DEV Community: Kinde

Collective cyber protection: How customer penetration testing boosts Kinde security

Alex Norman — Fri, 17 Oct 2025 22:21:51 +0000

As an authentication provider, we are the front door for our customer’s product and a critical part of their product access and security. So when a customer conducts penetration testing (pen testing) and security testing, and shares the results with us, we reward their efforts. Especially if their testing helps us improve Kinde for other customers.

Customer pen tests offer diversified use cases

A lot of our customers operate in highly regulated industries, such as healthcare, finance, and local government, which have a variety of compliance and security requirements to protect user and product data. A common requirement for these business types is to conduct a penetration test at least annually. One part that will always be tested is how users authenticate with the product.

While using Kinde’s authentication helps streamline testing for our customers, the varied context of their testing gives us a broad test feedback for different cases. For example, each customer implements different SDKs, stores code differently, and handles the application state in various ways. What occurs post-authentication is also varied, giving us perspectives we might otherwise not have.

Kinde pen tests and vulnerability detection

At Kinde, we perform a pen test at least annually, and do additional random testing when there’s new major functions or features added to our product. In addition to the penetration test, we also perform weekly vulnerability scans, on-demand scans based on recently published vulnerabilities, and run a vulnerability disclosure program. These all help contribute towards securing customer authentication for ourselves and our customers.

You can read a bit more about this on our blog at Fixing vulnerabilities and getting the occasional white hat helper and Using Strike for penetration testing at Kinde.

Rewards for combining our pen testing power

The customers who conduct penetration tests throughout the year and share the results deserve more than just a thank you or a virtual high five. By providing critical test data, these highly reputable security companies and organizations, help keep auth secure for everyone who uses Kinde.

How to give us test feedback

If you’re a Kinde customer and have completed a penetration test where the authentication was in scope, please reach out to our team via support@kinde.com.

We ask for you to provide details on the tests, as well as any additional info to help us recreate your environment (SDK, active auth methods, etc.), if a vulnerability is found. Here’s the process on our side.

A customer provides a shortened or sanitised version of a pen test report showing evidence of Kinde’s authentication flows being tested and validated.
The Kinde team analyse and validate, and if vulnerabilities were found, offer quick remediation to address security concerns.
Any advice or remediation we provide can then be included in your final testing reports.

Kinde credits for a copy of the report

In return for a sanitised or truncated copy of the penetration test report, we offer credits to your Kinde account. We don’t want the full report since it likely contains intellectual property and sensitive data.

💵	A credit for one month of your base plan will be applied to your account	💵

A credit for one month of your base plan will be applied to your account. So the Pro plan will be $25, Plus plan $75, and Scale and Enterprise plans $250. We will still apply credits for a penetration test report even if there weren’t any actual findings related to Kinde, just as long as the authentication is in the scope.

Maybe some swag too

If the penetration test finds any vulnerabilities that could impact the security of our authentication, we will send the testing company some swag and list them on our Security wall of fame.

Credits and swag are solely at the discretion of the Kinde team. We will only credit one test per year.

Everyone wins from collective cybersecurity

Cybersecurity works best when everyone’s working together. That’s why we openly recognize the customers who contributes to the overall security of Kinde.

If you’re new to Kinde, check out our starter kits and SDKs to get off the ground quickly.

For advice and feedback, join one of our public communities or search for answers in our documentation. Or if you have bigger questions, book a demo with one of our amazing team members.

Connections and workflows updates in September

Claire Mahoney — Tue, 30 Sep 2025 07:58:24 +0000

Here’s what went out in September:

Custom OAuth2.0/OIDC connections
Single logout for MS Entra SAML connections
New workflow templates
SDK and API updates

Full details are available in the latest Release Notes. Subscribe to hear things first.

Kinde support

💬 Ask the Kinde team in the #support channels in Slack or Discord

🚘 Follow our roadmap

Kinde monthly office hours

Claire Mahoney — Wed, 10 Sep 2025 00:37:38 +0000

We're thinking of making our recent 'office hours' broadcast a monthly thing.

