January 2024 Summaries
11 posts from WorkOS
Filter
Month:
Year:
Post Summaries
Back to Blog
In January, AuthKit introduces Bot Protection to prevent unauthorized account signups. The Dashboard now features organization filtering for easier access to specific information. Google Workspace Directory sync allows admins to choose and filter which groups are synced. A comparison of Auth0's pricing structure with WorkOS reveals more competitive and transparent pricing for B2B SaaS companies. Chromatic, a featured customer, migrated from an in-house solution to WorkOS for better scalability and support for both SSO and SCIM.
Jan 31, 2024
283 words in the original blog post.
Auth0 and WorkOS are both authentication providers for B2B SaaS companies, but they differ in their pricing models. Auth0's pricing is based on four primary variables: Monthly Active Users (MAUs), Organizations, Admins, and Single Sign-On (SSO) Connections. Each variable has a usage cap after which customers must schedule time with Okta for further conversations. On the other hand, WorkOS offers more transparent and competitive pricing options. It provides free User Management up to 1 million MAUs, and every additional million MAUs at $2500/mo. Additionally, there are no restrictions on the number of supported organizations or admins, and automatic discounts apply with growth for SSO connections. WorkOS aims to align cost with projected growth by replacing MAUs as the primary cost driver with the number of SSO and SCIM connections.
Jan 30, 2024
595 words in the original blog post.
A SCIM Connector is a middleman between an application and any SCIM-compliant identity providers (IdPs), such as Okta and Microsoft Entra. It simplifies the integration process by centralizing connections, normalizing data across multiple providers, and handling SCIM requests at scale. Three top SCIM connectors to consider are WorkOS, Frontegg, and Stytch. These connectors offer various features like Events API, self-service provisioning capability, and comprehensive authentication services. The choice of a SCIM connector depends on factors such as the current authentication stack, budget, scalability needs, and desired customer onboarding experience.
Jan 30, 2024
1,534 words in the original blog post.
The Developer's Guide to Directory Sync / SCIM provides an in-depth look at the importance of implementing Directory Sync, a protocol that automates user lifecycle management by providing a single source of truth for identity. It explains how this can improve activation rates and help secure larger enterprise deals. The guide also covers popular protocols like SCIM (System for Cross Identity Management), which is an open-source protocol for implementing Directory Sync, and the differences between Directory Sync and JIT provisioning. Additionally, it provides practical advice on how to add Directory Sync to your app, either by building it from scratch or outsourcing it to a third-party provider like Aquera, Okta, or WorkOS.
Jan 25, 2024
1,902 words in the original blog post.
The System for Cross-domain Identity Management (SCIM) is a protocol that defines RESTful APIs for user provisioning and management. It offers a standard method for representing user identity information by defining a uniform model for representing an identity resource and a RESTful API for managing it via CRUD operations. SCIM 2.0 primarily defines two types of resources — Users and Groups, which are derived from the Resource object. A SCIM endpoint is where your customer's IdP sends SCIM requests for your app. The protocol uses HTTP methods such as POST, PUT, PATCH, DELETE, and GET to perform various operations like creating new users or groups, updating existing ones, deleting resources, and fetching user details. Understanding the SCIM schema is crucial when integrating with an IdP, allowing you to map attributes correctly to your app's data model.
Jan 24, 2024
1,722 words in the original blog post.
JSON Web Tokens (JWTs) are compact and self-contained JSON payloads that contain all the necessary data to authenticate users, negating the need for constant database calls every time you want to verify a user's details. JWTs consist of three parts: header, payload, and signature. They secure data using a digital signature and can be used in various applications such as authentication, authorization, and information exchange between different systems. The benefits of using JWTs include simplicity, scalability, high customizability, and cross-domain support. However, they may not be the best option if your app highly prioritizes security or frequently revokes user access. Implementing JWT authentication in a Node.js project can be done using the jsonwebtoken package.
Jan 23, 2024
2,072 words in the original blog post.
This article discusses the importance of SCIM (System for Cross-domain Identity Management) providers in enterprise software applications and provides a comprehensive guide to selecting the best SCIM provider. It explains what SCIM is, its benefits, and how it can be implemented using third-party providers. The author also presents three top recommendations for SCIM providers: WorkOS, Frontegg, and Stytch, highlighting their features, pricing models, and suitability for different use cases.
Jan 19, 2024
1,848 words in the original blog post.
A directory service is a database that stores information about users and resources on a network, allowing companies to manage access, authentication, and authorization. Common providers include Active Directory, Google Workspace Directory, Apache Directory Server, Red Hat Directory Server, Apple Open Directory, and Okta universal directory. Companies use directory services for increased security, simplified account management, improved compliance posture, and better user experience. They work through a client-server model with a centralized database that stores information about network resources such as users, groups, devices, and services.
Jan 12, 2024
1,338 words in the original blog post.
LDAP and Active Directory are protocols used in identity management but serve different purposes. LDAP is a vendor-neutral protocol for accessing and managing directory information over a network, while Active Directory is Microsoft's identity solution for managing user identities and resources on a Windows network. Both can be used together or independently depending on the organization's needs. LDAP is preferred when there's a need for a lightweight solution to access directory information without being tied to a specific vendor, whereas Active Directory is widely used in enterprises, especially those using Microsoft products and services.
Jan 08, 2024
1,698 words in the original blog post.
In 2024, implementing Directory Sync is crucial for any SaaS app catering to enterprise customers. It enables automatic synchronization of user data between an organization's directory service (such as Microsoft Entra ID, Google Workspace, or Okta) and a SaaS application using the SCIM protocol. This significantly reduces manual provisioning and de-provisioning efforts for IT admins, ensuring consistent access permissions across all applications used within the organization.
Supporting multiple identity providers (IdPs) is essential for enterprise sales, with popular directories including Microsoft Entra ID, Okta, Google Workspace/Cloud Identity, Active Directory, OneLogin, PingFederate, JumpCloud, Workday, and BambooHR. The SCIM protocol provides a standardized approach for provisioning, updating, and de-provisioning user accounts and associated data between identity providers and SaaS apps via a REST API.
Implementing Directory Sync involves building a SCIM API with endpoints for provisioning and deprovisioning users, connecting the SCIM endpoint to directories, and handling variations in attribute usage and data normalization across different IdPs. Ongoing maintenance and support are also necessary to ensure compatibility with updates from directory providers.
Alternatively, using a third-party SCIM provider like WorkOS can simplify the process by offering developer-friendly APIs, IT admin tools, real-time updates via an Events API, and data normalization across multiple IdPs.
Jan 03, 2024
1,739 words in the original blog post.
SCIM (System for Cross-domain Identity Management) is a protocol that provides a standard way for identity providers and service providers to communicate. It defines two main resource types — users and groups. SCIM groups are collections of users with something in common, usually used for role-based access control. They simplify user management by making it easier for IT admins to assign rights, roles, and responsibilities across different apps or services. However, inconsistencies among identity providers can introduce complexities and security risks. WorkOS' Directory Sync provides a more unified and secure SCIM provisioning solution that handles each provider's intricacies and quirks, ensuring smooth operation and minimizing security issues.
Jan 03, 2024
1,613 words in the original blog post.