Why It Matters
Kinde is the only auth platform that bundles billing (Stripe-powered subscriptions, usage-based pricing, plan management) and feature flags alongside authentication. For SaaS founders, this means one vendor instead of three — plus a unique pricing model where paying customers offset MAU costs.
What It Actually Does
Every capability explained in plain English — so you know exactly how Kinde handles authentication, user management, and security for your product.
Built-In Billing & Subscriptions
Stripe-powered billing module: subscription plans, usage-based pricing, feature-based entitlements, customer self-serve portal (upgrade/downgrade/cancel), metered billing, and multi-language pricing tables. 0.7% transaction fee at base, decreasing with higher plans.
Add subscription billing to your SaaS without integrating Stripe yourself. Kinde handles plans, upgrades, downgrades, cancellations, and even shows pricing pages to your customers — all built in.
Feature Flags
Built-in feature flag system: boolean, string, number, and JSON flags with per-user, per-organization, and per-environment targeting. Server-side evaluation, API control, access token embedding, and dashboard management.
Roll out new features to specific users or organizations without deploying new code. Test features with internal teams before releasing to everyone — all managed from Kinde's dashboard.
Internationalization
Multi-language authentication screens with support for 20+ languages, eastern name order, right-to-left languages, and bring-your-own translations. Open-source translation files for community contributions.
Your login and sign-up pages automatically work in multiple languages. Kinde handles the translations, including right-to-left languages like Arabic and Hebrew.
Organizations & Multi-Tenancy
B2B multi-tenant organization management: per-org branding, custom authentication methods per org, custom properties, feature flags per org, roles and permissions per user per org, custom domains per org (Scale plan), and domain-based auto-join.
Each business customer gets their own space with custom branding, login methods, and team permissions. On higher plans, they can even have their own custom domain.
Enterprise SSO (SAML)
SAML 2.0 enterprise SSO supporting Okta, Azure AD (Entra ID), Google Workspace, and any SAML provider. Home realm discovery, just-in-time provisioning, and self-service configuration for customer IT teams.
Enterprise customers log in through their company's identity provider. Kinde supports all major providers and can automatically create user accounts when employees sign in for the first time.
Attack Protection
DDoS protection, brute force password protection, account enumeration protection, Cloudflare bot protection (via custom domain proxy), WAF integration, and third-party threat intelligence support.
Kinde automatically blocks common attacks — brute force password guessing, DDoS floods, and bot sign-ups — without you configuring anything.
Machine-to-Machine (M2M) Auth
M2M token authentication with API authorization, multiple audiences, custom claims, feature flags in tokens, metadata/properties, token lifetime customization, and application secret rotation with dual-secret mode (Pro+).
Secure communication between your backend services and APIs — not just human users. Kinde handles the API keys and permissions for server-to-server communication.
Custom Page Designer
No-code page customization using Liquid templates, React components, or raw CSS. GitHub integration for version control, preview mode (Plus plan), runtime logs, light/dark mode support, and full branding control.
Customize your login pages to match your brand perfectly — using drag-and-drop templates, React code, or simple CSS. Preview changes before they go live.
Why Teams Choose Kinde
The key advantages that make Kinde stand out for authentication and user management.
Only Platform with Built-In Billing
Stripe-powered subscriptions, usage-based pricing, feature entitlements, and self-serve customer portal — all bundled with auth. No separate billing integration needed.
Built-In Feature Flags
Feature flag system integrated with auth — target by user, organization, or environment. No need for a separate LaunchDarkly or PostHog subscription.
Unique Pricing Model
10,500 free MAU forever. When you use Kinde billing, customers paying more than $4/month don't count toward MAU — effectively making your paying users free.
Built-In Internationalization
20+ languages, RTL support, eastern name order, and custom translations out of the box. Most auth platforms treat localization as an afterthought.
Advanced Organization Features
Per-org branding, auth methods, feature flags, MFA policies, custom domains, and email senders. The deepest per-organization customization on any managed auth platform.