It's an opportunity to talk to customers directly, solve problems, show features, talk troubleshooting, and lots more.

Oli and Daniel are open to suggestions on what to discuss and we promise - no sales - just devs showing you how things work.

Check out the August office hours recording

Suggest topics and sign up for notifications

UK afternoon broadcast to cover Europe and US.

Kinde new features in August

Claire Mahoney — Tue, 02 Sep 2025 01:39:38 +0000

Here’s what went out in August:

Support for Device authorization flow
Self-serve API keys for users and orgs
Team member roles (paid plans)
Import users in NDJSON format
Pricing table update and bug fixes
SDKs: iOS, Python, PHP, React, Nuxt, Go (coming soon)

Almost here:

Self-serve SSO connections
Kinde CLI

Full details are available in the latest Release Notes. Subscribe to hear things first.

💬 Join the Kinde community on Slack or Discord

Kinde in 60 seconds (ish): Billing

Alex Norman — Mon, 01 Sep 2025 04:52:08 +0000

Billing without building it yourself.

Kinde billing is a fully integrated feature with the existing authentication platform that allows developers to manage payments and subscriptions for their SaaS products. Simplify the process by handling a variety of billing models, including both flat-rate and usage-based plans, and provide a hosted customer portal for users to manage their own subscriptions.

In just 60 seconds (ish), you’ll see how you can:

Create pricing plans
Gate features with entitlements
Handle upgrades, downgrades, and cancellations
Let users manage their subscriptions via the self-serve portal

It’s everything you need to go from idea to revenue, fully integrated with your authentication flow.

It Kinde of works: Part 2 of many

Alex Norman — Thu, 28 Aug 2025 21:23:57 +0000

The Kinde of posts are to highlight how Kinde's authentication can be used in fun and unproductive ways. This series will step through things like using our starter kits, workflows, properties, feature flags, custom UI, and a bunch of other features. The demo website has no real purpose, but we're going to try and get you to like and subscribe to our the company's LinkedIn profile amongst other things.

This is not a reflection of Kinde and is strictly a fun side project.

Please comment if there's any parts of Kinde you would like us to bash out or feedback on how to make this demo site more unusable.

Kinde of

Go to the site Kinde of to see the latest iteration, which may have already evolved from the time you've read this post :)

Here's a quick video taken at the time of this post.

Kinde features used

We leaned almost entirely on Kinde's custom UI with a custom auth domain to create this amazing iteration of our Kinde of masterpiece.

If you want to try fully customising the auth pages yourself, please refer to the custom UI documentation. We also have some open source starter kits with custom UI examples to help give you some inspiration.

One of our excellent engineers, Peter, also put together a Youtube video setting up a custom UI with one of our open source starter kits.

Demo highlights

This round has been focused on making an auth page mega game with a retro console homepage glow up, leaving the post-auth page with the blissful look.

The original intention was to use a wheel of fortune type wheel spinner where the selected box would be the auth you were forced to use. Maybe next time :)

But while hunting for Windows XP inspiration, we came across the classic Minesweeper game. But because this is a full auth mode implementation, our version will be called Kindesweeper.

The initial game is mostly working and requires you to find the auth method. Clicking on the emoji will reset the board and make you start again. Other UI elements like the minimise, maximise, and close buttons look nice, but do nothing.

We've also done a full restyling of the Google, Facebook and email OTP buttons to fit our Kindesweeper theme.

Who knows what's next?

Total cost of B2B CIAM: A small enterprise case study in 2025

Alex Norman — Thu, 28 Aug 2025 00:03:00 +0000

In the B2B CIAM (Customer Identity and Access Management) space, it can be hard to compare the full cost of technology choices before you invest. You need to measure them side by side.

This article explains how Kinde offers the best value for money compared to WorkOS using a common scenario to compare the two.

