How Chromatic successfully migrated from Passport.js

With the in-house setup using Passport.js, Chromatic quickly ran into bandwidth constraints around new customer onboarding and user deprovisioning. The team hoped to find a single solution to support both SSO and SCIM and successfully migrated to WorkOS in less than 2 weeks.

Scaling limitations of Passport.js

Chromatic is a visual testing and review tool that helps frontend developers build, test, and get sign-off on user interfaces. Storybook, which is their flagship product, is the most popular open source tool for developing user interfaces and is used by thousands of companies like Airbnb, Microsoft, and LEGO to create UIs for billions of people.

As Chromatic experienced rapid growth, the company started engaging with more enterprise prospects. Many of them requested single sign-on (SSO) as a must-have feature, and the engineering team decided to build an in-house solution using Passport.js. The solution seemed sufficient at first, but the team quickly realized the process was not sustainable when they had to spend 2-4 hours provisioning each SSO connection for enterprise customers as well as the ongoing support they had to provide. Finding a replacement solution with an intuitive UI and a seamless IT admin onboarding flow was becoming a bigger priority.

Bandwidth issues became more pressing when the team began to get inundated with requests to delete SAML users. Jarel Fryer, who is the engineering manager at Chromatic, explained, “Aside from SSO, user deprovisioning was a common request our team began to receive. Anyone that has built an SSO solution in-house should know that deleting users requires a lot of handholding because you need to directly engage with the identity provider (IdP) on behalf of the customer. Building SSO support had already required significant engineering time, and I didn’t want my team to spend additional resources to support SCIM.”

More effective resource utilization with WorkOS

Implementing SCIM using Passport.js demands a substantial amount of work. Engineers are required to develop route handlers and middleware for user operations such as creation, retrieval, updating, and deletion. Additionally, compliance with IETF (Internet Engineering Task Force) standards is essential and teams must dedicate resources for managing error response handling, pagination, attribute mapping, and complex data structures.

As Chromatic started researching potential alternatives that could support SCIM, they gravitated towards WorkOS after seeing that it was used by other high-growth organizations like Vercel, Webflow, Loom, and many more. They were also impressed with the technical guidance the WorkOS support team was able to provide and the promptness of the responses.

“There are a ton of open source libraries that can get you the V1 for SSO, but no one has solved the complexities of SCIM and being able to implement that with multiple providers,” said Fryer. He added, “I had no interest in our team becoming SSO/SCIM experts and wanted to find a solution that would allow us to focus on building core products.” Using SCIM provisioning, Chromatic was able to unlock more workflows for customers, providing a seamlessly integrated user experience within their product.

Seamless migration from Passport.js 

Porting over existing SSO connections from an existing solution seemed like a daunting task, but the engineering team was able to complete the migration in just a couple of weeks without impacting existing users. According to Fryer, the tailored support his team received from a dedicated solutions engineer made a huge difference. Even for customers with lots of intricacies in their environments, the Chromatic team successfully executed the migration with the quick feedback they received from the WorkOS team. “We were impressed with how willing and quickly the WorkOS team would go in the trenches with us to provide immediate support. ” said Fryer. 

With WorkOS, Chromatic is able to better serve the enterprise segment while prioritizing core product development. Instead of being hamstrung with managing SAML certificate renewals or worrying about domain verification, they can focus on delivering differentiated value for their users.


Cloud Visual Testing Tool

WorkOS stack
Directory Sync
Admin Portal
Single Sign-On
Time to integrate
< 2 weeks

Add SSO,
the easy way.

WorkOS provides a single, elegant interface abstracting dozens of enterprise integrations.

More customer stories
“With WorkOS we got exactly what we needed, and the integration process was straightforward.”
Dor Zimberg
Software Engineering Manager
Read more
“We viewed WorkOS’ connections-based pricing as a more viable option aligned with our projected growth. The Admin Portal has also been a critical feature allowing us to save engineering time and provide a more polished enterprise experience.”
Umar Azhar
Co-founder & CTO
Read more

What’s your enterprise story?

WorkOS is the only integration you’ll need to get enterprise customers using your application.

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.