A session-aware GraphQL API for the browser, so you can build fully custom user management, admin panels, and more directly in your frontend.
We are launching a remote MCP server that gives AI agents the same access to WorkOS as your dashboard login.
A managed gateway that handles API key verification, token decoding, and authorization so your backend does not have to.
Five bugs, four codebases, one recurring mistake: checking that a token is valid instead of checking that it's valid for who it claims to be.
Most multi-tenancy guides cover the database. This one covers the auth layer: org-scoped sessions, invitation flows, organization switching, per-tenant SSO, and how to scope every Server Action to the right tenant.
A complete guide to TOTP authentication and step-up verification in TanStack Start, so your most sensitive server functions stay protected even hours after sign-in.
Login-only auth trusts a moment in time indefinitely. CAEP lets identity providers tell your app the moment that trust should end.
Four tools solving four different problems. Here is how to figure out which one you actually need.
The two-layer key pattern behind AWS KMS, Google Cloud KMS, and WorkOS Vault, and why rolling your own is riskier than it looks.
A still-draft SEP already has production systems running against it, and their scars are shaping the spec in real time.
The event categories that show up first in every enterprise security review, and why.
Practical authorization patterns for MCP servers: per-tool scopes, dynamic consent, and least privilege enforcement using WorkOS AuthKit primitives.
65% of organizations confirmed an AI identity breach in the past year. Here's what's actually going wrong, and a practical checklist B2B SaaS teams can ship this quarter.
How WorkOS taught its docs to speak WebMCP, giving AI agents real tools instead of HTML to scrape
Three new RFCs quietly updated the SCIM spec in the last year. Here's what cursor based pagination, standardized events, and device schema actually change for your integration.
A step-by-step guide to authenticating your MCP server with AuthKit and connecting it to Claude Code.
A framework agnostic quick start for WorkOS AuthKit. Go from a fresh project to an authenticated session in under five minutes.
Vercel acquired Better Auth. If you run its SSO, SCIM, or enterprise plugins in production, here's the friction to weigh and how to decide whether to move.
Please try a different search
Our global team is growing and we’re hiring all types of roles.
WorkOS builds developer tools for quickly adding enterprise features to applications.
We use cookies for analytics and advertising. See our cookie policy for details.