Blog

A recap of the WorkOS Applied AI showcase: the team, the tools (WOW, Horizon, Case, Wallaby), and what we've learned shipping AI internally.

Keycloak SCIM vs. WorkOS Directory Sync: A deep dive into features, gaps, and production readiness.

Humans, scripts, and AI agents are all calling your API. Here's how to give each of them secure, scoped credentials without building key management from scratch.

Stolen tokens should be worthless. Here's how to make them so.

How SSO eliminates the manual work of enterprise user onboarding.

What happens to a user's session when they switch organizations, how to scope tokens to prevent cross-tenant leaks, and where most implementations still go wrong.

I tried to reverse-engineer how SSO works from three angles: as the employee logging in, the IT admin managing access, and the developer who needs to support it. Here is what I learned.

Inside Claude Day at WorkOS: 39 teams, a one-day hackathon, and one rule — the non-engineer drives. Here's what we built and what we learned.

Build an authorization model your B2B app won't outgrow: how to go from flat roles to fine-grained, resource-scoped access control without a rewrite.

A developer's guide to Client-Initiated Backchannel Authentication (CIBA) for agentic systems.

User-scoped keys, org-scoped keys, and M2M applications cover most agent scenarios in B2B products, but the right choice depends on who the agent acts for, and how it runs.

How to give AI agents their own identity, scope what they can do, and defend your systems when they act autonomously.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Everything you need to know to implement and validate JWTs securely in PHP: from signing to verifying with JWKS, with code examples and best practices for both vanilla PHP and Laravel.

Seven errors that break Entra ID SAML SSO, and how to resolve them.