Identity providers

Cerbos authorization for Kinde

Use Kinde organizations, feature flags, and user properties to drive fine-grained authorization decisions in Cerbos policies.

Organization-scoped policies

Use Kinde organization memberships and per-org permissions as attributes in Cerbos authorization policies

Feature flags in authorization

Combine Kinde feature flags with Cerbos policies to gate access at both the entitlement and resource level

Growing with your product

Kinde handles auth and user management for startups, Cerbos adds the authorization layer as your access control needs mature

How Cerbos works with Kinde

Kinde handles authentication, confirming who a user is. Cerbos handles authorization, deciding what that user can do. Together they give you a complete access control stack without coupling identity logic to business rules.

Cerbos lets you write fine-grained, context-aware authorization policies in human-readable YAML. Policies are decoupled from application code so product and security teams can update permissions without a release cycle.

Because Cerbos runs as a stateless Policy Decision Point (PDP) next to your application, authorization checks are sub-millisecond and scale horizontally with your infrastructure.

Policy-as-codeHuman-readable YAML policies managed like source code Scalable PDPStateless policy decision point with sub-millisecond latency Centralized managementManage, test, and deploy policies from a single control plane

Authorization that grows with your Kinde-powered product

Kinde provides authentication, user management, and feature flags designed for product-led growth. Cerbos adds fine-grained authorization on top, using Kinde's organization model, user properties, and feature flags to make resource-level access decisions.

How it works

Users authenticate through Kinde, your application receives tokens containing organization context, roles, permissions, and feature flag state.
Your application passes identity data to Cerbos as principal attributes, along with the target resource and action.
Cerbos evaluates policies that reference Kinde organizations, permissions, feature flags, and resource properties.
Your application enforces the result, authorization logic stays in declarative policies, not in application code.

From permissions to fine-grained access control

Kinde's built-in permissions work well for feature-level access (can this user access the billing page?). Cerbos extends this to resource-level decisions: can this user edit this specific document, in this organization, given their role and the document's state? Kinde provides the identity context, Cerbos provides the policy engine.

Get started

Check out the Cerbos documentation to learn how to pass Kinde token claims to Cerbos for policy evaluation.

FAQ

Can Cerbos use Kinde organizations and permissions?

Yes. Kinde issues tokens that include the user's organization context and assigned permissions. Your application passes these to Cerbos as principal attributes, where policies can use organization membership and Kinde permissions as inputs to fine-grained authorization decisions.

How do Kinde feature flags work with Cerbos?

Kinde feature flags control which capabilities are available to users or organizations. Your application can pass active feature flags to Cerbos as principal or resource attributes, enabling policies that gate access to features at the authorization level alongside entitlement checks.

Does Cerbos work with Kinde multi-organization setups?

Yes. Kinde supports users belonging to multiple organizations with per-organization roles and permissions. Cerbos policies can reference the active organization context to enforce organization-scoped access rules.