The Founder's Guide to Developer-led Growth
Developers act, think, and behave differently than your average customer. So selling, marketing, and supporting them should be different too.
WorkOS 2022 Spring Release Recap
Audit Logs API, new webhooks experience, new SAML providers, and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from April to June 2022.
WorkOS raises $80m in Series B financing, acquires Modulz
We are delighted to announce that WorkOS has raised $80m in Series B financing, led by Greenoaks with participation from previous investors Lachy Groom, Lightspeed Ventures, and Abstract Ventures.
WorkOS is Carbon Neutral
I’m delighted to announce that WorkOS is a fully carbon neutral company. We have offset the company’s full carbon footprint since its founding and plan to stay carbon neutral as we scale up.
Getting Started with the WorkOS Multi-Factor Authentication API
Learn how to get started with the WorkOS Multi-Factor Authentication (MFA) API to add Time-based one-time passwords (TOTP) and SMS verification to secure your application.
WorkOS 2022 Winter Release Recap
New MFA API, better customer onboarding, new SAML providers and more! Learn about all of the latest features and product updates we've added to the WorkOS platform from January to March 2022.
Frictionless Enterprise Customer Onboarding Using the WorkOS Admin Portal
Learn how to leverage the WorkOS Admin Portal to quickly onboard enterprise customers. The Admin Portal is an interactive setup experience for SSO and directory sync.
Directory Sync now maps custom attributes without custom code
We built one of our most requested features, custom attribute mapping. Map and rename attributes without custom code to easily bring in additional information from HR directories.
Can My App Support SSO and Password-based Logins?
Learn how SSO and the traditional email & password login features can coexist in the same application, and discover 4 common design patterns for making it happen.
Build vs. Buy: 5 Questions to Ask When You Need to Offer SSO or Directory Sync
Explore some of the considerations to be made when deciding whether to build an SSO or Directory Sync solution on your own, or to pay for an existing authentication service.
How to Test WorkOS Webhooks Locally with ngrok
In this step-by-step tutorial, learn how to configure and validate your WorkOS webhooks from your development machine by using ngrok's secure, public URLs.
SP-Initiated v IdP-Initiated SSO
Learn the key differences between SP-initiated SSO and IdP-initiated authentication.
When Is It a Good Time to Start Enterprise Sales?
Jim Barksdale once said, “There [are] only two ways to make money in business: One is to bundle; the other is unbundle.” Here's when you should bundle your product for enterprise sales.
How Our Engineering Team Communicates Asynchronously Through Writing
In this blog post you'll learn how the Engineering team at WorkOS communicates asynchronously using Threads
What Makes a Good Changelog
Changelogs are important communication tools, and should be made for people to enjoy reading. Here are five decisions we made to make the best changelog we possibly could.
5 Lessons We Learned Adding Dark Mode to WorkOS
Designing a dark mode version of your app comes with its own challenges. In this post, we will share some of the lessons we learned during the implementation of dark mode at WorkOS.
A Developer’s Guide to Startup Security: 15 Ways to Secure Your Startup (Part 2)
In this guide, we'll explore 15 ways to keep your teammates and customers secure at your growing startup from threats such as data breaches, phishing, cryptojacking, ransomware, and DDoS attack.
A Developer’s Guide to Startup Security: 5 Common Threats
The size of your startup, no matter how small, won’t keep it safe. In this post, we cover five common threats facing your startup and explain how they work.
CCPA vs. GDPR: How location affects enterprise compliance
GDPR and CCPA are data privacy protection laws in the EU and California, respectively, that regulate how firms handle and share consumers’ personal information.
A Developer’s Guide to One-Time Passwords (OTPs)
One time passwords (OTPs), such as those created by authenticator apps and Yubikeys, are a common way to add additional security to application authentication.
Optional Stacking in TypeScript
Nullable references are a familiar sight in many programming languages. Today we'll be exploring how to stack optionals in TypeScript and where null and undefined fall short.
3 Approaches to Add Enterprise SSO to Your App
Architecting SSO from a Systems Design perspective: what code and data lives where, who controls what, and what this ultimately means for your business as you grow your app
A Developer’s Guide To Headless CMSs
Developers are tired of being tied to the technology stack their CMS vendor requires. Is a headless CMS the solution? Learn more in our Developer's Guide to Headless CMSs.
WorkOS raises $15M to build “Stripe for enterprise-ready features”
I’m delighted to announce our Series A financing! In this post I’ll share more details about the problem WorkOS is solving, why we are solving it, and what the future holds if we are successful in our mission.
9 Components of Great Developer and API Documentation
Creating great developer documentation is harder than it looks. Learn from Stripe, Twilio, GitHub, and more to learn how you can create docs like the greats. Acquire more users, retain more users
How Zendesk used enterprise features to grow from $1 million to $1 billion in 12 years
Zendesk crossed the chasm between the SMB market and the enterprise market, all while expanding its product line and developing the features that made enterprises want to adopt its products.
How to pick an identity as a service (IDaaS) provider: A guide for busy startups
Identity is an important problem, but solving it is outside your core skill set. Lucky for you, and with apologies to Steve Jobs, there’s a SaaS - and a guide! - for that.
