Delegated User Management

I'm not sure if there is. Someone more knowledgeable or from Kinde might have better insight.

There's two ways of handling it to my knowledge.

1. Create a custom UI using Kinde's Management API which I believe is the way most people handle this.
2. If you are using SSO with something like Microsoft Entra (which Kinde supports) an enterprise organisation could in theory control their RBAC from their identity provider (through group / role assignment) and this would come downstream to Kinde. It's been my experience this is preferential to many enterprise orgs I've worked with in the past so it's not another system that their IT team needs to log into.

Another option similar to 2, would be SCIM which allows the copying of user data from one identity provider to another. I believe support for this is on Kinde's roadmap.

The Microsoft Entra option would obviously depend on what the different upstream identity providers support.

In terms of directly giving organisation users access to Kinde and being able only restrict them to their org I don't believe it's supported (but could be wrong on that count)

Thanks for the thoughts! The need is to allow members of our company to manage users, and nothing else in the admin portal. We have a lot of small businesses that will be in our Kinde implementation to authenticate with our apps that use Kinde. They don’t have Entra ID, for example.

Thanks for weighing in here @Stephen.

@Hans Dickel - I would love to dive into your use-case a bit further.
Do you want only a subset of users to manage all users in a given tenant/org?
Are you able to elaborate on your use-case a bit more.

Yes, I want a subset of users specified as being part of the Team (Settings > Team) to manage organizations and users as part of their job of managing customer access to our systems leveraging Kinde OAuth2. Ideally this would also be environment-specific, but this is a lesser important consideration.

I don't want them to have access to the overall system (they shouldn't be able to manage environments or applications, for example). So, essentially, being able to provide role management via Team to specific users in our organization, beyond admin and owner.