Scenario: Your company sells a B2B product to 150 organisations where most of the customers require single sign on (SSO) to their own enterprise directory for roughly 10,000 users total.

Let’s compare Kinde and WorkOS.

Kinde is best value with the right B2B features built-in

Kinde offers a clear and scalable B2B pricing model, which charges for monthly active users (MAU) and monthly active organizations (MAO). With this model, you only pay for the users and organizations that authenticate within your billing month. Enterprise connections to the customer's identity provider (IdP) are free, so go ahead and make as many as you need to suit their identity and security requirements. See Kinde's pricing page for more details.

Kinde price calculation

150 Organizations (50 included, 100 = $43.00 MAO)
75 Enterprise connections (included)
10k users (included)
Custom domain (included)

Kinde Scale plan for $250 per month + $43.00

A significant feature of the Kinde Scale plan is that enterprise connections are included at no additional cost, regardless of the number of connections.It is also important to note that a custom domain, which is crucial for brand consistency, is also included in all paid plans at no additional cost.

Total cost of Kinde $293.00 USD per month

Extras features on the Kinde plan

Kinde Scale plan base price also includes additional B2B features.

Comprehensive design customizations with a custom domain, custom sign in pages, and custom designs via code to ensure that the entire experience in on brand.
Customize auth tokens, enrich the auth flow with data from third party providers, or provide custom logic using workflows.

WorkOS is a strong platform with enterprise pricing

A prominent competitor in the B2B CIAM space, WorkOS, offers a different pricing structure, primarily focusing on charging for enterprise connections.

Their pricing for Single Sign-On Enterprise SAML & OIDC authentication with any identity provider is volume-based, with the cost per connection decreasing as the number of connections increases. See WorkOS's pricing page for more details.

WorkOS price calculation

150 Organizations (Included)
75 Enterprise connections ($88.00 each)
10k users (included)
Custom domain ($99.00)

For a company with 75 enterprise connections, the price is $88 per connection per month including their volume discount for usage. This means users are paying a premium for each connection per month, plus a fee for a custom domain to align with your brand.

The total monthly price for WorkOS is $6,699.00 USD.

Price summary Kinde and WorkOS

To provide a clear overview, the table below summarizes the monthly costs for both providers based on the needs of a small enterprise with 150 customer organizations and 75 enterprise connections.

Feature	Kinde	WorkOS
Cost for 150 Customer Orgs (MAO)	$293.00	$0.00
Cost for 75 Enterprise Connections	$0.00	$6,600
Custom Domain	$0.00	$99.00
Total Monthly Cost	$293.00	$6,699.00

Conclusion

The choice between these two pricing models highlights a key difference in pricing philosophy.

Kinde's platform approach bundles key B2B identity features into a single solution, with pricing that scales based on organizations and users.

In contrast, WorkOS's model segments services, leading to a much higher cost as more enterprise features are added. For a small enterprise working in the B2B space, the significant cost difference could be a decisive factor in selecting a CIAM solution that not only meets their technical requirements but also aligns with their budget.

Get started now. Boost security, drive conversion and save money in just a few minutes with Kinde.

Start for Free - Watch a demo

Kinde in 90 seconds: Customer auth self-serve portal

Alex Norman — Wed, 27 Aug 2025 00:37:55 +0000

Kinde’s self-serve portal feature gives your business customers and end-users the power to manage their own account within your app. This includes being able to update basic account details, change plans and payment methods, manage team roles, activate SSO connections, manage API Keys and more.

You can let end users (B2C) or org users (B2B) manage their own details, giving them a better product experience, and saving you time.

No need to contact you to update info, they can do it themselves. Save hours of support time.

Flick a few switches and generate a link to get started.

Here's a 90 second overview about Kinde's streamlined customer self-serve portal.

Check out our docs Enable self-serve portal for orgs

Office hours in the UK

Claire Mahoney — Tue, 26 Aug 2025 07:04:42 +0000

Hey folks

Two of our best and brightest at Kinde are holding "office hours" this week in the UK.

