arrow-left Back to Announcements
DATE:
AUTHOR:
The Kinde team
RELATED ROADMAP ITEMS:
Token customization
IdP-initiated SAML authentication
Authentication Brilliant basics Developer features SDK User management Highly requested

More Control, Less Friction

DATE:
AUTHOR: The Kinde team
RELATED ROADMAP ITEMS: Token customization , IdP-initiated SAML authentication

IdP-initiated SAML SSO

Users can now start their login flow directly from their identity provider portal, rather than having to begin from your application. When IdP-initiated SSO is enabled on a SAML connection, Kinde securely handles the unsolicited SAML response and gets the user into the right app with minimal friction. As a bonus, if the user's email is included in the SAML response, it's used to pre-fill the login screen so they don't have to type it again.

Suspend organizations

You can now suspend an organization instantly, blocking all its users from logging in without having to delete the org or remove users one by one. When an organization is suspended, all active tokens are revoked and sessions are invalidated immediately. It's useful for security incidents, policy violations, or any situation where you need to lock things down fast. Unsuspending restores access just as quickly.

App-level refresh token cookies

If you have multiple applications sharing a custom domain, you can now enable client-specific refresh token cookies to prevent apps from overwriting each other's tokens. When enabled, the refresh token cookie is suffixed with a unique identifier for that application, keeping things cleanly isolated. Backward compatibility is maintained — the standard cookie is still used as a fallback.

MFA recovery codes are now optional

Administrators can now control whether recovery codes are shown to users during MFA enrollment. A new toggle in both environment and organization MFA settings lets you disable recovery codes entirely if they don't fit your security model. The setting defaults to enabled, so existing behavior is unchanged unless you choose to turn it off.

Last accessed date in the org member portal

The organization members table in the self-serve portal now includes a sortable 'Last Accessed' column, giving your customers visibility into when their team members last signed in. Previously this was only available in the Kinde admin area — now it's surfaced where it's most useful too.

Minor fixes and improvements

  • The organization switcher chip list now has a maximum height with scrolling, so it no longer expands the layout when you belong to many organizations.

  • Checkbox and radio groups in dialogs now show selected items as removable chips and cap the visible list at 50 items for better performance.

  • The 'View environment MFA settings' button has been removed from the individual user MFA settings page to prevent accidental environment-wide changes.

  • The audit log page loads significantly faster thanks to a few targeted optimizations.

  • SDK improvements across a range of the Kinde SDKs

Powered by LaunchNotes