Delegated User Management
Is there a way, within the /admin area, to delegate user management within a given environment, but not allow them to administer the rest of the "tenant"? For enterprise-based scaling, this is critical.
1 Reply
I'm not sure if there is. Someone more knowledgeable or from Kinde might have better insight.
There's two ways of handling it to my knowledge.
1. Create a custom UI using Kinde's Management API which I believe is the way most people handle this.
2. If you are using SSO with something like Microsoft Entra (which Kinde supports) an enterprise organisation could in theory control their RBAC from their identity provider (through group / role assignment) and this would come downstream to Kinde. It's been my experience this is preferential to many enterprise orgs I've worked with in the past so it's not another system that their IT team needs to log into.
Another option similar to 2, would be SCIM which allows the copying of user data from one identity provider to another. I believe support for this is on Kinde's roadmap.
The Microsoft Entra option would obviously depend on what the different upstream identity providers support.
In terms of directly giving organisation users access to Kinde and being able only restrict them to their org I don't believe it's supported (but could be wrong on that count)