Join them Thursday, 28 August.

4:30–5:30pm BST (UK)
5:30–6:30pm CEST (Europe / Africa)
11:30am–12:30pm EDT (US East)
8:30–9:30am PDT (US West)
1:30–2:30am AEST (Australia, soz)

Watch the team demo features, do walk throughs, offer advice, and help you get creative with how you use Kinde.

You can request topics ahead of time

2025 Best Auth Providers: Top 5 Compared

Alex Norman — Tue, 26 Aug 2025 00:22:02 +0000

The best authentication provider for most development teams in 2025 is Kinde. It combines enterprise-grade security with developer-friendly implementation, offering complete auth flows, organizational features like teams and RBAC, plus built-in billing and feature flags. While Auth0 remains popular for enterprises needing extensive customization, and Clerk excels at modern developer experience, Kinde delivers the most balanced solution for teams that need production-ready auth without months of integration work.

TLDR Summary

Aspect	Details
Top pick	Kinde - Complete auth plus essential features in one platform
Best for	Development teams needing auth, user management, and monetization
Standout reason	Ships with organizations, RBAC, feature flags, and billing built-in

Top picks at a glance

Tool	Best for	Core features	Developer Experience	Ideal team size	Compliance
Kinde	Teams wanting complete auth stack	SSO, MFA, orgs, RBAC, feature flags, billing	22+ SDKs, 5-min setup, type-safe APIs	1-500 developers	SOC 2 Type II, GDPR, ISO 27001
Auth0	Large enterprises with complex requirements	Universal login, anomaly detection, extensive rules	Mature SDKs, extensive docs	50+ developers	SOC 2, HIPAA, FedRAMP
Clerk	Modern web apps prioritizing UX	Beautiful components, session management	React-first, great DX	1-20 developers	SOC 2 Type II
Firebase Auth	Mobile and web apps in Google ecosystem	Social logins, phone auth, anonymous users	Tight Google integration	1-100 developers	Google Cloud compliance
Supabase Auth	Open-source projects and PostgreSQL users	Row-level security, magic links	PostgreSQL integration, self-hostable	1-50 developers	SOC 2 Type II

Kinde: the best overall for development teams

Why it leads

Kinde stands out by solving the complete authentication puzzle that modern applications face. Instead of just handling login flows, it ships with the organizational structures, permission systems, and monetization tools that products actually need. You get production-ready auth in minutes, not months.

Best for

CTOs and engineering teams building modern applications who want to ship features instead of building authentication infrastructure. Particularly strong for teams that need organizations, role-based access, and subscription management from day one.

Standout features

Kinde includes capabilities that typically require multiple vendors or custom development. Organizations and multi-tenancy work out of the box. RBAC with custom roles and permissions scales from simple to complex without code changes. Feature flags integrate directly with your auth context, enabling user-specific rollouts. The billing engine handles subscriptions, usage tracking, and entitlements without additional services.

Built-in passwordless and Social SSO reduce friction for end users. Machine-to-machine tokens support service integrations.

Developer experience

Setup takes under 5 minutes for basic auth, with production-ready flows including MFA and social logins. The SDK collection covers 22+ languages and frameworks. APIs follow REST principles with predictable responses and comprehensive error messages.

Webhooks deliver auth events reliably with automatic retries. The admin API enables full automation of user and organization management. Live environments help test auth flows without affecting production.

Pricing approach

Transparent pricing starts free for up to 10,500 monthly active users. The free tier includes all core features: organizations, custom domains, and standard support. Paid plans scale predictably based on MAU with no surprise overages. Enterprise agreements offer custom rates and SLAs.

Quick start

Get started with Kinde in minutes. Create your account, choose your SDK, and implement production auth today. [link]

Other strong options

Auth0: Enterprise customization champion

Auth0 remains the authentication heavyweight for enterprises needing maximum flexibility. The platform handles complex scenarios through its Rules engine and extensive customization options.

