Add SSO to Your Node.js App Using WorkOS

October 6, 2021

If your SaaS product’s backend is built with Node.js and you want to add SSO functionality for your customers, you can do a dry-run of the SSO integration using our example Node.js app. It makes use of the WorkOS Node.js SDK to authenticate users via SSO.

If you get stuck while following the steps below and aren't able to resolve the issue by reading our API reference or SSO Setup Guide, please reach out to us at [email protected] so we can help!

Prerequisites

Clone the Node.js app

1. In your CLI, navigate to the directory into which you want to clone this git repo:

2. Clone the Node.js example app’s GitHub repo:


or


3. Navigate to the cloned repo:


4.  Install the dependencies:

Securely store the environment variables

5. Obtain and make note of your WorkOS API key and SSO-specific, WorkOS Client ID from the WorkOS Dashboard. The locations of these values are shown in the screenshots below.

6. Create a .env file in the example app’s project directory, node-sso-example/. (This file is listed in this repo's .gitignore file, so your sensitive information will not be checked into version control.).

7. Open the .env file with your preferred text editor and add the WORKOS_API_KEY and WORKOS_CLIENT_ID;

Start the server

8. To ensure the example app is served as expected, start the server:


9. Navigate to http://localhost:3000. You should see this home page:



10. If you click the “Login” button you will see an error page if you haven’t properly configured SSO in the WorkOS dashboard yet.

11. Stop the Node.js server for now by typing CTRL + c in the CLI.


Set up SSO with WorkOS

12. Follow the SSO authentication flow instructions to create a new SSO connection in your WorkOS dashboard.

13. Add http://localhost:3000/callback as a Redirect URI in the Configuration section of the Dashboard:

14. Update the routes/index.js file so that the const domain variable is set to your company’s Connection domain or Connection ID. It is set to “gmail.com” by default.

  • Use the Connection domain if your organization has only one SSO connection. 
  • Use the Connection ID if your organization has multiple SSO connections for the same  Organization and you need to isolate a specific Connection. It’s OK to set the value of const domain to a Connection ID, which can be found by first navigating to the Organization’s detail page:

Then, click the arrow in the row that corresponds to the SSO Connection. This will take you to the Connection detail page where you’ll find the Connection ID:


Test the integration

15. Start the server again by running this command in the CLI:

16. Navigate to http://localhost:3000/ and click the Login button. You should be prompted to sign in using the IdP you configured during the SSO setup.

Nice work! You just set up SSO!

Need help?

If you get stuck while following the steps below and aren't able to resolve the issue by reading our API reference or SSO Setup Guide, please reach out to us at [email protected] so we can help!

Start Integrating Today
Create an account to begin adding enterprise-ready features to your application today.
Get Started

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.