WorkOS

You can now include your team's support email in Admin Portal setup emails. This email can also be set as the reply-to address, making it easier for your customers' admins to contact you with any questions. https://lnkd.in/eeJZtKKa

Community-led growth played a significant role in Timescale's early success, helping the company break into verticals like manufacturing and finance. But what did "community" mean for the team? It meant going beyond just open source software — providing free Slack support on day one, writing ungated content, and giving away cool swag that developers appreciated. Full episode: https://lnkd.in/eH2C9BHN

Managing permissions at the role level can be a good starting point, but eventually, most modern apps require a more fine-grained permissions model to address role explosion, maintenance complexity, and poor DX/UX. With WorkOS, migrating your RBAC implementation to FGA is simple. Part I of the RBAC to FGA series covers: ▶ Designing resource types that model your application’s authorization requirements. ▶ Defining the relationships between resources. ▶ Testing and validating the access model. https://lnkd.in/eV5AfUyj

Coming soon. 11.18 - 11.22 ✨ https://lnkd.in/ezpGgbtT

When modeling a multi-tenant SaaS app, "organizations" function as an important building block for several reasons. They can be used: ▶ To group users under specific authentication policies (e.g. force users with specific email domains to sign in with SSO). ▶ As containers for rolling out enterprise features like user provisioning and audit logs. ▶ To support both single workspace models (Slack) and multiple workspace models (Notion, Figma), where one user can belong to any number of orgs. Organization modeling with WorkOS is simple, with built-in domain verification, identity linking, and APIs to build common UI patterns like "organization switcher." https://lnkd.in/gW9naUd3

According to François Dufour, Twilio was one of the first companies that popularized the technical BDR function. Their goal wasn't to qualify the prospect but to help the user get unstuck and provide specific information developers were looking for. Since then, the technical BDR role has taken various titles like "product advocates" that Vercel uses to help developers build and deploy apps faster. Full episode: https://lnkd.in/eGjYJTTh

Last month, a vulnerability was disclosed in the Ruby-SAML and OmniAuth-SAML libraries allowing complete authentication bypass (undiscovered for a decade 🤯). It stemmed from an overly permissive query path supplied to Ruby's standard library implementation of Xpath's first method. In this post, we break down: - How the flaw works  - Vulnerable versions of popular software, including GitLab - How to ensure you've mitigated the issue - Proof of concept attacks  - Ramifications for the open-source community https://lnkd.in/eq6FDU2J

Securely signing out a user is a two-step process: 1. Deleting the session cookie 🍪 provides the user the experience of being logged out. 2. The session must be invalidated ❎ in the backend to prevent any malicious use during the active session window. You can do this easily in AuthKit using the `getLogoutURLFromSessionCookie` function.

One more week until the Enterprise Ready Conference 🌉 Here's a preview of the incredible work our design team has done to transform the venue, including a pop-up cafe where you'll be able to enjoy fresh lattes and cortados. ☕ https://lnkd.in/etHF-Qyi

WorkOS SSO now supports identity provider role assignment. You can easily map group memberships to roles in the Dashboard under the SSO connection settings. https://lnkd.in/db-QFcyD