Best for: Large enterprises with dedicated identity teams and complex compliance requirements.

Core features: Universal Login provides consistent auth across applications. Anomaly detection blocks suspicious activity automatically. The Rules pipeline enables custom logic at any authentication stage. Extensive protocol support covers SAML, WS-Fed, and legacy systems.

Pros:

Market leader with proven scale
Extensive third-party integrations
Comprehensive documentation
Global infrastructure

Cons:

Pricing complexity increases with scale
Steep learning curve for advanced features
Implementation typically takes weeks
Support varies by pricing tier

What to watch: Auth0's acquisition by Okta brought enterprise capabilities but also enterprise complexity. Teams report frustration with opaque pricing and the time required to implement seemingly simple features.

Clerk: Modern developer experience leader

Clerk reimagines authentication with beautiful, customizable components that developers actually enjoy implementing. The platform emphasizes developer experience and modern web standards.

Best for: Frontend teams building consumer applications where authentication UX matters most.

Core features: Pre-built React components handle complete auth flows. Session management works seamlessly across devices. User profiles include metadata and custom attributes. The dashboard provides clear user insights.

Pros:

Stunning default UI components
Exceptional developer documentation
Fast implementation for React apps
Modern, intuitive API design

Cons:

Limited organizational features
Higher starting price point
React-focused ecosystem
Missing advanced enterprise features

What to watch: Clerk excels at consumer authentication but lacks depth for complex organizational scenarios. Teams needing organizations, RBAC, or enterprise SSO should evaluate carefully.

Firebase Auth: Google ecosystem integration

Firebase Authentication leverages Google's infrastructure to provide reliable auth for mobile and web applications. Deep integration with other Firebase services creates a cohesive development platform.

Best for: Teams already using Firebase or Google Cloud services who need straightforward authentication.

Core features: Social provider integration covers all major platforms. Phone authentication works globally with SMS verification. Anonymous auth enables try-before-signup flows. Custom tokens support server-side authentication.

Pros:

Generous free tier to 50K MAU
Reliable Google infrastructure
Excellent mobile SDKs
Simple integration with Firebase services

Cons:

Vendor lock-in to Google ecosystem
Limited organizational features
Basic customization options
No self-hosting option

What to watch: Firebase Auth works well for simple authentication needs but lacks features for complex organizational scenarios. Migration away from Firebase requires significant effort.

Supabase Auth: Open-source PostgreSQL integration

Supabase Auth brings authentication directly to your database with PostgreSQL row-level security. The open-source approach enables self-hosting and complete control.

Best for: Teams comfortable with PostgreSQL who want auth integrated with their database.

Core features: Row-level security policies enforce permissions at the database. Magic links provide passwordless authentication. Social logins cover major providers. JWT tokens work with existing infrastructure.

Pros:

Open source with self-hosting option
Tight PostgreSQL integration
Transparent pricing model
Active community support

Cons:

Requires PostgreSQL expertise
Limited enterprise features
Smaller ecosystem than alternatives
Documentation assumes database knowledge

What to watch: Supabase Auth shines for teams that understand PostgreSQL and want database-integrated auth. The learning curve steepens quickly for complex permission models.

How to choose the right authentication provider

Decision checklist

Technical requirements:

Which SDKs and frameworks does your team use?
Do you need SSO protocols like SAML or OIDC?
Will you implement passwordless or biometric auth?
Do you require machine-to-machine authentication?
Is self-hosting or on-premise deployment necessary?

Organizational capabilities:

Do users belong to organizations or teams?
Will you implement role-based access control?
Do enterprise customers need SCIM provisioning?
Are audit logs and compliance reports required?
Will you need custom branding per organization?

Scale and performance:

How many monthly active users do you expect?
What latency requirements exist for auth operations?
Do you need multi-region deployment?
What uptime SLA do customers require?
How will auth scale with your application?

