled in the Kinde admin.
+
+1. Open the connection configuration dialog via the self-service portal (end users).
+2. Select the **Enable for organization** option.
+3. Select **Save**.
+
## Enable or disable a connection
1. Navigate to the self-serve portal and select **SSO**.
From a4618aed3d53fac4969b3ae1c2f889e0fa46f3d0 Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Wed, 24 Sep 2025 11:52:04 +1000
Subject: [PATCH 17/18] Link fix
---
.../docs/authenticate/self-serve-sso/add-sso-self-serve.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index 6d4c21ea2..b7f292edf 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -39,7 +39,7 @@ Your business customers who have their own organizations in Kinde can set up and
## Before an organization can set up a SSO connection
-- Ensure that you have switched on the option in the [self-serve portal settings](/build/set-up-options/self-serve-portal-for-orgs/)
+- Ensure that you have switched on the option in the [self-serve portal settings](/build/self-service-portal/self-serve-portal-for-orgs/)
- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/). They need to be an Admin.
- Add a domain to the verified domains list for the org (see below). Connections can only be set up for verified domains.
From 775de826fa3d43f0832fbfa284ccfef52f95156b Mon Sep 17 00:00:00 2001
From: ClaireM <127452294+clairekinde11@users.noreply.github.com>
Date: Mon, 29 Sep 2025 10:36:58 +1000
Subject: [PATCH 18/18] Apply suggestion from @coderabbitai[bot]
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
.../docs/authenticate/self-serve-sso/add-sso-self-serve.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
index b7f292edf..e1881a68c 100644
--- a/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
+++ b/src/content/docs/authenticate/self-serve-sso/add-sso-self-serve.mdx
@@ -37,7 +37,7 @@ This feature is only available on the [Kinde Scale plan](https://kinde.com/prici
Your business customers who have their own organizations in Kinde can set up and manage their own SSO connections. This can save time going back and forth trying to get app credentials configured. Instead, your customer (who is the Identity Provider for their users) can set up an app and use the credentials to configure a connection. While you manage Kinde settings as the Service Provider.
-## Before an organization can set up a SSO connection
+## Before an organization can set up an SSO connection
- Ensure that you have switched on the option in the [self-serve portal settings](/build/self-service-portal/self-serve-portal-for-orgs/)
- Check that the person setting up the connection has the [right role and permissions](/manage-users/roles-and-permissions/user-roles/). They need to be an Admin.