The Changelog

AuthKit, the open source authentication UI built on Radix, and User Management, the backend platform handling email verification, account linking, and more.

Effective and comprehensive setup flows for non-SCIM directories.

Available to all users: enable SAML auth for the WorkOS Dashboard.

The Admin Portal now supports Domain Verification, enabling IT admins to prove domain ownership with DNS TXT records.

To provide cleaner and more secure data, user information in dormant states will be deleted by default.

Developers can now use custom domains when sending Admin Portal invite emails, ensuring consistent branding during onboarding.

User can now view events-related data such as payload information, webhooks emitted for specific events, and metadata more easily. This provides an advanced workflow for debugging scenarios when configuring integrations.

99.99% uptime is now contractually guaranteed as part of the enterprise SLA.

All users that are updated to “suspended” state will now result in a deletion of that user’s group memberships.

The Audit Logs API can now be used to increase the retention period from 30 to 365 days.

WorkOS now uses more comprehensive validation during SCIM directory setup in the Admin Portal to ensure successful configuration.

We’ve shipped a new Audit Logs API that enables you to define Audit Logs event schema in code.

We’ve introduced a new way to view Directory Events directly from the WorkOS Dashboard.

We now support Google Cloud Storage as a Log Streams destination, so you can stream Audit Log events directly from your application to your customer’s Google Cloud instance.

We've released the Events API – a reliable and efficient integration method to sync changes from WorkOS to your app.

You can now invite your customers’ IT admins to configure Single Sign-On, Directory Sync, and Log Streams by sending them an email directly from the WorkOS Dashboard.

We've enhanced the OIDC setup experience in Admin Portal, providing verification for discovery endpoints and validation while testing SSO.

We've enhanced the SSO configuration experience in Admin Portal to make it even easier for your customers to successfully configure single-sign on for your application.

The Dashboard organization page has been redesigned to make it easier to share a setup link with your customers.

We’ve just published a new integration that enables WorkOS features within your Bubble application.

We’ve just published a developer guide to building user experiences for SSO sign-in.

We’ve just published new user experience guides on MFA enrollment and MFA sign-in.

We're introducing a new groups attribute for the User profile. Developers can use this group membership information to enable SSO role-based access control in their apps, using Just-In-Time User Provisioning.

We’ve just published a new guide on Just-In-Time User Provisioning with WorkOS Single Sign-On.

We're introducing a new SFTP-based integration for Directory Sync. Organization admins looking for a flexible and secure mechanism to provision and de-provision their users can now do so by sending CSVs via SFTP.

We’ve made it easy to pass in login hints to Okta SAML and Azure SAML and domain hints to Google SAML, making user login experiences even smoother.

We’ve made the navigation in Admin Portal more intuitive when moving between the provider selection screen and the provider configuration steps.

There are three new pages available for Directory Sync developer documentation: "Fundamentals", "Role Data", and "Role Architecture".

We’ve enhanced the SAML session viewer in the WorkOS dashboard to improve the experience of debugging your connection sessions.

To make it even easier to get started with our API endpoints, we’ve created a WorkOS Postman public workspace.

We’ve just added a Compliance Documents page which makes it easier to access all of our compliance reports: SOC 2 Type II, SOC 3, SIG Lite, and Penetration Test.

We’ve just enabled self-serve creation of your shared Slack Channel from the Dashboard.

You can now add custom branding to your Admin Portal sessions in a sandbox environment for free.

We're excited to introduce a new feature called Log Streams that makes Audit Logs even more useful for your customers. Log Streams enable you to stream audit log events from your application directly to your customers' Security and Incident Event Management (SIEM) platforms, like Datadog, Splunk, and AWS S3.

We have enhanced Directory Sync custom attributes to automatically populate common fields across different providers.

We’re excited to announce that you can now update Admin Portal custom branding properties directly from the WorkOS Dashboard.

Recently we’ve been introducing a suite of improvements to the Admin Portal experience. Including navigation improvements, a new feedback channel, and persistence between sessions.

Today we’re adding support for testing your Google/Microsoft OAuth connections without having to create your own OAuth credentials.

We’re excited to announce that you can now support Cezanne HR through the WorkOS Directory Sync integration and Admin Portal.

Today we're adding a new `success_url` attribute which gives more flexibility and control to developers over the flow after successfully setting up Directory Sync or Single Sign On via the Admin Portal.

Today we’re releasing a fix in how we process SAML responses, which include `Attributes` with multiple child `AttributeValue` tags. It is important for you to check the type of a raw attribute before processing it, as some values will now be of type array.

Audit Logs are a collection of events that contain information relevant to notable actions taken by users in your app. These events are similar to application logs and analytic events, but are fundamentally different in their intent.

We’re excited to announce that you can now support Rippling SAML through the WorkOS Single Sign-On integration and Rippling SCIM through the WorkOS Directory Sync integration.

Today we are releasing a suite of new example apps that demonstrates how to use Typescript to interact with the WorkOS Node.js SDK for our Single Sign-On, Directory Sync, Admin Portal, Magic Link, and Multi-Factor Authentication products.

Today we’ve added the `organization_id` to both the Directory User and Directory Group API endpoints and webhooks. This popular request unlocks flexibility in how you choose to store references to the WorkOS API in your applications — letting you find the best model for your architecture.

We’re excited to announce that you can now support People HR through the WorkOS Directory Sync integration and Admin Portal.

We're adding support for wildcard Redirect URIs in Staging environments. This will enable you to use multiple "review app" style deployment URLs, and map them to a single WorkOS environment.

We’re excited to announce that you can now support SimpleSAMLphp through the WorkOS SSO integration and Admin Portal.

