Enterprise Single Sign-On

One integration, dozens of identity providers

Save months of development time integrating and debugging SAML and OpenID Connect protocols.

Add SSO to your app
Read the docs
Integrates with

Support your first enterprise customer in days

Read the Developer’s Guide to SSO

Single Sign-On

Your app’s first step toward enterprise adoption

SAML +
OpenID Connect

using a single API

20+

Identity providers supported

B.Y.O. database,  UX, and UI — we’ll provide the auth

WorkOS was designed to seamlessly fit into your existing application. With a few lines of code, you can offer the most popular enterprise sign-in options and support your biggest customers as quickly as possible.

Clean, consistent, and modern API design

Offer SSO for any identity provider that uses SAML or Open ID Connect protocols, all in a standard OAuth2 connection wrapper.

Read the docs
Get your API key

Developer-first design

APIs with RESTful endpoints, JSON responses, and normalized objects.

Fits your existing UX / UI

Integrate into existing login UI, authentication flows, and user communication methods.

Your data stays with you

Bring your own database and manage your own user records — we’ll provide the auth.

Persistable navigation state

Encode useful information to help restore application state between redirects.

Node.js
Ruby
Python
Go
PHP
Java
.NET
cURL

// Generate an authorization URL that automatically
// directs a user to their Identity Provider

import WorkOS from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456');

workos.sso.getAuthorizationURL({
  organization: 'org_01EHZNVPK3SFK441A1RGBFSHRT',
  clientID: 'client_123456789',
  redirectURI: 'https://example.com/callback',
  state: 'dj1kUXc0dzlXZ1hjUQ==',
});




# Generate an authorization URL that automatically
# directs a user to their Identity Provider

require 'workos'

WorkOS.key = 'sk_example_123456'

WorkOS::SSO.authorization_url(
  organization: 'org_01EHZNVPK3SFK441A1RGBFSHRT',
  client_id: 'client_123456789',
  redirect_uri: 'https://example.com/callback',
  state: 'dj1kUXc0dzlXZ1hjUQ==',
)




# Generate an authorization URL that automatically
# directs a user to their Identity Provider

import workos
from workos import client

workos.api_key = 'sk_example_123456'
workos.client_id = 'client_123456789'

client.sso.get_authorization_url(
  organization='org_01EHZNVPK3SFK441A1RGBFSHRT',
  redirect_uri='https://example.com/callback',
  state='dj1kUXc0dzlXZ1hjUQ=='
)



// Generate an authorization URL that automatically
// directs a user to their Identity Provider

import "github.com/workos/workos-go/pkg/sso"

sso.SetAPIKey("sk_example_123456")

sso.GetAuthorizationURLOptions{
  Organization: "org_01EHZNVPK3SFK441A1RGBFSHRT",
  RedirectURI: "https://example.com/callback",
  State: "dj1kUXc0dzlXZ1hjUQ==",
})





// Generate an authorization URL that automatically
// directs a user to their Identity Provider

$this->sso = new WorkOS\SSO();

$this->sso->getAuthorizationUrl(
  null,
  "https://example.com/callback",
  "dj1kUXc0dzlXZ1hjUQ==",
  null,
  "org_01EHZNVPK3SFK441A1RGBFSHRT"
);





// Generate an authorization URL that automatically
// directs a user to their Identity Provider

import com.workos.WorkOS;

WorkOS workos = new WorkOS("sk_example_123456");

String url =
  workos
    .sso
    .getAuthorizationUrl("client_123456789", "https://example.com/callback")
    .organization("org_01EHZNVPK3SFK441A1RGBFSHRT")
    .state("dj1kUXc0dzlXZ1hjUQ==")
    .build();
    


// Generate an authorization URL that automatically
// directs a user to their Identity Provider

WorkOS.SetApiKey("sk_example_123456");

var ssoService = new SSOService();
var options = new GetAuthorizationURLOptions
{
    ClientId = "client_123456789",
    Organization = "org_01EHZNVPK3SFK441A1RGBFSHRT",
    RedirectURI = "https://example.com/callback",
    State = "dj1kUXc0dzlXZ1hjUQ==",
};

string url = ssoService.GetAuthorizationURL(options);


curl --request GET \
  --url "https://api.workos.com/sso/authorize? \
  response_type=code& \
  client_id=sk_example_123456& \
  redirect_uri=https://example.com/callback& \
  state=dj1kUXc0dzlXZ1hjUQ==& \
  organization=org_01EHZNVPK3SFK441A1RGBFSHRT"

Integrate popular OAuth providers like Google and Microsoft

Leverage the same Single Sign-On API interface to connect with other OAuth services. Add high-conversion authentication options without having to build and manage them yourself.

Google OAuth
Microsoft OAuth

Passwordless sign-in with Magic Link

Magic links are a great way to provide a simple sign-in option for your customers without compromising their account security. It enables low-friction authentication using email.

A guide to magic links
  • Avoid password breaches
  • Remove the need of a “forgotten password” flow
  • Immediately expire links after they are first clicked
  • Use your own email service and custom branded template
“Integrating was straightforward, pleasant, and fun. The team answered my questions quickly, and went above and beyond to help when I ran into issues.”
Bryant Chou
Co-Founder & CTO
Read more
“WorkOS simplified the complexity of implementing single sign-on (SSO) with multiple identity providers.”
Daniel Marashlian
Co-Founder & CTO
Read more

The quickest way to up-market

Adding SSO is the quickest way to get a head start on enterprise adoption. Integrate SSO in a few days, free-up your roadmap, and get back to building your app.

Transparent pricing

Allow your app to accept single sign-on from dozens of identity providers with a single integration.

View pricing
UNLIMITED users
$
125
per connection
/ month
Automatic volume discounts
included at no charge
  • Unlimited magic link email sign in
  • OAuth with Microsoft and Google
  • 60 day onboarding support via Slack

Built for the most demanding apps

99.99% uptime

Guaranteed uptime SLAs for enterprise customers

View uptime SLAs

Premium support

Expert guided integration support and response time SLAs

View support plans

Custom enterprise plans

Contract-based plans tailored to your business requirements

Contact sales
Single Sign-On quickstart

Jump into the docs and start building in minutes.

Adding SSO in 7 minutes

Learn the basics of SSO with this guided walkthrough video.

Developer’s guide to SSO

New to implementing Single Sign-On? This guide covers it all.

Single Sign-On automatic discounts

Tier
1
2
3
4
Connection count
1-15
16-30
31-50
51-100
Price per connection
$125 / month
$100 / month
$80 / month
$65 / month
Tier discount
20% off
36% off
48% off
More than 100 connections? Contact us
Single Sign-On is free to try in a Sandbox environment
Get started

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.