WorkOS is the enterprise identity API behind OpenAI, Cursor and Vercel — SAML SSO, SCIM, audit logs and AuthKit. Free up to 1M MAUs, $125 per connection.
WorkOS is a developer-first enterprise identity platform that lets B2B SaaS companies ship single sign-on (SSO), SCIM provisioning, audit logs, and a complete user management stack with a few API calls — the same plumbing that powers OpenAI, Cursor, Vercel, Perplexity and Plaid behind the scenes. We rate it 89/100 — the right pick for any B2B startup that needs to be enterprise-ready on day one, with the only meaningful tradeoff being that connection-based pricing can sting when you sell SSO to small customers.
WorkOS was founded in by Michael Grinich (CEO, MIT CS, previously co-founder/CEO of Nylas) and is headquartered in San Francisco. The company hit unicorn status in with a $100M Series C led by Meritech and Sapphire Ventures at a $2B valuation, bringing total funding to roughly $195M across five rounds. According to public reporting on the round, the company crossed $30M ARR with more than 1,000 customers and counts OpenAI, Cursor, Vercel, Perplexity, Plaid, Anthropic, Webflow and ramp among its public users.
The problem WorkOS solves is brutally specific: when your B2B SaaS startup lands a Fortune 500 deal, security review tells you "we need SAML SSO, SCIM provisioning into our Okta tenant, MFA, audit logs and probably a SOC 2 report by next week." Building any of those properly takes a senior engineer two to four months. WorkOS turns each one into a single API call and a hosted Admin Portal you can hand to the customer's IT team. Michael Grinich's pitch on the Founders Talk podcast captured the philosophy bluntly: "Most modern auth tools are optimised for developer satisfaction at day zero. WorkOS is optimised for company survival on day 900."
Sentiment across Hacker News, r/SaaS, r/webdev, the Product Hunt reviews and G2 is unusually positive for an infrastructure product. The most consistent praise lines up across every channel: documentation is "clear and concise," support replies "in minutes, not days," and AuthKit + Radar feel like one cohesive system rather than two stitched-together features. A March 2026 dev.to deep-dive by Andrew Baisden captures the typical reaction: AuthKit and Radar appear "like parts of one system, engineered to address real enterprise identity issues."
The honest complaints are equally consistent. The biggest is pricing structure: at $125 per SSO connection per month, multiple companies on G2 and Compile7's review have publicly noted they cannot offer SSO on lower-priced tiers because the WorkOS connection cost exceeds the customer's revenue — the so-called "SSO tax problem." A Compile7 reviewer also flagged a real product gap: "We switched to WorkOS from Auth0 — WorkOS unfortunately doesn't have session management like Auth0, so we had to roll session management on our own." A subtler complaint surfaces on G2 from teams using Microsoft Entra ID SSO: profile images don't sync from the IdP, which Auth0 used to handle for them.
WorkOS uses transparent, organization-based pricing. Each enterprise customer you onboard pays a flat per-connection fee (regardless of whether they bring 10 or 10,000 users), plus a generous free MAU tier through AuthKit.
| Product | Price | Key Limits |
|---|---|---|
| AuthKit (User Management) | Free up to 1M MAUs | $2,500/month per additional 1M MAUs after that |
| Enterprise SSO | $125/connection/month | Volume discounts: $100 (16–30), $80 (31–50), $65 (51–100), $50 (101–200) |
| Directory Sync (SCIM) | $125/connection/month | Same volume discount tiers as SSO |
| Audit Logs | $99/month | Tamper-evident event store with SIEM streaming |
| Radar | Free up to 1,000 checks | $100/month per 50K additional checks |
| Enterprise | Custom | Annual discounts, 99.99% uptime SLA, guided migration, dedicated support |
For a back-of-napkin estimate: a B2B SaaS with 50 enterprise customers on SSO + SCIM is paying about $8,000/month ($80 × 50 × 2 connections) for the parts that would otherwise take a senior engineer three to six months to ship correctly. For most teams that math is wildly favorable; for self-serve products selling SSO at a $20/month tier it is not.
Best for: B2B SaaS startups and growth-stage companies selling to mid-market or enterprise customers who need SAML SSO, SCIM, audit logs and SOC 2-grade controls without spinning up an internal identity team. Particularly strong fit for AI-era infrastructure companies — OpenAI, Cursor, Anthropic and Perplexity all run on it for a reason.
Not ideal for: Pure consumer apps with no enterprise sales motion (cheaper alternatives like Clerk or Better Auth will be more cost-effective), or self-serve products that need to bundle SSO into a $10–50/month tier — the $125-per-connection floor makes that math hard.
Pros:
Cons:
The most-cited alternatives in 2026 are Clerk (developer-first auth and user management with a similar AuthKit-style UI, cheaper for B2C and self-serve, less enterprise depth), Better Auth (open-source, self-hosted TypeScript auth library — the budget-conscious pick for teams willing to own their own session and SSO logic), and Auth0 (the incumbent — broader feature set including session management, but markedly more expensive and slower roadmap). Stytch is the closest 1:1 competitor for the enterprise-auth-API category. WorkOS wins on developer ergonomics and SSO/SCIM ergonomics; Auth0 wins on completeness; Clerk wins on price and time-to-first-login for B2C.
Yes — for any B2B SaaS company that has a real enterprise sales pipeline. The combination of the Admin Portal, AuthKit's 1M-MAU free tier and best-in-class documentation will pay for itself the first time it shortens an enterprise security review by a week. We rate it 89/100: best-in-class for B2B enterprise auth, with the connection-based pricing and missing session management being the only meaningful reasons to look elsewhere. Skip it only if you are pure B2C, or you are bootstrapping a price-sensitive self-serve product where every customer pays under $50/month.
Arm Launches Performix — Free AI-Agent Toolkit With MCP (Apr 28, 2026)
Arm announced Performix on April 28, 2026 — a free, extensible performance-analysis toolkit for AI agents on Arm-based cloud infrastructure, with a built-in MCP server that plugs into GitHub Copilot, Codex, Gemini and Kiro. Microsoft, MongoDB, Redis and SAP are launch partners.
May 3, 2026
OpenAI Brings GPT-5.5 and Codex to Amazon Bedrock — One Day After Microsoft Exclusivity Ends (April 28, 2026)
AWS launched a limited preview of GPT-5.5, Codex and Bedrock Managed Agents one day after Microsoft's OpenAI API exclusivity officially ended.
May 3, 2026
NIST CAISI Evaluation Lands: DeepSeek V4 Pro Trails U.S. Frontier by 8 Months but Wins on Cost (May 1, 2026)
NIST's Center for AI Standards and Innovation published its evaluation of DeepSeek V4 Pro on May 1, 2026, finding the open-weight Chinese flagship lags U.S. frontier models like GPT-5.5 and Claude Opus 4.6 by roughly eight months — but undercuts GPT-5.4 mini on cost across most benchmarks.
May 3, 2026
Is this product worth it?
Built With
Compare with other tools
