WorkOS

WorkOS is a developer platform that adds enterprise SSO, SCIM, SAML, RBAC, and audit logs to any SaaS app in one afternoon. Drop-in SDKs for Node, Python, Go, Rails, and React expose pre-built UI components and REST APIs that map every major identity provider—Okta, Azure AD, Google Workspace, Ping, OneLogin, JumpCloud, etc.—to a normalized data model. A single Admin Portal lets customers configure connections themselves, so engineering never has to touch another XML metadata file again.

Main features
• Enterprise Ready in Hours: Copy three environment variables, redirect to the WorkOS authorize URL, and claim “SSO enabled” on your pricing page the same day.
• Universal Provider Support: One integration speaks SAML 2.0, OIDC, and SCIM; the platform keeps provider quirks (signed assertions, group flattening, custom attributes) out of your codebase.
• Self-Service Admin Portal: White-labelled interface where IT teams add IdPs, map attributes, test connections, and rotate certificates without opening a support ticket.
• Directory Sync & SCIM: Real-time user and group provisioning; webhooks push normalized events (user.created, group.updated) to your app so seats stay in sync automatically.
• Fine-Grained RBAC: Policy engine maps IdP groups to in-app roles; JSON rules can reference department, cost-center, or custom claims to grant or restrict feature flags at login time.
• Audit Logs & Compliance: Immutable, cursor-paginated streams of every authentication, provision, and role change; export to CSV or SIEM in seconds to speed through SOC 2 and enterprise security questionnaires.
• SLA, SAML, & SCIM in a Box: 99.9 % uptime SLA, automatic certificate renewal, and XML signature validation handled for you—no open-source libraries to patch.