November Product Updates
User Management APIs (free up to 1 million MAUs), Domain Verification API, Dashboard SAML for all teams, and the Enterprise Readiness Guide for Product Managers
Introducing AuthKit and User Management APIs
AuthKit is a Radix-powered open source authentication UI built for effortless customizations. User Management is the backend platform handling email verification, account linking, bot blocking, organization modeling, and more.
The Developer's Guide to Domain Verification
Domain verification is an important measure for establishing security and trust between providers and organizations. This blog examines best practices to consider when building in-house as well as a simple alternative that WorkOS provides.
The Enterprise Readiness Guide for SaaS Product Managers
This guide is for SaaS product managers that want to better understand the essential features enterprises expect, ideal timing for going upmarket, build vs. buy considerations, and pricing & packaging implications.
October Product Updates
Events page for advanced workflow debugging, Automatic volume discounts, Custom domains for Admin Portal invites, Secure user state management flow
SFTP Integrations vs. Native APIs for User Provisioning
SFTP integrations and native APIs are two methods that exist when SCIM is not available. Both have pros and cons, but ultimately, for developers prioritizing simplicity and cost-effectiveness, SFTP is the recommended route, and for those prioritizing flexibility and scalability, native APIs are recommended.
The Developer’s Guide to SSO
Adding SSO to your app is a common requirement for selling to enterprise customers. Here’s a guide that will help you understand SSO and choose the best way to add it to your app.
Passport.js to WorkOS Migration Guide
Passport.js is an authentication middleware for Node.js. While suitable for addressing initial authentication needs, scaling with enterprise features like SSO and SCIM becomes unsustainably complex. This guide details 8 steps to transition from Passport.js to WorkOS.
Understanding CSRF Attacks
While OAuth offers a powerful framework for secure authorization across various services, it is not infallible from vulnerabilities. Login CSRF attacks are one instance of vulnerabilities that may arise when using OAuth, and the nonce technique functions as an effective tool to defend against potential breaches.
September Product Updates
New updates: 99.99% uptime guarantee, Events API, Audit Logs retention period API, and Directory Sync group membership consolidation.
Deciphering SCIM Complexity: Navigating Group Fragmentation
SCIM protocol implementation variability creates challenges for developers building applications for enterprises. WorkOS has standardized the process of managing group memberships, reducing the potential for inconsistencies and errors, and enhancing security.
August Product Updates
Some of the notable August releases were the Admin Portal email invite, SCIM setup validation flow, and support for Google Cloud Storage as a Log Streams destination. As we continue to innovate and improve our platform, we'll share a recap of important updates at the end of every month.
Decoding and Solving the Five Most Common SAML Errors
Configuring SAML-based SSO authentication is prone to a number of different types of errors, resulting in confusion for IT admins configuring your application or authentication issues for your end users. In this post, we will take a deep dive into the five most common SAML errors.
Single Sign-On: Acronyms Demystified
Even if you understand the significance of adding SSO to your application, you may still feel overwhelmed by the different authentication-related acronyms and protocols. Nevertheless, after reading this post, we hope that you will have a better understanding of the distinctions between SAML, OIDC, and OAuth and feel more confident in implementing SSO in your application.
WorkOS 2022 Fall Release
Log Streams, Admin Portal Custom Branding, Auto-mapped Directory Sync Custom Attributes, and more! Learn about all of the latest features and product updates we've added to the WorkOS platform in Q4.
The Founder's Guide to Developer-led Growth
Developers act, think, and behave differently than your average customer. So selling, marketing, and supporting them should be different too.
WorkOS 2022 Spring Release Recap
Audit Logs API, new webhooks experience, new SAML providers, and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from April to June 2022.
WorkOS raises $80m in Series B financing, acquires Modulz
We are delighted to announce that WorkOS has raised $80m in Series B financing, led by Greenoaks with participation from previous investors Lachy Groom, Lightspeed Ventures, and Abstract Ventures.
WorkOS is Carbon Neutral
I’m delighted to announce that WorkOS is a fully carbon neutral company. We have offset the company’s full carbon footprint since its founding and plan to stay carbon neutral as we scale up.
Getting Started with the WorkOS Multi-Factor Authentication API
Learn how to get started with the WorkOS Multi-Factor Authentication (MFA) API to add Time-based one-time passwords (TOTP) and SMS verification to secure your application.
