March 2024 Summaries
17 posts from WorkOS
Filter
Month:
Year:
Post Summaries
Back to Blog
The System for Cross-domain Identity Management (SCIM) is designed to simplify user provisioning and identity management across various systems. There are two main versions of SCIM in use today: SCIM 1.1 and SCIM 2.0. While there are some similarities between these two versions, there are significant differences in how data is structured, formatted, and exchanged.
SCIM 2.0 was released in 2015 with the main goals of making the SCIM schema more flexible with more attributes and endpoints, and to increase interoperability between systems. It has additional filtering options, more attributes like mutability, uniqueness, and returned, and better support for partial updates with PATCH operations.
SCIM 1.1 came after SCIM 1.0 (now deprecated) and defined a RESTful API and a standardized schema for representing users and groups. However, it was not considered to be flexible enough by the developer community, leading to the introduction of SCIM 2.0.
Key differences between SCIM 1.1 and SCIM 2.0 include more attributes in SCIM 2.0, improved filtering options, PATCH request operations syntax, data format, security recommendations, and additional service provider Configuration endpoints.
Mar 26, 2024
1,832 words in the original blog post.
In March updates, WorkOS introduced session management, custom roles creation, impersonation feature for debugging issues, Datadog integration to stream events, and support for new JavaScript runtimes including Deno, Bun, Cloudflare Workers, Vercel, and Node.js. Additionally, Radix Themes 3.0 was released with new components, layout engine, color palette generator, improved Remix and Astro support, and enhanced documentation.
Mar 25, 2024
238 words in the original blog post.
The Developer's Guide to User Management provides comprehensive information for developers building enterprise-ready, resilient B2B authentication systems. It covers key concepts such as Single Sign On (SSO), Multi-Factor Authentication (MFA), sessions, bot protection, organizational authorization policies, and identity linking. The guide also discusses advanced topics like email verification, just-in-time provisioning, and user management system implementation using external providers like WorkOS and AuthKit.
Mar 25, 2024
3,729 words in the original blog post.
WorkOS has introduced a new feature called impersonation that allows support teams to troubleshoot issues effectively and securely without needing screen sharing or shared login credentials. This free feature enables support personnel to view exactly what users see, while excluding sensitive data. Impersonation is secure by default, requiring justifications for requests and emitting events upon occurrence. It's an opt-in option for users and can be globally toggled on or off in the WorkOS dashboard. The feature is available immediately to all WorkOS users who are using Sessions.
Mar 22, 2024
479 words in the original blog post.
WorkOS has introduced a new feature called impersonation that allows support teams to effectively troubleshoot issues faced by users without compromising security. This free-to-use feature enables support personnel to view exactly what the user sees, excluding any sensitive data. Impersonation is secure by default, requiring justification for each request and providing an option for users to opt-in or out of impersonation. The feature is powered by Sessions and requires no integration if developers are already using Sessions. Developers can customize application behavior during impersonation and detect when a user is being impersonated through the provided Impersonation component in Next.js library.
Mar 22, 2024
581 words in the original blog post.
The workos-node library now supports additional JavaScript environments like Deno, Bun, Cloudflare Workers, Vercel, and Node.js, simplifying API requests across these platforms. This enables the use of workos-node in Edge runtime environments like Next.js middleware for session management. Modern infrastructure like Cloudflare Workers and AuthKit are easy to use and powerful, allowing developers to build more efficient applications. The compatibility with modern JavaScript runtimes is achieved by upgrading core dependencies such as Fetch API and Web Crypto API.
Mar 21, 2024
474 words in the original blog post.
The workos-node library now supports various JavaScript environments, including Deno, Bun, Cloudflare Workers, Vercel, and Node.js. This enables easier API requests across these platforms. Updates to the latest version allow for seamless integration with Cloudflare Workers and Edge Middleware. Sessions, a new feature in WorkOS, enable secure session management in applications and can now be used in Edge runtime environments like Next.js middleware. The compatibility of workos-node with modern JavaScript runtimes is achieved by upgrading core dependencies to Fetch API and Web Crypto API, which are designed for use in both browser and server environments.
Mar 21, 2024
474 words in the original blog post.
WorkOS has introduced a new Datadog integration that enables users to stream all their events and generate comprehensive reports on end-user logins. This integration offers improved monitoring, debugging, and observability for organizations. The setup process is simple and requires minimal effort. In the coming months, WorkOS plans to support more popular logging providers and event gateways, as well as add more graphs, metrics, and insights to the Datadog dashboard from other WorkOS products like Directory Sync and Audit Logs.
Mar 20, 2024
420 words in the original blog post.
WorkOS has introduced a new Datadog integration that allows users to stream WorkOS events and generate comprehensive reports on all end-user logins. This feature enhances monitoring and debugging capabilities, enabling organizations to troubleshoot issues more effectively. The integration requires minimal setup and is available at no additional cost to WorkOS users. In the coming months, WorkOS plans to support other popular logging providers and event gateways, as well as add more graphs, metrics, and insights to the Datadog dashboard from other WorkOS products like Directory Sync and Audit Logs.
Mar 20, 2024
391 words in the original blog post.
Day 2 of Launch Week introduces Roles, a feature that simplifies access control levels for users by defining sets of permissions based on their job functions or responsibilities. This enhances the authorization process and ensures secure logins and access control in SaaS applications. Role creation is easy within the dashboard, and roles can be assigned to users. Integration with WorkOS SDKs allows for seamless implementation of Roles in applications. Upcoming features include role mapping from Identity Providers (IdPs) and organization level defaults.
