Customers

Scaling with modularity: integrating SCIM on top of SSO to close even larger customers

​​Webflow is a visual-first web design tool that helps users create awesome web experiences with minimal coding. Their platform is used daily by enterprises like PWC, Dell, Rakuten, and Philips. To meet the needs of these high-profile customers, Webflow needed to move upmarket quickly, shipping features like single sign-on (SSO) and Directory Sync (SCIM). 

David Kramer, a senior engineering manager on the enterprise features team at Webflow, has been involved with maintaining the company's SSO integration with WorkOS for the past three years. Webflow recently integrated WorkOS Directory Sync to meet the needs of larger enterprises, ensuring that when users are offboarded, their access to Webflow is automatically revoked.

The missing bridge to larger enterprises

According to Kramer, SCIM had been a longstanding request from the sales team. "We were leaving deals on the table because we just didn't have SCIM support and that was a hard requirement for larger organizations," he explained. IT departments wanted an automated workflow to immediately deprovision access once employees left the company, and this was considered table stakes during the procurement process.

Build vs. buy

The team also considered building SCIM in-house but quickly abandoned the idea when they realized the significance of the engineering cost.

Kramer estimated it would require a small team of 2-3 engineers working for upwards of a quarter to build a reliable SCIM integration with just a single identity provider (IdP). But the real cost would kick in once the team had to expand support for multiple providers and oversee all related maintenance tasks.

Integrating SCIM on top of SSO:

Since Webflow was already using WorkOS for SSO and had a positive experience, adopting WorkOS Directory Sync became the clear choice. Using the same platform would minimize complexity compared to introducing a separate vendor just for SCIM. 

"Based on our positive experience with WorkOS’ reliability, support, and responsiveness, we knew we could count on their platform," said Kramer. "The ability to easily add Directory Sync connections made it incredibly cost-effective."

Another perceived value of using WorkOS was that there wasn’t any fear of vendor lock-in. Kramer explained, “It never felt like a one-way door to us. We could see how the POC went and decide to go with another vendor if we really wanted to.”

According to Kramer, the engineering time required to implement SCIM with WorkOS was very straightforward. It took less than a couple of weeks with one engineer while balancing other core tasks. 

Streamlined onboarding for both SSO and SCIM with the Admin Portal  

The Admin Portal has been a game-changer for onboarding SSO customers. The onboarding team was thrilled to realize that the same UI onboarding experience can be extended for SCIM. 

"Personally, I appreciate the portal's step-by-step guidance for setting up connections, whether in Google Workspace or Okta. It simplifies the process, making setup straightforward and efficient," said Kramer.

Enterprise growth powered by WorkOS

With WorkOS Directory Sync, Webflow is better equipped to serve the entire spectrum of enterprise customers. While the feature was only recently rolled out, Kramer believes the need for SCIM will grow as Webflow continues pursuing larger accounts. Many companies manage user roles and permissions through their identity provider, so syncing that to Webflow via SCIM is a natural next step.

Webflow is also exploring WorkOS' new RBAC and Fine-Grained Authorization (FGA) solutions as the company evolves its own access control system. By adopting these key enterprise features that WorkOS supports, Webflow will continue to accelerate its expansion upmarket.

Industry

Web Development

Time to integrate
< 2 weeks

Add SSO,
the easy way.

WorkOS provides a single, elegant interface abstracting dozens of enterprise integrations.

More customer stories
“We enhanced our product with an enterprise-grade SSO offering that has allowed us to close multiple deals. It was undoubtedly the right decision.”
João Fernandes
Engineering Manager
Read more
“We did consider open source, but WorkOS provided a far superior developer experience.”
Jeanne Thai
Product Manager
Read more

What’s your enterprise story?

WorkOS is the only integration you’ll need to get enterprise customers using your application.

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.