We are launching improvements to the WorkOS Dashboard today to help you launch integrations and monitor the health of your webhook endpoints.

We’re excited to announce that you can now support the LastPass SAML integration through the WorkOS SSO integration and Admin Portal.

We’ve improved pagination for the WorkOS API resources with the addition of an `order` query parameter that will allow you to sort the returned data in an ascending or descending order.

We’re excited to announce that you can now support the NetIQ SAML integration through the WorkOS SSO integration and Admin Portal. NetIQ offers solutions for managing security, compliance, identity, access, performance and availability for organizations.

We’re excited to announce that whenever a user signs up to WorkOS with email/password, we will now report if the password provided was part of any data breaches.

You can now connect WorkOS to Cloudflare and support federated SAML connections with any Identity Provider that uses a SAML 2.0 connection

You can now support the Oracle Cloud SAML integration through the WorkOS SSO integration and Admin Portal.

You can now customize your Google OAuth consent screens with your team’s domain when initiating sessions via the WorkOS API.

We’re excited to announce the addition of Multi-factor Authentication (MFA) to the WorkOS Dashboard! Visit the user settings page in the dashboard to configure an authenticator app.

To make it easier to debug connections in the Dashboard, we added a new "Sessions" tab in the connection details view. In this tab, you'll be able to view connection logs of SAML Sessions.

You can now support the ClassLink SAML through the WorkOS SSO integration and Admin Portal. ClassLink is an education focused portal solution which provides SSO to schools and universities.

We're excited to release our new Multi-factor authentication (MFA) API in preview. It will enable you to add support for Time-based one-time passwords (TOTP) and SMS verification.

We have moved to a new GitHub organization! Along with that change, we've updated the Go SDK installation path. You can follow these steps to update it...

You can now support the miniOrange SAML integration through the WorkOS SSO integration and Admin Portal.

You can now support the Salesforce SAML integration through the WorkOS SSO integration and Admin Portal.

We’ve expanded our user roles to give you controlled access to your WorkOS Dashboard and we now offer a Support role with only resource configuration privileges.

The Admin Portal for configuring new Single Sign-On and Directory Connections is now accessible through a secure and shareable Setup Link via the WorkOS Dashboard.

You can now support the CAS SAML provider through the WorkOS SSO integration. CAS is an open source, enterprise multilingual single sign-on solution and identity provider.

You can now synchronize OneLogin SCIM data and PingFederate SCIM data with WorkOS Directory Sync. This addition extends both our OneLogin and PingFederate SAML integrations to the next level.

You can now support the Keycloak SAML provider through the WorkOS SSO integration. Keycloak is an open source project that provides user federation, strong authentication, and access management.

Organizations have been simplified to focus on a single identity provider and a single directory provider which better reflects how customers use WorkOS.

In an effort to streamline onboarding, maintenance and interoperability with Identity Providers, WorkOS now supports Dynamic SAML configuration from Metadata.

You can now synchronize CyberArk SCIM data with WorkOS Directory Sync. This takes our CyberArk integration portfolio, which previously included a SAML SSO integration, to the next level

Your WorkOS Environment configuration has a new look! We’ve made it easy to see which OAuth providers you have configured at a glance.We've also made updating your configuration a bit more secure

Directory custom attributes are no longer required to have a mapping value when configured in the Admin Portal. You can now mark them as optional in the Dashboard.

We improved the demo credential experience for Okta, the most popular identity provider, so that it’s easier and faster for developers to test that their SSO flow works.

Directory user and group webhook update events now include a previous_attributes property that show changes since the last snapshot of the user or group.

We’re excited to announce the official release of the WorkOS Java SDK. The SDK can be installed from the Maven Central repository. Installation instructions for all supported package managers can

Developers can now define Custom Attributes for Directory Sync that will be available on user Profile objects from WorkOS, without having to write custom code.

We've improved the Directory summary view to now include the status of the most recent Directory sync for non-SCIM based directories like BambooHR or Workday.

Today we're announcing email notifications for webhook delivery failures. This notification will be sent if all retry attempts have been exhausted for a specific event.

We have released an enhanced security feature related to user email domains. This change is backwards compatible with existing connections and we've migrated the majority of connections already.

Today we’re announcing the ability to customize email notification preferences in the WorkOS Dashboard. Admin's can now configure preferences in a new Profile page.

Today we're introducing Dark Mode to the WorkOS Dashboard. Whether you prefer your screen bright or if you want to feel like a hacker using dark mode, it’s up to you how you experience WorkOS.

Today we're introducing a new input file for X.509 Certificates. This will allow users to view their uploaded file, which makes it easier to inspect the certificate content.

Similar to how we show a list of users for a Directory, you can now see a new tab containing a paginated list of groups in a Directory Sync connection.

Admin Portal users can now restart their entire configuration by using the "Reset Connection" button located at the bottom of the post-setup page. This will completely delete the connection...

Now you have the ability to search for specific Directory Sync users. To provide more control and visibility, we allow you to filter by the following parameters...

You can now visualize the total number of users and groups when using Directory Sync. This will allow developers to check if a directory has the expected number of users and groups at a glance.

You now have the ability to generate additional API keys for use in staging or production, revoke or expire API keys to no longer be able to make requests to the WorkOS API.

We redesigned the sidebar and environment switcher so you can easily navigate between your staging and production environments. We also updated our URL routing to include absolute links...

You can now synchronize HiBob HRIS data with WorkOS Directory Sync. On top of that, we also added Microsoft OAuth as a new SSO Identity Provider. This will enable users to sign in...

We released v1.0 of all our SDKs. As a result, we’re now following standard semantic versioning with our releases. We recommend upgrading and pinning the latest version of our SDK...