Blog

Audit Logs API, new webhooks experience, new SAML providers, and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from April to June 2022.

We are delighted to announce that WorkOS has raised $80m in Series B financing, led by Greenoaks with participation from previous investors Lachy Groom, Lightspeed Ventures, and Abstract Ventures.

I’m delighted to announce that WorkOS is a fully carbon neutral company. We have offset the company’s full carbon footprint since its founding and plan to stay carbon neutral as we scale up.‍

Learn how to get started with the WorkOS Multi-Factor Authentication (MFA) API to add Time-based one-time passwords (TOTP) and SMS verification to secure your application.

New MFA API, better customer onboarding, new SAML providers and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from January to March 2022.

Learn how to leverage the WorkOS Admin Portal to quickly onboard enterprise customers. The Admin Portal is an interactive setup experience for SSO and directory sync.

Testing SSO connections inside WorkOS is now easier and faster. We've improved the demo credential experience for Okta, the most popular identity provider amongst WorkOS customers.

We built one of our most requested features, custom attribute mapping. Map and rename attributes without custom code to easily bring in additional information from HR directories.

Learn how SSO and the traditional email & password login features can coexist in the same application, and discover 4 common design patterns for making it happen.

Explore some of the considerations to be made when deciding whether to build an SSO or Directory Sync solution on your own, or to pay for an existing authentication service.

In this step-by-step tutorial, learn how to configure and validate your WorkOS webhooks from your development machine by using ngrok's secure, public URLs.

Learn the key differences between SP-initiated SSO and IdP-initiated authentication, as well as the security vulnerabilities inherent to IdP authentication.

Jim Barksdale once said, “There [are] only two ways to make money in business: One is to bundle; the other is unbundle.” Here's when you should bundle your product for enterprise sales.

In this blog post you'll learn how the Engineering team at WorkOS communicates asynchronously using Threads

Changelogs are important communication tools, and should be made for people to enjoy reading. Here are five decisions we made to make the best changelog we possibly could.

Designing a dark mode version of your app comes with its own challenges. In this post, we will share some of the lessons we learned during the implementation of dark mode at WorkOS.

In this guide, we'll explore 15 ways to keep your teammates and customers secure at your growing startup from threats such as data breaches, phishing, cryptojacking, ransomware, and DDoS attack.

The size of your startup, no matter how small, won’t keep it safe. In this post, we cover five common threats facing your startup and explain how they work.

GDPR and CCPA are data privacy protection laws in the EU and California, respectively, that regulate how firms handle and share consumers’ personal information.

One time passwords (OTPs), such as those created by authenticator apps and Yubikeys, are a common way to add additional security to application authentication.

Nullable references are a familiar sight in many programming languages. Today we'll be exploring how to stack optionals in TypeScript and where null and undefined fall short.

Architecting SSO from a Systems Design perspective: what code and data lives where, who controls what, and what this ultimately means for your business as you grow your app

Developers are tired of being tied to the technology stack their CMS vendor requires. Is a headless CMS the solution? Learn more in our Developer's Guide to Headless CMSs.

I’m delighted to announce our Series A financing! In this post I’ll share more details about the problem WorkOS is solving, why we are solving it, and what the future holds if we are successful in our mission.

Creating great developer documentation is harder than it looks. Learn from Stripe, Twilio, GitHub, and more to learn how you can create docs like the greats. Acquire more users, retain more users

Zendesk crossed the chasm between the SMB market and the enterprise market, all while expanding its product line and developing the features that made enterprises want to adopt its products.

Identity is an important problem, but solving it is outside your core skill set. Lucky for you, and with apologies to Steve Jobs, there’s a SaaS - and a guide! - for that.

A WorkOS Developer Success Engineer describes his personal approach to success engineering by drawing on his experience as a high-end cheesemonger, focusing on education, empathy, and good taste.

User provisioning and user deprovisioning is how you can enable system access to new employees and restrict access to departing employees. Learn how this can make you more efficient and secure.

Twilio built a business model that started with individual developers and expanded into massive enterprise sales. Learn how they did it––and how you can too.

RBAC and ABAC are the two most common access control models for system authorization. Understanding the differences between the two is key for choosing between RBAC vs. ABAC for your system.

What does federated mean? Federation refers to group of entities that are independent yet united under a central organization. Learn how that meaning applies to search, identity, and databases.

So, you're writing your first service level agreement? Learn from the best: examples from Slack, Amazon, and Google show how you can write your SLA for comprehension and effectiveness.

If you build it, they won't come. As a founder, it's your job to make the sales that fuel your company's growth––and that includes enterprise sales. Read this guide so you can land the big deals.

Compliance stands between your company and growth. If you want to sign enterprise deals, learn the differences between SOC 1, SOC 2, and SOC 3––and how best you can comply.

A guide to magic links: the how they work and why you should use them. We’ll take a deep dive into how magic links work from a technical, security, and UX perspective.

GDRP affects companies the world over and as a developer, it's your job to ensure compliance. Read our guide to the basics to understand what GDPR entails.

Last month, we held our WorkOS Fall Release! We debuted new features, gave product updates, launched our new docs site, and hosted a fireside chat with the CTO of Webflow.

The WorkOS style guide for technical content. Our descriptive guide to writing blogs, tutorials, and technical documentation for developers by a developer.

In this article, we’ll cover a baseline of authentication protocols: PAP, CHAP, and EAP. We’ll cover what the protocol is, give a detailed example, and talk through some of the weaknesses.

This post will walk through the basics of how to send out webhooks from your app, manage authentication, handle security, and provide a smooth developer experience to your customers.

Last month, we held our first public event: the WorkOS Summer Release! Putting together a fully remote event as a fully remote team involved a lot of prep work.

Authentication and authorization are often interwined, but refer to completely different things. This post breaks down the difference and explores difference schemes for each.

If you’ve been put in charge of writing a security policy document, you might feel a tad overwhelmed. This guide will help, with examples from companies like Slack and Stripe.

The history of digital authentication spans just 60 years, but things have progressed (really) quickly. This guide walks through the basics and where things might be going.

SOC 2 compliance will help your company grow and land larger deals, but it takes some work to get there. This guide will walk through what you need to know as a developer.

For intrepid developers planning on homebrewing enterprise SAML SSO, here's a guide covering common SAML security vulnerabilities, footguns, and countermeasures.

How Dropbox built enterprise ready features like admin controls and integrations that let them close bigger, more impactful deals, move upmarket, and stay competitive.

This post explores UI/UX best practices for Identity Provider (IdP) and Service Provider (SP) initiated SSO flows, like subdomaining tenants and separating email and password screens.

Our guide will walk you through the audit log basics that every developer should know: why audit logs are important, event formats, SIEM tools, retention best practices, and more.

Our guide will walk you through everything Directory Sync: what it is, why you should care, protocols like SCIM, Directory Sync vs JIT, and how to build it into your product.

Adding SSO to your app is a common requirement for selling to enterprise customers. Here’s a guide that will help you understand SSO and choose the best way to add it to your app.

Incorporating enterprise features unlocked big deals for Slack. This post looks at how features like SAML SSO, EKM, and audit logs help Slack close those enterprise deals.

The Enterprise Chasm separates early-adopter users from larger enterprise customers in B2B SaaS apps. This post shares why and how you should cross this chasm with Enterprise Ready features.