kinde-oss · tamalchowdhury · Mar 26, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
@@ -15,7 +15,7 @@ metadata:
   audience: [developer, enterprise-admin, security-engineer]
   complexity: intermediate
   keywords: [home realm discovery, HRD, IdP discovery, email domain routing, enterprise auth, SSO button]
-  updated: 2025-01-16
+  updated: 2026-03-26
 featured: false
 deprecated: false
 ---
@@ -28,7 +28,7 @@ HRD is usually applied where your identity provider (IdP) is a third party, such
 
 By default, Kinde provides a universal login page where users of any enterprise connection can sign in. They are then silently routed and verified via the relevant IdP.
 
-## How it works
+## How does Home Realm Discovery work at Kinde?
 
 When you set up a [Microsoft Entra ID](/authenticate/enterprise-connections/azure/) or [custom SAML](/authenticate/enterprise-connections/custom-saml/) connection, you’ll configure the home realm (or domains) to be recognized during authentication. All home realm domains must be unique across all connections in the environment.
 
@@ -45,6 +45,14 @@ In the back end, the end-user is linked to the correct identity provider via the
 
 So when Jude Watson arrives at the sign in window and enters `judewatson@enterpriseA.com`, they are routed to the IdP for SAML connection A, and authenticated.
 
-## Showing or hiding the sign in buttons
+## How to show or hide the sign-in buttons?
 
-Even if you have set up HRD, you can choose to show an SSO sign in button so the user has to click to proceed. Learn more [here](/authenticate/enterprise-connections/about-enterprise-connections/#show-or-hide-the-sso-sign-in-button-on-the-auth-page).
+Even if you have set up HRD, you can choose to show an SSO sign-in button so the user has to click to proceed. Learn more [here](/authenticate/enterprise-connections/about-enterprise-connections/#show-or-hide-the-sso-sign-in-button-on-the-auth-page).
+
+## Does HRD affect organization selection and default org settings?
+
+Yes. When home realm discovery is active, enterprise users are routed directly to their identity provider based on their email domain — before any organization selection takes place. This has a few important implications:
+
+- **The organization selector is bypassed** — HRD takes precedence over any org selection screen. The user is authenticated into the organization associated with their enterprise connection without being prompted to choose.
+- **The last-used organization setting is bypassed** — The "remember last org" behavior does not apply to users authenticating via HRD. Their session is always tied to the organization configured for their enterprise connection.
+- **Setting a default organization for enterprise users via `org_code` is not supported under HRD** — Because HRD routes users before org selection occurs, passing `org_code` to override the destination organization is not supported for enterprise connections using home realm discovery. The user will always land in the organization linked to the matching enterprise connection.
@@ -35,23 +35,31 @@ keywords:
   - user profile
   - feature flags
   - permissions
-updated: 2024-01-15
+updated: 2026-03-26
 featured: false
 deprecated: false
 ai_summary: Complete guide for Expo SDK including authentication setup, token utilities, user profile management, and mobile app integration for React Native applications.
 ---
 
 The Kinde React Native SDK allows developers to quickly and securely integrate a new or an existing React Native application into the Kinde platform. This SDK is for people using Expo.
 
-## Register for Kinde
+### What you need
 
-If you haven't already got a Kinde account, [register for free here](https://app.kinde.com/register) (no credit card required). Registering gives you a Kinde domain, which you need to get started, e.g. `yourapp.kinde.com`.
+- A [Kinde](https://app.kinde.com/register) account (Sign up for free)
+- Node.js version 20 or later
+- Expo SDK version 53 or later
+- React Native CLI
+- JDK
+- [Android Studio](https://developer.android.com/studio) (for Android)
+- [Xcode](https://developer.apple.com/xcode/) (for iOS)
 
-## Before you install
+Follow [the installation instructions for your chosen OS](https://reactnative.dev/docs/environment-setup) to install dependencies.
 
-You will need Node, the React Native command line interface, a JDK, Android Studio (for Android) and Xcode (for iOS).
+### Install dependencies
 
-Follow [the installation instructions for your chosen OS](https://reactnative.dev/docs/environment-setup) to install dependencies.
+```bash
+npm install @kinde/expo
+```
 
 ## Installation with Expo Managed Workflow
 
@@ -442,3 +450,7 @@ Assume your StarterKit path is `<StarterKit_PATH>`.
 2. Clean build folders on **Xcode**.
 
