Blog

A breakdown of the five main types of access control models: Discretionary, Mandatory, Role-Based, Attribute-Based, and Relationship-Based access control.

Learn how to implement access control in your organization with our comprehensive guide and best practices.

Learn about the different API authentication methods, including how they work, their use cases, and best practices to follow.

Learn what an OIDC provider is and why you should use one, how to connect to an OIDC provider, and how to create your own OIDC provider.

RBAC for AuthKit, Fine-Grained Authorization early access, SCIM role assignment, updated Node SDK, and new Log Streams destination

Time is invaluable for SaaS startups aiming to become Enterprise Ready quickly. Building complex (yet table stakes) features in-house, like SSO and SCIM, can significantly delay enterprise adoption. In part 1, we will dive into the hidden challenges you will face with a homegrown solution, highlighting just how demanding and time-consuming the process can be.

SCIM provisioning is an important enterprise feature that provides user lifecycle management (ULM) and automated access control. Building this in-house means you must deal with fragmentation issues across onboarding, implementation, and triage, incurring significant engineering cost, delayed time to market, and potential security issues.

AuthKit now supports RBAC as part of its core authorization capabilities. RBAC is a common authorization scheme where each user is assigned one or more roles, and each role is assigned a set of permissions that defines which resources and actions the user can access in your application.

Learn what RBAC stands for, its key benefits, and how to implement it effectively to maintain access control.

Developer Week recap, Apple OAuth, User Management with SCIM, IdP role assignment, the Remix example app, and more

Identity linking consolidates duplicate accounts with their own authentication credentials into a single account. While this seems straightforward, it involves a number of considerations around email and domain verification. WorkOS handles these complexities and provides secure identity linking by default.

When we launched User Management along with a free tier of up to 1 million MAUs, we faced several challenges using Heroku: the lack of an SLA, limited rollout functionality, and inadequate data locality options. To address these, we migrated to Kubernetes on EKS, developing a custom platform called Terrace to streamline deployment, secret management, and automated load balancing.

Find out about the common problems with webhooks, like out-of-order events and traffic surges, and how the Events API solves them.

Route-level authentication specifies which pages require authentication, keeping relevant logic together. Middleware-level authentication follows a Zero Trust model and simplifies group route authentication. The choice depends on your application architecture, but an additional authorization layer is needed for complete security.

Can you really adopt Next.js App Router incrementally? At WorkOS, we learned that you can’t really migrate a complex app page by page without a hit to the UX. Instead, we worked out a migration guide that allowed us to test our entire app with App Router while still serving the Pages Router to users—before making the final switch.