Bubble Docs
  • Introduction
  • New? Start Here
  • What is Bubble?
  • The Glossary
  • User manual
    • Getting started
      • What is Bubble?
      • Building your first app
        • Planning features
        • Database structure
        • Design and UX
        • eCommerce and payments
          • Shopping cart
          • Checkout page
          • One-time payments
          • Subscriptions
          • Marketplace
      • Creating and managing apps
      • The Bubble editor
        • Tabs and sections
          • Design tab
            • The element tree
            • The property editor
          • Workflow tab
          • Data tab
          • Styles tab
          • Plugins tab
          • Settings tab
            • Application settings
              • Custom headers/body
              • Visual settings
              • Social media sharing
              • Translating your app
              • Email settings
              • Collaboration
            • Custom domain and DNS
          • Logs tab
        • Tools
          • Key features
          • The search tool
          • The Issue Checker
          • The element tree
          • The element property editor
          • The debugger
          • Notes
        • Previewing your app
      • Transitioning to Bubble from...
        • JavaScript
        • HTML and CSS
        • SQL
    • Design
      • Elements
        • The element hierarchy
          • The element tree
        • The page
        • Containers
          • Groups
          • Repeating groups
          • Table elements
          • Popups
          • Floating groups
          • Group focus
        • Visual elements
        • Input forms
          • Text and numbers
          • Dates and time
          • File uploads
          • Selection controls
        • Reusable Elements
      • Styling
        • Color variables
        • Font variables
        • Styles
        • Custom Fonts
      • Responsive design
        • Building responsive pages
        • Legacy articles
          • The Basics (Legacy)
          • Building Responsive Pages (Legacy)
          • Migrating Legacy Pages
          • Tips When Designing (Legacy)
      • Templates
      • The Component Library
      • Importing from Figma
    • Data
      • The database
        • Data types and fields
        • Creating, saving and deleting data
        • Finding data
        • Displaying data
        • Protecting data with privacy rules
        • The database editor
        • Export/import data
          • Exporting data
          • Importing data (CSV)
        • Working with location data
        • Using Algolia
        • Database structure by app type
          • Marketplace Apps
          • Directory & Listings Apps
          • Social Network Apps
          • SaaS Apps
          • Project Management Apps
          • CRM Apps
          • Professional Services Apps
          • On-demand Apps
          • Documentation/ CMS Apps
          • Applicant Tracking System (ATS) Apps
          • Portfolio Apps
          • Gallery Apps
          • Online Store / Ecommerce Apps
          • Blog Apps
          • Messaging App
          • Dashboards
          • Building Block Apps
          • Bubble as a backend
      • Files
      • Images
      • Static data
        • App texts (translations)
        • Option sets
      • Temporary data
        • Custom states
        • URL parameters
      • User accounts
        • Authentication plugins
          • Facebook plugin
          • Fitbit plugin
          • Google plugin
          • Instagram plugin
          • LinkedIn plugin
          • Pinterest plugin
          • Slack plugin
          • Wistia plugin
          • YouTube plugin
        • Cookies set by Bubble
      • Time, dates and time zones
    • Logic
      • The frontend and backend
      • Workflows
        • Events
          • Frontend events
            • Recurring workflows
            • Custom events
          • Backend events
            • Database trigger events
        • Actions
        • API Workflows
      • Dynamic expressions
      • Conditions
      • Navigation
        • Single-page applications (SPA)
        • Multi-page applications
        • Page slugs
    • Workload
      • Understanding workload
        • Activity types
        • The workload calculation
        • Client-side and server-side processing
      • Tracking workload
        • Measuring
          • Using App Metrics
        • Monitoring
          • Workload notifications
          • Infinite recursion protection
      • Optimizing workload
        • Optimization framework
        • Optimization checklist
          • Page load
          • Searches
          • Workflows and actions
          • Backend workflows
        • Agency showcases
          • Minimum Studio
          • Neam
          • Support Dept
    • Security
      • Bubble's security features
      • Planning app security
      • Client-side and server-side
      • Bubble account security
      • App security
      • Page security
      • Database security
      • API security