 If you need help connecting to Kinde, please contact us at [support@kinde.com](mailto:support@kinde.com).
+
+## Version compatibility
+
+The `@kinde/expo` package requires **Expo SDK 53 or later**. This is determined by its dependencies on `expo-auth-session`, `expo-web-browser`, `expo-secure-store`, and related packages, which are versioned alongside the Expo SDK. For the latest compatibility details, refer to the [@kinde/expo npm page](https://www.npmjs.com/package/@kinde/expo) and the package changelog.
@@ -29,7 +29,7 @@ keywords:
   - admin permissions
   - user management
   - self sign up
-updated: 2026-03-03
+updated: 2026-03-26
 featured: false
 deprecated: false
 ai_summary: Guide to deleting or suspending users in Kinde including suspension, restoration, and permanent deletion options for access control.
@@ -68,3 +68,19 @@ For details on suspending an organization, see [Add and manage organizations](/b
    1. Select the first option to remove the user’s access and ability to sign in to all organizations, but leave their profile in Kinde.
    2. Select the second option to completely remove the user record from Kinde, including access and all subscriber lists.
 5. Select **Delete user**. When the user tries to sign in, they will be prompted to sign up (if self-sign-up is allowed in your business).
+
+## Can I block users by email, username, or phone number?
+
+Kinde does not have a built-in blocklist for specific email addresses, usernames, or phone numbers. Suspending or deleting a user removes their existing account, but does not prevent someone from signing up again with the same identifier if self-sign-up is enabled.
+
+To block access for accounts created with a specific identifier (after sign-up), use one of these workarounds:
+
+- **Workflows** — Use a [post-authentication workflow](/workflows/example-workflows/workflow-user-post-auth/) to check the authenticating user's email, username, or phone number against a blocklist stored in an environment variable or external data source. If matched, the workflow can deny access using the `deny` action.
+- **Webhooks** — Subscribe to the `user.created` event via [webhooks](/integrate/webhooks/about-webhooks/). When a new user signs up with a blocked identifier, call the [Management API](/kinde-apis/management#tag/users/patch/api/v1/user) to suspend or delete them as soon as the event is processed.
+- **Management API** — React to sign-up events and use the [`PATCH /api/v1/user`](/kinde-apis/management#tag/users/patch/api/v1/user) endpoint to suspend users whose identifiers match your blocklist.
+
+<Aside type="warning">
+
+None of these workarounds prevent the initial sign-up event from completing — they block access after the fact. If preventing sign-up at the point of registration is a hard requirement, contact [Kinde support](https://kinde.com/support/) to discuss options.
+
+</Aside>
@@ -31,19 +31,19 @@ keywords:
   - dynamic permissions
   - token refresh
   - permission deletion
-updated: 2024-01-15
+updated: 2026-03-26
 featured: false
 deprecated: false
 ai_summary: Guide to managing user permissions in Kinde including permission creation, editing, deletion, key naming conventions, and integration with roles for access control.
 ---
 
-It’s easy to manage and control user access with permissions. Once you set up permissions, they can be grouped into [roles](/manage-users/roles-and-permissions/user-roles/), to make assigning them managing access easier.
+You can manage and control user access with permissions. Once you set up permissions, they can be grouped into [roles](/manage-users/roles-and-permissions/user-roles/), to make assigning them managing access easier.
 
-## **First time creating permissions?**
+## First time creating permissions?
 
 For each permission you create on Kinde, you need to assign a unique ‘key’ that your product code will reference to apply the permission. We suggest you create permissions first, and then if you want, create roles to group sets of permissions to apply to users.
 
-## **Add a new user permission**
+## Add a new user permission
 
 1. Go to **Settings** **> User Management >** **Permissions**. If you already have permissions added, you’ll see a list of them.
 2. Select **Add permission**.
@@ -56,7 +56,7 @@ For each permission you create on Kinde, you need to assign a unique ‘key’ t
 6. Select if you want this permission to be automatically added when a new role is created. You might do this for example, if the permission is something all users need to be allowed to do.
 7. Select **Save**.
 
-## **Edit permission**
+## Edit permission
 
 User permissions are dynamic and refreshed via the issued token. This means that any changes you make will be applied to users, the next time they sign in.
 
@@ -73,3 +73,7 @@ When you delete a permission, you remove the permission access from all users wh
 1. Go to **Settings > User Management > Permissions**. Your list of permissions is shown.
 2. Select the three dots next to the permission and choose **Delete**. A confirmation / warning message appears.
 3. Select **Delete permission**. The permission is permanently deleted.
+
+## Are Kinde permissions shared across environments?
+
+Yes. Permissions are defined at the **business level**, not per environment. A permission created in your development environment is the same permission in staging and production — there is no per-environment isolation. If your team needs to test permission changes without affecting production, manage each environment in a separate Kinde business. Permissions can also be grouped into [roles](/manage-users/roles-and-permissions/user-roles/) to make assigning access easier.
@@ -35,7 +35,7 @@ keywords:
   - token claims
   - api management
   - role assignment
-updated: 2024-01-15
+updated: 2026-03-26
 featured: false
 deprecated: false
 ai_summary: Comprehensive guide to managing user roles in Kinde including role creation, editing, deletion, API integration, and token customization for access control.
@@ -70,7 +70,7 @@ Tip: [Set default roles when a user signs up to an organization](/manage-users/r
 7. Select the permissions that are included in the role by switching them on. See also [Define user permissions](/manage-users/roles-and-permissions/user-permissions/).
 8. Select **Save**.
 
-## **Edit user roles**
+## Edit user roles
 
 You can [update user roles via the Kinde Management API](/kinde-apis/management#tag/roles/patch/api/v1/roles/{role_id}) or using the procedure below.
 
@@ -92,7 +92,7 @@ When you delete a user role, you will remove the role as well as all the associa
 2. Select the three dots next to the role and choose **Delete**. A confirmation / warning message appears.
 3. Select **Delete role**. The role is deleted permanently.
 
-## **Add user roles via API**
+## Add user roles via API
 
 You can add user roles via the Kinde API.
 
@@ -122,3 +122,7 @@ getClaim("roles");
 - [View a list of permissions for a role](/kinde-apis/management#tag/roles/get/api/v1/roles/{role_id}/permissions)
 - [Edit permissions for a role](/kinde-apis/management#tag/roles/patch/api/v1/roles/{role_id}/permissions)
 - [Remove permissions from a role](/kinde-apis/management#tag/roles/delete/api/v1/roles/{role_id}/permissions/{permission_id})
+
+## Are Kinde roles and permissions shared across environments?
+
+Yes. Roles and permissions are defined at the **business level**, not per environment. A role created in your development environment is the same role in staging and production — there is no per-environment isolation. If your team needs to test role changes without affecting production, manage each environment in a separate Kinde business.