WorkOS 2022 Winter Release Recap
New MFA API, better customer onboarding, new SAML providers and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from January to March 2022.
Frictionless Enterprise Customer Onboarding Using the WorkOS Admin Portal
Learn how to leverage the WorkOS Admin Portal to quickly onboard enterprise customers. The Admin Portal is an interactive setup experience for SSO and directory sync.
Directory Sync now maps custom attributes without custom code
We built one of our most requested features, custom attribute mapping. Map and rename attributes without custom code to easily bring in additional information from HR directories.
Can My App Support SSO and Password-based Logins?
Learn how SSO and the traditional email & password login features can coexist in the same application, and discover 4 common design patterns for making it happen.
Build vs. Buy: 5 Questions to Ask When You Need to Offer SSO or Directory Sync
Explore some of the considerations to be made when deciding whether to build an SSO or Directory Sync solution on your own, or to pay for an existing authentication service.
How to Test WorkOS Webhooks Locally with ngrok
In this step-by-step tutorial, learn how to configure and validate your WorkOS webhooks from your development machine by using ngrok's secure, public URLs.
SP-Initiated v IdP-Initiated SSO
Learn the key differences between SP-initiated SSO and IdP-initiated authentication.
When Is It a Good Time to Start Enterprise Sales?
Jim Barksdale once said, “There [are] only two ways to make money in business: One is to bundle; the other is unbundle.” Here's when you should bundle your product for enterprise sales.
How Our Engineering Team Communicates Asynchronously Through Writing
In this blog post you'll learn how the Engineering team at WorkOS communicates asynchronously using Threads
What Makes a Good Changelog
Changelogs are important communication tools, and should be made for people to enjoy reading. Here are five decisions we made to make the best changelog we possibly could.
5 Lessons We Learned Adding Dark Mode to WorkOS
Designing a dark mode version of your app comes with its own challenges. In this post, we will share some of the lessons we learned during the implementation of dark mode at WorkOS.
A Developer’s Guide to Startup Security: 15 Ways to Secure Your Startup (Part 2)
In this guide, we'll explore 15 ways to keep your teammates and customers secure at your growing startup from threats such as data breaches, phishing, cryptojacking, ransomware, and DDoS attack.
A Developer’s Guide to Startup Security: 5 Common Threats
The size of your startup, no matter how small, won’t keep it safe. In this post, we cover five common threats facing your startup and explain how they work.
CCPA vs. GDPR: How location affects enterprise compliance
GDPR and CCPA are data privacy protection laws in the EU and California, respectively, that regulate how firms handle and share consumers’ personal information.
A Developer’s Guide to One-Time Passwords (OTPs)
One time passwords (OTPs), such as those created by authenticator apps and Yubikeys, are a common way to add additional security to application authentication.
Optional Stacking in TypeScript
Nullable references are a familiar sight in many programming languages. Today we'll be exploring how to stack optionals in TypeScript and where null and undefined fall short.
3 Approaches to Add Enterprise SSO to Your App
Architecting SSO from a Systems Design perspective: what code and data lives where, who controls what, and what this ultimately means for your business as you grow your app
WorkOS raises $15M to build “Stripe for enterprise-ready features”
I’m delighted to announce our Series A financing! In this post I’ll share more details about the problem WorkOS is solving, why we are solving it, and what the future holds if we are successful in our mission.
A Developer’s Guide To Headless CMSs
Developers are tired of being tied to the technology stack their CMS vendor requires. Is a headless CMS the solution? Learn more in our Developer's Guide to Headless CMSs.
9 Components of Great Developer and API Documentation
Creating great developer documentation is harder than it looks. Learn from Stripe, Twilio, GitHub, and more to learn how you can create docs like the greats. Acquire more users, retain more users
How Zendesk used enterprise features to grow from $1 million to $1 billion in 12 years
Zendesk crossed the chasm between the SMB market and the enterprise market, all while expanding its product line and developing the features that made enterprises want to adopt its products.
How to pick an identity as a service (IDaaS) provider: A guide for busy startups
Identity is an important problem, but solving it is outside your core skill set. Lucky for you, and with apologies to Steve Jobs, there’s a SaaS - and a guide! - for that.
