Blog

WorkOS now lets you send transactional emails through your own provider—like SES, Postmark, Resend, or SendGrid—giving you full control over deliverability, reputation, and visibility while keeping the simplicity of WorkOS auth flows.

AuthKit now automatically translates into ~90 languages based on your users' operating system settings.

AuthKit is now the default authentication option for Convex projects, enabling zero config Enterprise Ready authentication for real-time applications

AuthKit now supports assigning multiple roles per organization membership, giving users the union of permissions across roles. This feature eliminates role explosion and makes access control more flexible and intuitive.

A practical guide to securing MCP model–agent interactions: prevent prompt injection, privilege escalation, replay attacks, and data exfiltration with validation gateways, signing, DLP, and scoped creds.

SAML certificates don’t work the same way as web SSL certificates. Here’s why self-signed certificates are the secure, standard choice for SAML, and when a CA-signed certificate might still make sense.

A guide to understanding air-gapped environments, why enterprises rely on them, and how WorkOS can deliver modern authentication even in the most isolated deployments.

The WorkOS team recently hosted a 2-day Enterprise MCP hackathon with approximately 100 attendees.

Step-by-step tutorial on integrating Single Sign-On, Multi-Factor Authentication, and Passwordless login into your .NET app with WorkOS.

A developer-friendly guide to Proof Key for Code Exchange (PKCE): how it works, the problems it solves, and why it’s essential for secure OAuth flows, regardless of the application type.

If you’ve built a custom Identity Provider, you’ll need to implement SCIM client functionality yourself. This guide shows you how to build a standards-compliant SCIM 2.0 client that can provision users and groups using WorkOS as the SCIM service provider.

By creating a central catalog of available servers, the MCP Registry has solved the discovery problem—but that's only half the equation. The real challenge lies in authentication.

Learn the best practices for implementing multi-factor authentication (MFA), from reducing MFA fatigue to improving user experience, with guidance for both B2C and B2B apps.

MCP-UI represents more than an incremental improvement to agent interfaces—it's a fundamental shift toward interactive, context-aware AI systems that can deliver rich experiences directly within conversational flows.

Product engineers don’t just write code, they own the whole delivery lifecycle.