Developer experience:

How quickly must auth be implemented?
What level of customization is needed?
Does your team have identity expertise?
How important is documentation quality?
What support response time do you need?

Commercial considerations:

What's your budget for authentication?
How predictable must costs be at scale?
Do you need transparent pricing?
Are enterprise agreements required?
What payment methods are accepted?

Methodology

We evaluated authentication providers based on real implementation experience and customer feedback. Assessment criteria included time to production, feature completeness, developer experience, scalability, pricing transparency, and customer support quality. We prioritized solutions that solve actual application challenges rather than theoretical capabilities. Providers were tested with common scenarios including user signup, organization creation, permission management, and enterprise SSO configuration.

Originally published on the Kinde blog.

Use Cursor AI to design Kinde auth UX

Alex Norman — Wed, 20 Aug 2025 10:11:09 +0000

Kinde's prodigious product manager, Oli @oliwolff1, has created a demo using Cursor to help him customise the user auth pages with his own styling.

Hosted pages

Out of the box, Kinde gives you a hosted authentication page for maximum security and minimum fuss. Everything for a straight forward and seamless auth experience is ready to go. For those of you who want to fully customise the auth pages, Kinde supports the ability to bring your own code and styles to the auth pages, which is known as custom UI.

Custom UI

You can find more information about custom UI on Kinde's documentation site at Customize designs with code.

Check out Oli's video.

Re-create it yourself

Everything done with Oli's demo can be found online publicly and can be done for free.

Create a Kinde business

One of our amazing engineers Peter has a video How to deploy a Kinde Next.js app with Vercel that would be a great place to start, which uses the Next.js app router starter kit.

Custom UI template

The template he used in the video demo can be found on Kinde's starter kits at custom-ui-splitscape.

Sign in page

Grab the image from the sign in page used in the demo. Or you want to live on the wild side, grab an image from another nice looking sign in page.

Prompt used in Cursor

And here's the prompt used in the video.

Using the Kinde custom page template and [Kinde official docs](https://docs.kinde.com), I want to update the Kinde login page with the following details:
- Use the attached image as inspiration for updating the login page
- only show email field (no password field or social connections)
- remove all logos

Requirements:
- Use Kinde's CSS custom properties system (--kinde-* variables)
- All inline styles with nonce={getKindeNonce()}
- Use valid hex color values for Kinde properties
- Style only the appearance, not the functionality

Summary

This quick video just goes to show how easy it is to setup your own look and feel to the authentication flow of your web app. Reach out the team at one of our support communities if you have any questions.

It Kinde of works: Part 1 of many

Alex Norman — Mon, 18 Aug 2025 23:41:51 +0000

This is not a reflection of Kinde and is strictly a fun side project.

Please comment if there's any parts of Kinde you would like us to bash out or feedback on how to make this demo site more unusable.

Kinde of

Go to the site Kinde of to see the latest iteration, which may have already evolved from the time you've read this post :)

Here's a quick video of the simple login process now. It'll get a lot crazier as we stack more features on it.

Tech used

The initial site uses Kinde's Next.js app router starter kit, which has auth pre-built into it. More info can be found on the Next.js App Router SDK documentation. One of our team members Peter also put together a tutorial playing around with this SDK in his Build an app with Next.js, Kinde and shadcn in 20 minutes video.

For the deployment and hosting side of things, we used Vercel since it was nice and easy.

Kinde features used

Kinde's Next.js app router starter kit and then basically nothing else :) We deployed an empty site, turned on a few authentication options and then just left it vanilla.

Demo highlights

I don't know who came up with the idea, but a decision to use Windows XP styling across the board won out. First up is the classic bliss background for the homepage and an XP desktop layout on the dashboard.

The forced LinkedIn page visit feels a bit malicious with the pop up, so we might reconsider that one in future editions.

While this first pass has put together the foundation, the next few posts will start utilising features for good.