Blog

Learn how to implement access control in your organization with our comprehensive guide and best practices.

Learn about the different API authentication methods, including how they work, their use cases, and best practices to follow.

Learn what an OIDC provider is and why you should use one, how to connect to an OIDC provider, and how to create your own OIDC provider.

RBAC for AuthKit, Fine-Grained Authorization early access, SCIM role assignment, updated Node SDK, and new Log Streams destination

Time is invaluable for SaaS startups aiming to become Enterprise Ready quickly. Building complex (yet table stakes) features in-house, like SSO and SCIM, can significantly delay enterprise adoption. In part 1, we will dive into the hidden challenges you will face with a homegrown solution, highlighting just how demanding and time-consuming the process can be.

AuthKit now supports RBAC as part of its core authorization capabilities. RBAC is a common authorization scheme where each user is assigned one or more roles, and each role is assigned a set of permissions that defines which resources and actions the user can access in your application.

Developer Week recap, Apple OAuth, User Management with SCIM, IdP role assignment, the Remix example app, and more

Identity linking consolidates duplicate accounts with their own authentication credentials into a single account. While this seems straightforward, it involves a number of considerations around email and domain verification. WorkOS handles these complexities and provides secure identity linking by default.

When we launched User Management along with a free tier of up to 1 million MAUs, we faced several challenges using Heroku: the lack of an SLA, limited rollout functionality, and inadequate data locality options. To address these, we migrated to Kubernetes on EKS, developing a custom platform called Terrace to streamline deployment, secret management, and automated load balancing.

Find out about the common problems with webhooks, like out-of-order events and traffic surges, and how the Events API solves them.

Route-level authentication specifies which pages require authentication, keeping relevant logic together. Middleware-level authentication follows a Zero Trust model and simplifies group route authentication. The choice depends on your application architecture, but an additional authorization layer is needed for complete security.

Can you really adopt Next.js App Router incrementally? At WorkOS, we learned that you can’t really migrate a complex app page by page without a hit to the UX. Instead, we worked out a migration guide that allowed us to test our entire app with App Router while still serving the Pages Router to users—before making the final switch.

Discover the best three alternatives to SAML SSO: OAuth 2.0, OpenID Connect, and WS-Fed. Understand what each protocol offers and find out which one is the best fit for your needs.

A comparison of single-tenant vs multi-tenant architecture: How they work, their pros and cons, and tips to decide which one suits your SaaS best.

Send your own AuthKit emails, PKCE support for SSO, Events API for filtering orgs, soft deletion support in User Management