ISO 27001 Certified
ISO 27001 certification with SOC 2 attestation. Compliance documentation available from day one — not locked behind enterprise contracts.
Under the Hood
A plain-language breakdown of what Kinde can and can't do — so you know exactly what you're getting.
Email & Password
Traditional username/password login with automatic password hashing and breach detection.
Magic Links
Passwordless login via email — click a link insted of typing a password.
Social SSO
One-click login with Google, GitHub, Apple, and other social accounts your users already have.
Passkeys / WebAuthn
Biometric login (fingerprint, Face ID) — the most secure and convenient authentication method available.
Passwordless Login
SMS codes, email OTPs, and other methods that eliminate passwords entirely.
Multi-Factor Auth (MFA)
Require a second verification step — even if a password is compromised, the account stays protected.
TOTP (Authenticator Apps)
Support for Google Authenticator, Authy, and other time-based one-time password apps.
SMS OTP
One-time passcodes sent via text message for verification or as a second factor.
Bot Protection
Machine-learning detection to block fake sign-ups, disposable emails, and automated abuse.
Rate Limiting
Automatic throttling of login attempts to prevent brute-force attacks.
Enterprise SSO
Let enterprise customers log in through their corporate identity provider (Okta, Azure AD, Google Workspace).
SAML 2.0
Industry-standard protocol for enterprise single sign-on — required by most large organizations.
OpenID Connect (OIDC)
Modern identity layer on top of OAuth 2.0 — used by Google, Microsoft, and most identity providers.
Audit Logs
A record of who signed in, when, and from where — essential for compliance and security monitoring.
User Management Dashboard
Admin panel to view, search, edit, ban, and manage all your users without writing code.
Organization Management
Multi-tenant team workspaces — create orgs, invite members, assign roles, and manage billing per org.
Role-Based Access Control
Define custom roles (admin, editor, viewer) with fine-grained permissions for who can do what.
Multi-Tenancy
Isolate data and configuration per organization — essential for B2B SaaS products.
User Impersonation
Log in as any user to debug issues or provide support — without asking for their password.
Pre-Built UI Components
Drop-in sign-up, sign-in, profile, and org management components — ship auth UI in minutes, not weeks.
Custom UI / Headless
Build your own login UI from scratch using the API directly — full design freedom.
Webhooks
Real-time notifications when users sign up, update profiles, or change organizations.
Session Management
Automatic token rotation, device tracking, and configurable session lifetimes.
Machine-to-Machine (M2M)
API keys and service tokens for server-to-server communication without a human user.
Custom Domains
Host the auth flow on your own domain — no redirects to a third-party login page.
Custom Claims / Metadata
Attach arbitrary data to user tokens — roles, plan type, feature flags — accessible in every API request.
Full-Stack Frameworks
Frameworks where the SDK handles both server and client — middleware, SSR helpers, and edge runtime.
Frontend Libraries
Client-side SDKs for building custom auth UIs in single-page apps and browser extensions.
Backend SDKs
Server-side libraries for token verification, user management, and webhook handling.
Mobile SDKs
Native and cross-platform SDKs for iOS, Android, and React Native apps.
Deployment Model
Where the service runs. Cloud-only = fully managed; Self-hosted = you run it; Hybrid = both options.
License
Whether the code is open source or proprietary. Open source means no vendor lock-in.
Founded
When the company or project was started — indicates maturity and track record.
Maintained By
The company or community behind the project.
Social Login Providers
One-click social sign-on providers supported by Kinde — let your users log in with accounts they already have.
13 providers supported. Custom OAuth2/OIDC providers can also be configured.
Best For
Product types and use cases where Kinde delivers the most value — based on its feature set, compliance story, and multi-tenant capabilities.
SaaS & Subscription Products
The only auth platform with built-in billing. Subscription plans, usage pricing, feature flags, and multi-tenancy in one dashboard — purpose-built for SaaS founders who want to ship fast.
B2B Platforms
Advanced organization features: per-org branding, auth methods, feature flags, roles, custom domains (Scale), and enterprise SSO. B2B multi-tenancy is a first-class feature, not an afterthought.
