Hello everyone!
I have a few questions that I would really appreciate if you could answer as soon as possible:
- Is it possible for Kinde to function as a single IdP for my website (built with Framer) and allow SSO via OIDC/OAuth?
- Does Kinde allow the discovery of new IdPs registered by organization?
- Can each organization connect via SAML/OAuth2/OIDC with the final IdP?
The flow I imagine would look something like this:
Framer ---- Kinde --------------- Org1 IdP
(Identity proxy + discovery)
|--------------------- Org2 IdP
|--------------------- Org3 IdP
Additionally, I am not 100% clear if it is mandatory for the user to be pre-registered in Kinde (my clients), meaning if
Just-in-Time Provisioning is supported, which allows user accounts to be created on the fly with the data transmitted by the IdP, both in Kinde and in my final app.
In terms of security, I need to know if the service guarantees that domains from one organization (e.g., Organization A) cannot access Organization B, specifically in the enterprise plan.
Example:Imagine you have two clients: Amazon and Google.
Amazon users are:
Google users are:
I need a way to limit in the app so that
@amazon.com users can only authenticate in Amazon's IdP, and
@google.com users can only authenticate in Google's IdP.
Otherwise, it could happen that Google's admin creates
user1@amazon.com in their IdP, and in doing so impersonates Amazon's user. Does that make sense?