Mar 19, 2024
635 words in the original blog post.
Day 2 of Launch Week introduces Roles, a feature that simplifies access control levels for users by defining sets of permissions based on job functions or responsibilities. Users can be categorized into roles such as admin, developer, and support, each with specific permissions. Roles provide the foundation for authorization (AuthZ), allowing administrators to provision users according to their specified roles within the WorkOS dashboard. Role creation is simple, and once created, they can be assigned to users. Integration of Roles with the WorkOS SDKs enables user access control by decoding JWT tokens. Upcoming features include role mapping from Identity Providers (IdPs) and organization-level defaults for default roles.
Mar 19, 2024
779 words in the original blog post.
Session management is a crucial tool for balancing user experience (UX) with security. It allows users to interact securely with an application within a specific time frame without needing to re-authenticate repeatedly. WorkOS has made session management available to all its users for free, providing easy integration through libraries like Next.js. The underlying mechanism uses access and refresh tokens to validate user sessions, ensuring security by default. Upcoming enhancements include real-time changes, inactivity timeouts, client SDKs, and PKCE support.
Mar 18, 2024
652 words in the original blog post.
OAuth and OpenID Connect (OIDC) are protocols that developers often confuse due to their overlapping features. OAuth is an authorization framework that allows apps to access resources on behalf of a user without exposing their credentials, while OIDC is an authentication protocol built on top of OAuth 2.0 that combines resource sharing and authentication.
OAuth is useful when you only need to authorize access to resources without verifying the user's identity, whereas OIDC is appropriate when you need both authorization and authentication. ID tokens in OIDC contain user profile information, while access tokens grant apps permission to access resources on behalf of the user.
OAuth addresses security flaws by using access tokens instead of usernames and passwords, enabling multiple flows for different types of apps, and providing fine-grained access control. However, it has a steep learning curve, lacks interoperability between providers, and poses security risks if tokens are stolen. OIDC enables Single Sign-On (SSO) authentication, reduces sign-up friction, and offloads authentication to third-party providers.
When using OAuth and OIDC together, OIDC is used for SSO authentication, while OAuth controls access to protected resources once the user is authenticated.
Mar 18, 2024
1,449 words in the original blog post.
Session management is a crucial tool for balancing user experience (UX) with security. It allows users to interact securely with an application within a specific time frame without needing constant re-authentication. WorkOS has introduced free session management through its AuthKit and User Management services, making it easier for developers to integrate this feature into their applications. The Next.js library is the quickest way to integrate sessions, requiring only a few lines of code. Under the hood, Sessions use access tokens and refresh tokens to validate user login status. WorkOS plans to enhance Sessions with real-time changes, inactivity timeouts, client SDKs, and PKCE support in the future.
Mar 18, 2024
652 words in the original blog post.
SAML (Security Assertion Markup Language) and OAuth are both standards for managing access between apps and services, but they serve different purposes. SAML is used in authentication and identity federation to allow users to log in once and access multiple services, often in enterprise or corporate scenarios. OAuth handles authorization only and grants apps limited access to user data without sharing passwords. While both are commonly used in Single Sign-On (SSO), they approach it differently. SAML provides a direct SSO experience for enterprise applications, while OAuth can be part of an SSO solution when combined with protocols like OpenID Connect.
SAML is an XML-based open standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). It uses assertions to represent authorization and authentication data. OAuth, on the other hand, is an authorization framework that lets apps obtain limited access to user data on other apps without having to expose user credentials.
SAML is best suited for enterprise apps where employees need to access a suite of applications from a single place. OAuth is commonly used for delegated access, allowing users to log into your app using their existing social media accounts or letting your app act on a user's behalf in other services.
Mar 07, 2024
1,735 words in the original blog post.
LDAP and SSO are both used for user authentication but serve different purposes. LDAP is an open protocol for querying and maintaining data in directories while SSO is an authentication method that allows users to use one set of login credentials to log in to multiple apps. LDAP is highly scalable, efficient at read operations, and supports centralized management of identities. However, it can be less efficient when handling a high volume of write operations and requires skilled IT staff for setup and maintenance. SSO offers convenience, increased security, and reduced IT costs by enabling users to access multiple applications from a single place without needing to sign in separately to each app. It also simplifies the task of managing user data and permissions across organizations. However, it can increase vulnerability as there's a single point of failure and added implementation complexity for service providers. LDAP is used to centralize user identities in a structured directory and manage access to all resources within an enterprise network while SSO is used to simplify user access across multiple apps and services.
Mar 07, 2024
1,299 words in the original blog post.
The System for Cross-Domain Identity Management (SCIM) is an open standard protocol used to automate the transfer of user identity data across different systems and domains. Microsoft Entra, formerly known as Azure Active Directory, uses SCIM to synchronize user profiles and attributes across service providers, triggering updates or removals in response to changes in user status or roles. Companies can enable this feature on their Microsoft Entra instance by connecting it to a vendor's SCIM-based endpoint. Software vendors can support SCIM syncing with Azure Active Directory/Microsoft Entra by designing and building a SCIM endpoint, getting their app onto the Entra App Gallery, stress testing and looking at edge cases, and keeping reusability in mind. Alternatively, they can use done-for-you products like Directory Sync by WorkOS to enable SCIM provisioning from Microsoft Entra and other major corporate identity providers with a straightforward API-based integration.
Mar 06, 2024
1,041 words in the original blog post.