A Cheesemonger’s Guide to Developer Success Engineering
A WorkOS Developer Success Engineer describes his personal approach to success engineering by drawing on his experience as a high-end cheesemonger, focusing on education, empathy, and good taste.
User provisioning: Use it to increase efficiency and security
User provisioning and user deprovisioning is how you can enable system access to new employees and restrict access to departing employees. Learn how this can make you more efficient and secure.
How Twilio’s developer-led business model enabled a shift to enterprise sales
Twilio built a business model that started with individual developers and expanded into massive enterprise sales. Learn how they did it––and how you can too.
RBAC vs. ABAC: What is the difference between access control models?
RBAC and ABAC are the two most common access control models for system authorization. Understanding the differences between the two is key for choosing between RBAC vs. ABAC for your system.
What Does Federated Mean in Search, Identity, and Databases?
What does federated mean? Federation refers to group of entities that are independent yet united under a central organization. Learn how that meaning applies to search, identity, and databases.
How to write your first service level agreement (with tips from Slack, Amazon, and Google)
So, you're writing your first service level agreement? Learn from the best: examples from Slack, Amazon, and Google show how you can write your SLA for comprehension and effectiveness.
A Guide to Enterprise Sales for Early-stage Founders
If you build it, they won't come. As a founder, it's your job to make the sales that fuel your company's growth––and that includes enterprise sales. Read this guide so you can land the big deals.
SOC 1 vs. SOC 2 vs. SOC 3: Why your company needs compliance to grow
Compliance stands between your company and growth. If you want to sign enterprise deals, learn the differences between SOC 1, SOC 2, and SOC 3––and how best you can comply.
A guide to magic links: how they work and why you should use them
A guide to magic links: the how they work and why you should use them. We’ll take a deep dive into how magic links work from a technical, security, and UX perspective.
Developers: Your GDPR Compliance Guidebook
GDRP affects companies the world over and as a developer, it's your job to ensure compliance. Read our guide to the basics to understand what GDPR entails.
WorkOS Fall Release Event Recap
Last month, we held our WorkOS Fall Release! We debuted new features, gave product updates, launched our new docs site, and hosted a fireside chat with the CTO of Webflow.
WorkOS Technical Content Style Guide
The WorkOS style guide for technical content. Our descriptive guide to writing blogs, tutorials, and technical documentation for developers by a developer.
Authentication Protocols: Your Guide to the Basics
In this article, we’ll cover a baseline of authentication protocols: PAP, CHAP, and EAP. We’ll cover what the protocol is, give a detailed example, and talk through some of the weaknesses.
Building Webhooks Into Your Application: Guidelines and Best Practices
This post will walk through the basics of how to send out webhooks from your app, manage authentication, handle security, and provide a smooth developer experience to your customers.
WorkOS Summer Release Event Recap
Last month, we held our first public event: the WorkOS Summer Release! Putting together a fully remote event as a fully remote team involved a lot of prep work.
Authentication vs. Authorization
Authentication and authorization are often interwined, but refer to completely different things. This post breaks down the difference and explores difference schemes for each.
Security policy document examples for B2B SaaS apps
If you’ve been put in charge of writing a security policy document, you might feel a tad overwhelmed. This guide will help, with examples from companies like Slack and Stripe.
A Developer’s History of Authentication
The history of digital authentication spans just 60 years, but things have progressed (really) quickly. This guide walks through the basics and where things might be going.
The Developer’s Guide to SOC 2 Compliance
SOC 2 compliance will help your company grow and land larger deals, but it takes some work to get there. This guide will walk through what you need to know as a developer.
Fun with SAML SSO Vulnerabilities and Footguns
For intrepid developers planning on homebrewing enterprise SAML SSO, here's a guide covering common SAML security vulnerabilities, footguns, and countermeasures.
How Dropbox used land-and-expand to move upmarket and close big enterprise customers
How Dropbox built enterprise ready features like admin controls and integrations that let them close bigger, more impactful deals, move upmarket, and stay competitive.
UI/UX Best Practices for IdP & SP-Initiated SSO
This post explores UI/UX best practices for Identity Provider (IdP) and Service Provider (SP) initiated SSO flows, like subdomaining tenants and separating email and password screens.
The Developer’s Guide to Audit Logs / SIEM
Our guide will walk you through the audit log basics that every developer should know: why audit logs are important, event formats, SIEM tools, retention best practices, and more.
The Developer’s Guide to Directory Sync / SCIM
Our guide will walk you through everything Directory Sync: what it is, why you should care, protocols like SCIM, Directory Sync vs JIT, and how to build it into your product.
The Developer’s Guide to SSO
Adding SSO to your app is a common requirement for selling to enterprise customers. Here’s a guide that will help you understand SSO and choose the best way to add it to your app.
How Being Enterprise Ready Helps Slack Land Big Deals
Incorporating enterprise features unlocked big deals for Slack. This post looks at how features like SAML SSO, EKM, and audit logs help Slack close those enterprise deals.