        • API Connector security
        • Data API security
        • Workflow API security
      • Flusk
        • Overview
        • Flusk plan features
        • Getting started with Flusk
        • Flusk security tools
          • The Issues Explorer
          • Issue details
          • Tools and settings
            • Pages rating
            • Database rating
        • Flusk FAQ
      • Cookies
      • Security checklist
    • Publishing your app
      • Web app
      • Native mobile app
        • Global native mobile settings
        • iOS App Store
        • Google Play Store
        • Publishing FAQ
    • AI
      • Generate apps with AI
        • About AI app generation
      • AI page designer
      • Connect to AI agents
    • Maintenance
      • Collaborators
      • Version control
        • Best practices: Version control
        • Transitioning from the legacy version control
        • Terminology: Version control
        • Version Control (legacy)
      • Commenting
      • Database maintenance
        • Copying the database
        • Restoring database backups
        • Bulk operations
          • Bulk operation methods compared
        • Wiping change history
      • Performance
        • Hard limits
        • Capacity Usage (legacy)
        • Notes on queries
      • SEO
        • Introduction to SEO
        • SEO: App
        • SEO: Page
      • Testing and debugging
        • Introduction to testing and debugging
        • The debugger
        • The server logs
        • Supported browsers
      • API workflow scheduler
    • Integrations
      • API
        • Introduction to APIs
          • What is a RESTful API?
        • The Bubble API
          • Bubble API terminology
          • Authentication
            • How to authenticate
            • No authentication
            • As a User
            • As an admin
          • The Data API
            • Data API Privacy Rules
            • Data API endpoints
            • Data API requests
          • The Workflow API
            • Workflow API privacy rules
            • Workflow API endpoints
            • API workflows
              • Creating API workflows
              • Scheduling API workflows
              • Recursive API workflows
              • API Workflow Scheduler
              • Case: Stripe notifications
        • The API Connector
          • Authentication
          • API Connector security
          • API guides
            • OpenAI
              • Authentication
              • Calls
                • ChatGPT
                  • Chat
            • Google Translate
              • How to setup Google API keys
          • Streaming API
        • API security
        • Plugins that connect to APIs
        • API Glossary
      • Plugins
        • What Plugins Can Do
        • Installing and using Plugins
        • Authentication plugins
        • Special Plugins
      • SQL Database Connector
      • Bubble App Connector
      • WorkOS
        • WorkOS SSO
        • WorkOS API
    • Infrastructure
      • Sub-apps
      • Bubble release tiers
      • Hosting and scaling
        • How Bubble hosting works
        • Scaling with Bubble
        • CDN (Cloudflare)
        • Bubble app names
        • Domain and DNS
      • Compliance
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks and standards
    • Bubble for Enterprise
      • Hosting and infrastructure
        • Dedicated instance
          • The Dedicated editor experience
          • Technical specs
          • Main cluster dependencies
          • Customizable options
          • Migration process
            • Pre-migration
            • During migration
            • Post-migration
      • Security and compliance
        • Single sign-on (SSO)
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks
        • Bubble's security features
      • Admin and collaboration
      • Priority support
      • Billing and Payment Guideline for Dedicated Instances
  • Core Reference
    • Using the core reference
    • Bubble's Interface
      • Design tab
      • Design tab (Legacy)
      • Workflow tab
      • Data tab
      • Styles tab
      • Styles tab (Legacy)
      • Plugins tab
      • Settings tab
      • Logs tab
      • Template tab
      • Toolbar
      • Top and context menu options
      • Deployment and version control
        • Deployment & Version Control Dropdown (legacy)
      • Notes
    • Elements
      • General properties
      • General properties (Legacy)
      • Styling properties
      • Styling Properties (Legacy)
      • Responsive Properties
      • Responsive Properties (Legacy)
      • Conditional formatting
      • States
      • Page Element
        • Page Element (Legacy)
      • Visual Elements
      • Containers
      • Container Layout Types
      • Containers (Legacy)
      • Input Forms
      • Reusable Elements
      • Element Templates (legacy)
    • Workflows
    • Events
      • General events
      • Element events
      • Custom events
      • Recurring event
      • Database trigger event
    • Actions
      • