# Role-Based Access Control (RBAC)

## Introduction

WorkOS Role-Based Access Control (RBAC) is an authorization system designed for managing access to applications using a flexible roles and permissions model. With WorkOS RBAC, teams can also define custom roles at the organization or tenant level, assign permissions to those roles, and enforce access policies at scale. RBAC also supports role assignment from identity provider (IdP) groups, making it easy to integrate with Single Sign-On (SSO) and Directory Sync workflows for seamless, enterprise-ready access control.

## Key features

- Fully managed authorization service for defining and enforcing access controls across your application
- Configure roles, permissions, and organization-scoped roles directly in the [WorkOS Dashboard](https://dashboard.workos.com) or using the [API](https://workos.com/docs/reference/roles)
- Seamless integration with [AuthKit user management](https://workos.com/docs/authkit) by assigning roles via API and enforcing access through session JWTs
- Support for enterprise features like organization-scoped roles and IdP role assignment via SSO and Directory Sync allowing your customers to automatically map roles from their identity provider to streamline enterprise onboarding
- Fully integrated with [WorkOS Widgets](https://workos.com/docs/widgets), including role management through the User Management Widget

## Additional resources

- [The developer's guide to RBAC](https://workos.com/guide/the-developers-guide-to-rbac)
- [8 Role-Based Access Control (RBAC) examples in action](https://workos.com/blog/role-based-access-control-example)
- [How to build RBAC with WorkOS and Node](https://workos.com/blog/rbac-with-workos-and-node)