Blog

SCIM provisioning is an important enterprise feature that provides user lifecycle management (ULM) and automated access control. Building this in-house means you must deal with fragmentation issues across onboarding, implementation, and triage, incurring significant engineering cost, delayed time to market, and potential security issues.

AuthKit now supports RBAC as part of its core authorization capabilities. RBAC is a common authorization scheme where each user is assigned one or more roles, and each role is assigned a set of permissions that defines which resources and actions the user can access in your application.

Learn what RBAC stands for, its key benefits, and how to implement it effectively to maintain access control.

Developer Week recap, Apple OAuth, User Management with SCIM, IdP role assignment, the Remix example app, and more

Identity linking consolidates duplicate accounts with their own authentication credentials into a single account. While this seems straightforward, it involves a number of considerations around email and domain verification. WorkOS handles these complexities and provides secure identity linking by default.

When we launched User Management along with a free tier of up to 1 million MAUs, we faced several challenges using Heroku: the lack of an SLA, limited rollout functionality, and inadequate data locality options. To address these, we migrated to Kubernetes on EKS, developing a custom platform called Terrace to streamline deployment, secret management, and automated load balancing.

Find out about the common problems with webhooks, like out-of-order events and traffic surges, and how the Events API solves them.

Route-level authentication specifies which pages require authentication, keeping relevant logic together. Middleware-level authentication follows a Zero Trust model and simplifies group route authentication. The choice depends on your application architecture, but an additional authorization layer is needed for complete security.

Can you really adopt Next.js App Router incrementally? At WorkOS, we learned that you can’t really migrate a complex app page by page without a hit to the UX. Instead, we worked out a migration guide that allowed us to test our entire app with App Router while still serving the Pages Router to users—before making the final switch.

Discover the best three alternatives to SAML SSO: OAuth 2.0, OpenID Connect, and WS-Fed. Understand what each protocol offers and find out which one is the best fit for your needs.

A comparison of single-tenant vs multi-tenant architecture: How they work, their pros and cons, and tips to decide which one suits your SaaS best.

Send your own AuthKit emails, PKCE support for SSO, Events API for filtering orgs, soft deletion support in User Management

Learn how to build a SCIM server for your app with WorkOS.

Authentication (AuthN) is the process of verifying the identity of users or systems before granting access to resources, essential for ensuring security in applications. This blog explores various AuthN methods like passwords, multi-factor authentication, and biometrics, and discusses the trade-offs of building in-house or using third-party providers..

Multi-tenancy is a software architecture where multiple users share a single application instance while keeping their data separate, making it cost-efficient and easier to manage. This blog explains multi-tenancy, its advantages and disadvantages, and offers best practices for implementation.