Startups & MVPs
10,500 free MAU forever with MFA, organizations, and billing included. When you use Kinde billing, customers paying more than $4/mo don't count toward your MAU — a unique cost advantage.
Developer Tools
Feature flags + auth is a natural fit for developer tools rolling out capabilities incrementally. M2M auth and API keys (Pro) support CLI and API authentication patterns.
E-Commerce
Social sign-in, passwordless, and internationalization cover global e-commerce needs. Billing module can handle subscription products but is not a full e-commerce payment processor.
Healthcare & Finance
ISO 27001 certified. SOC 2 attestation available on Pro+. However, no HIPAA BAA available, and cloud-only model limits data sovereignty options for highly regulated industries.
Pricing Plans
Kinde pricing breakdown — so you know exactly what you're paying for and which plan fits your product.
Free
- 10,500 monthly active users
- Email, SMS, and social login
- Multi-factor authentication (MFA)
- B2B organizations (5 included)
- Custom domain
- Internationalization
- Billing & subscriptions (0.7% fee)
- 2 custom roles, 10 permissions
- 10 feature flags
Pro
Most Popular- Everything in Free
- Uncapped MAU, orgs, and M2M tokens
- Unlimited roles, permissions, and feature flags
- API keys
- Remove Kinde branding
- SOC 2 attestation report
- BYO SMS provider
- Google Analytics integration
Plus
- Everything in Pro
- Free enterprise SSO
- 6% MAU discount
- API permissions (scopes)
- Organization-owned M2M apps
- 6 environments
- Domain restrictions
- Hotjar user analysis
Scale
- Everything in Plus
- 13% MAU discount
- Custom domain per org
- Custom email sender per org
- Org-level MFA enforcement
- 11 environments
- SCIM directory sync (coming soon)
- Full ISO 27001 reports
Pricing is approximate and may vary. Visit Kinde's pricing page for the latest details.
Honest Trade-Offs
No technology is perfect. Here are the real limitations of Kinde — so you make an informed decision, not a surprised one.
| Trade-Off | Impact | Details |
|---|---|---|
| No Passkey / WebAuthn Support | Medium | Kinde does not currently support passkeys or WebAuthn as an authentication method. For products prioritizing passwordless biometric login, this is a notable gap. |
| Cloud-Only — No Self-Hosting | Medium | Kinde is a fully managed SaaS with no self-hosted option. Organizations with strict on-premises requirements or air-gapped environments cannot use Kinde. |
| Younger Platform (Founded 2023) | Medium | Kinde is relatively new compared to Auth0 (2013) or Clerk (2020). While feature-rich, long-term stability and enterprise support maturity are still being proven. |
| Billing Module Transaction Fee | Medium | Kinde charges 0.5–0.7% per transaction on top of Stripe's fees. For high-volume billing, this adds up — though the free MAU offset for paying customers can compensate. |
| SCIM Not Yet Available | Low | SCIM directory sync is listed as 'coming soon' on the Scale plan. Enterprise customers requiring automated user provisioning from Okta or Azure AD must wait. |
| No User Impersonation | Low | Unlike Clerk or Auth0, Kinde does not provide user impersonation for support teams. Debugging user issues requires alternative approaches. |
Kinde does not currently support passkeys or WebAuthn as an authentication method. For products prioritizing passwordless biometric login, this is a notable gap.
Kinde is a fully managed SaaS with no self-hosted option. Organizations with strict on-premises requirements or air-gapped environments cannot use Kinde.
Kinde is relatively new compared to Auth0 (2013) or Clerk (2020). While feature-rich, long-term stability and enterprise support maturity are still being proven.
Kinde charges 0.5–0.7% per transaction on top of Stripe's fees. For high-volume billing, this adds up — though the free MAU offset for paying customers can compensate.
SCIM directory sync is listed as 'coming soon' on the Scale plan. Enterprise customers requiring automated user provisioning from Okta or Azure AD must wait.
Unlike Clerk or Auth0, Kinde does not provide user impersonation for support teams. Debugging user issues requires alternative approaches.