Enterprise Ready authentication for Supabase, powered by WorkOS

We’re excited to announce that Supabase users can now integrate WorkOS as a third-party authentication provider.

Whether you’re building for startups or selling into the enterprise, this makes it easier than ever to offer robust SSO, unified authentication, and full compatibility with Supabase’s APIs—without compromising developer experience.

!!If you’re ready to get started, jump straight into the integration guide.!!

Bringing WorkOS Enterprise Ready authentication to Supabase

Supabase is the open-source Firebase alternative built on PostgreSQL, offering a powerful suite of backend services like authentication, storage, and real-time subscriptions—all with a developer-friendly experience. It’s become a popular choice for startups and fast-moving teams building scalable applications.

Today, we’re excited to announce that you can now integrate WorkOS as a third-party authentication provider in Supabase, giving you full control over how users authenticate, especially in enterprise environments.

With this release, you can now integrate WorkOS directly into your Supabase project by using WorkOS as the primary authentication provider, bypassing Supabase Auth entirely.

This unlocks flexible, hybrid authentication flows that adapt to your customer base—whether you're supporting self-serve users, enterprise teams, or both. It’s especially powerful for companies using Supabase in tandem with platforms like Railway or other Postgres-based tools.

By combining Supabase’s simplicity with WorkOS’s Enterprise Ready identity features, you can now:

• Add secure, scalable SSO in minutes
• Support different login paths for different user segments
• Align with the tools your customers already use—without rearchitecting your stack

Whether you're starting from scratch or scaling into enterprise, this integration gives you the building blocks to grow your product and meet your customers where they are.

How to configure WorkOS as a Supabase auth provider

First, you need to add an integration to connect your Supabase project with your WorkOS account.

Go to your Supabase project's Authentication settings > Sign In / Providers > Third Party Auth, and select WorkOS as the provider.

You will need to give to Supabase your issuer URL which has the format https://api.workos.com/user_management/your-workos-client-id.

You can find your Cliend ID in the WorkOS dashboard.

Copy the value and add it as part of the URL at the Supabase dashboard.

Next, you need to set up a JWT template. Supabase RLS policies expect a role claim in the access token that corresponds to a database role. WorkOS already adds a role claim corresponding to the user's role in an organization.

You can set up a JWT template in the WorkOS dashboard > Authentication > Sessions so that the role works with Supabase:

	
{
  "role": "authenticated",
  "user_role": {{organization_membership.role}}
}
	

We add a user_role claim so that your application can still determine the role assigned to that user.

That's it!

Supabase will now accept the access tokens returned by AuthKit when passed as an Authorization Bearer header.

Build auth that scales with you

This new integration makes it easier than ever to scale your authentication strategy alongside your product.

Whether you're adopting WorkOS as your primary auth provider or layering it on top of an existing Supabase Auth setup, you can now offer Enterprise Grade SSO with minimal configuration and maximum flexibility.

WorkOS remains free for your first one million monthly active users, and Supabase charges $0.003 per MAU when using third-party auth providers.

To start building, check out our Supabase integration docs.