RBAC vs. ABAC: What is the difference between access control models?
RBAC and ABAC are the two most common access control models for system authorization. Understanding the differences between the two is key for choosing between RBAC vs. ABAC for your system.
User provisioning: Use it to increase efficiency and security
User provisioning and user deprovisioning is how you can enable system access to new employees and restrict access to departing employees. Learn how this can make you more efficient and secure.
A Guide to Enterprise Sales for Early-stage Founders
If you build it, they won't come. As a founder, it's your job to make the sales that fuel your company's growth––and that includes enterprise sales. Read this guide so you can land the big deals.
How Twilio’s developer-led business model enabled a shift to enterprise sales
Twilio built a business model that started with individual developers and expanded into massive enterprise sales. Learn how they did it––and how you can too.
SOC 1 vs. SOC 2 vs. SOC 3: Why your company needs compliance to grow
Compliance stands between your company and growth. If you want to sign enterprise deals, learn the differences between SOC 1, SOC 2, and SOC 3––and how best you can comply.
What Does Federated Mean in Search, Identity, and Databases?
What does federated mean? Federation refers to group of entities that are independent yet united under a central organization. Learn how that meaning applies to search, identity, and databases.
How to write your first service level agreement (with tips from Slack, Amazon, and Google)
So, you're writing your first service level agreement? Learn from the best: examples from Slack, Amazon, and Google show how you can write your SLA for comprehension and effectiveness.
A guide to magic links: how they work and why you should use them
A guide to magic links: the how they work and why you should use them. We’ll take a deep dive into how magic links work from a technical, security, and UX perspective.
Developers: Your GDPR Compliance Guidebook
GDRP affects companies the world over and as a developer, it's your job to ensure compliance. Read our guide to the basics to understand what GDPR entails.
WorkOS Fall Release Event Recap
Last month, we held our WorkOS Fall Release! We debuted new features, gave product updates, launched our new docs site, and hosted a fireside chat with the CTO of Webflow.
WorkOS Technical Content Style Guide
The WorkOS style guide for technical content. Our descriptive guide to writing blogs, tutorials, and technical documentation for developers by a developer.
Authentication Protocols: Your Guide to the Basics
In this article, we’ll cover a baseline of authentication protocols: PAP, CHAP, and EAP. We’ll cover what the protocol is, give a detailed example, and talk through some of the weaknesses.
Building Webhooks Into Your Application: Guidelines and Best Practices
This post will walk through the basics of how to send out webhooks from your app, manage authentication, handle security, and provide a smooth developer experience to your customers.
WorkOS Summer Release Event Recap
Last month, we held our first public event: the WorkOS Summer Release! Putting together a fully remote event as a fully remote team involved a lot of prep work.
Security policy document examples for B2B SaaS apps
If you’ve been put in charge of writing a security policy document, you might feel a tad overwhelmed. This guide will help, with examples from companies like Slack and Stripe.
A Developer’s History of Authentication
The history of digital authentication spans just 60 years, but things have progressed (really) quickly. This guide walks through the basics and where things might be going.
Fun with SAML SSO Vulnerabilities and Footguns
For intrepid developers planning on homebrewing enterprise SAML SSO, here's a guide covering common SAML security vulnerabilities, footguns, and countermeasures.
How Dropbox used land-and-expand to move upmarket and close big enterprise customers
How Dropbox built enterprise ready features like admin controls and integrations that let them close bigger, more impactful deals, move upmarket, and stay competitive.
UI/UX Best Practices for IdP & SP-Initiated SSO
This post explores UI/UX best practices for Identity Provider (IdP) and Service Provider (SP) initiated SSO flows, like subdomaining tenants and separating email and password screens.
The Developer’s Guide to Audit Logs / SIEM
Our guide will walk you through the audit log basics that every developer should know: why audit logs are important, event formats, SIEM tools, retention best practices, and more.
The Developer’s Guide to Directory Sync / SCIM
Our guide will walk you through everything Directory Sync: what it is, why you should care, protocols like SCIM, Directory Sync vs JIT, and how to build it into your product.
How Being Enterprise Ready Helps Slack Land Big Deals
Incorporating enterprise features unlocked big deals for Slack. This post looks at how features like SAML SSO, EKM, and audit logs help Slack close those enterprise deals.