W
WorkOS
INFRA · APIS
Velocity5.0
WorkOS keeps compounding enterprise primitives: RBAC, SCIM, audit, MCP auth
enterprise-authrbacscimaudit-logsmcp-authfeature-flags
◆Current state
WorkOS is shipping a steady stream of enterprise-readiness primitives: group-level role assignments and a Groups API for RBAC, Snowflake streaming for audit logs, SCIM bearer-token rotation, self-serve environment creation, user-scoped API keys, a Feature Flags runtime client, and resource indicators for MCP auth. Each is a focused, single-purpose addition.
◆Where it's heading
The company is broadening from its SSO and Directory Sync roots into a wider enterprise platform, RBAC, feature flags, data pipes, and AI/MCP authorization, betting developers adopt more of the stack once they are in. The MCP-auth work shows it tracking the agent ecosystem.
◆Prediction
Expect continued breadth across enterprise primitives rather than a single headline launch.
◆Recent moves
- 9d ago
Roles for Groups
Roles can now be assigned at the group level, extending RBAC granularity. Part of WorkOS's steady authorization build-out.
- 10d ago
Snowflake log streaming in Audit Logs
Audit logs can stream to Snowflake, writing each event as a row beside existing data. Enterprise observability depth.
- 17d ago
Pipes Custom Providers
Pipes adds custom providers so any compatible data source can connect to an application. Broadens the Pipes integration surface.
- 24d ago
SCIM Bearer Token Rotation
IT admins can view and independently rotate SCIM directory bearer tokens from the Admin Portal. A security and self-service improvement.
- 1mo ago
Environment Creation
Self-serve creation of additional staging or production environments on demand. Removes a setup dependency for teams.
- 1mo ago
User Scoped API Keys
API keys can now be scoped to individual users within an organization. Finer-grained access control.