Billing and then some…

Optional credit card collection for billing plans

You now have full control over whether credit card details are collected when users sign up for your billing plans. A new toggle in plan settings lets you turn card collection on or off when you are offering free plans – so you can maximize signups with a frictionless flow, or capture cards upfront for smoother upgrades later.

Charging for paid plans with non-zero pricing still requires a card automatically.

Learn more about configuring your billing plans.

Allow special characters in usernames

You can now enforce your own rules for usernames during sign-up or sign-in. Using the user:new_username_provided workflow trigger, you can validate, transform, or apply policies to usernames before they're accepted.

Filter out profanity, protect reserved usernames like "admin" or "support", enforce format requirements for special characters, or check availability against external systems. Your workflow can allow the username, deny it with a custom error message, or block it silently for security-sensitive rejections.

This complements the existing password triggers to give you complete control over credential validation. Get started with username workflows.

Other new functionality we have rolled out

Custom OAuth2 is generally available
Connect any OAuth2-compliant identity provider for social sign-in, not just the pre-built options like Google, GitHub, or Microsoft. Configure your own authorization endpoints, token URLs, scopes, and user profile mappings. Useful for internal IdPs, regional providers, gaming platforms, or any OAuth2 implementation Kinde doesn't have built-in support for. Available from 1st December. See the docs.

SAML Single Logout is generally available
SAML connections now support single logout. When enabled, logging out of your application automatically logs the user out of all applications connected to the same identity provider. Configure your IdP's logout endpoint URL and add Kinde's callback URL to your IdP settings. Useful for enterprise security, shared workstations, and compliance requirements where coordinated logout is needed. Available from 1st December. See the docs.

Export access requests
Data exports now include access request records. You'll get an access_requests.ndjson file with users who requested access but didn't complete signup – useful for compliance audits, migrations, and analyzing signup funnel drop-offs. See the docs.

Organization-scoped SSO connections
SSO connections now include organization context in their identifiers. This enables organization-owned SSO configurations in the self-serve portal, so enterprise customers can set up their own identity provider connections without admin intervention.

Allowed domains in Organization API
The Get Organization endpoint now returns allowed_domains in the response. Use this to display permitted email domains before signup, validate domains client-side, or keep domain policies in sync with external systems. See the endpoint

Custom domain support in portal
The self-serve portal now fully supports custom domains. Portal URLs and SSO callbacks use your branded domain instead of the default Kinde URL – so your users see auth.yourdomain.com throughout the authentication flow.

SDKs

Here's what got updated across our SDKs in November:

• New features in NextJS and Expo frameworks

• Ranges of fixes across manage SDKs.

Subscribe to feature releases

Subscribe to items on our roadmap and find out first when the features you want are available to use! View the roadmap.

Find your community on Slack or Discord

Join the Kinde community on Slack or the Kinde community on Discord for support and advice from our team and other legends working with Kinde.