December Updates

WorkOS Pipes

‍Pipes allows your users to securely connect third-party accounts to your application. You can integrate with services like GitHub, Slack, Google, Salesforce, and more without managing OAuth flows, token refresh logic, or credential storage. Enable your users to easily connect their third-party accounts with the Pipes widget. Reach out to support in Slack or via email to get started with Pipes.

‍Learn more about Pipes →‍

‍Multiple Roles for SSO and Directory Sync

Identity provider role assignment now supports multiple roles across SSO, Directory Sync, and AuthKit. SSO profile and directory user entities now include a roles property. When a user signs in or is synced, all IdP group memberships with an assigned role are evaluated and the user receives the union of all mapped roles.

‍See how to use multiple roles →‍

‍AuthKit for Platforms‍

Developers of platforms (hosting, vibe coding, etc.) can now embed AuthKit into every app built on their platform. This allows for provisioning a complete sign-in and sign-up experience with enterprise ready authentication for users' apps.

New management APIs allow for automatic provisioning of AuthKit without any setup required by users. This reduces friction and enables them to create production-ready applications with auth built in. As an example, Convex utilizes AuthKit for Platforms to provide AuthKit by default for new Convex projects.

This feature is in preview.

‍Get in touch to integrate AuthKit for Platforms →‍

‍Feature Flag Management API

Developers can now manage feature flags with the new management API. Use the API to fetch and list flags, enable or disable them programmatically, and add or remove flag targets as part of your application workflows.

‍Check out the Feature Flags docs →‍

‍PCI DSS Certification

WorkOS is now PCI DSS compliant through self-attestation (SAQ-D). This demonstrates that WorkOS meets the PCI DSS requirements applicable to our services and supports customers operating in payment-regulated environments. The attestation of compliance is available in the Trust Center under Resources.

‍Access the PCI DSS attestation →‍

‍More featured content‍

• Catch the full set of recordings from MCP Night: The Holiday Special, including the keynote, live demos, and panel discussion.
• Use Vercel as a built-in authentication provider with AuthKit.
• Watch Michael Grinich, Founder & CEO of WorkOS, speak at AWS re:Invent 2025 on Securing AI Agents: The Future of Identity & Access Control.
• Allow users select an organization when authorizing a WorkOS Connect application.
• Keep user emails in sync with their social login provider using AuthKit.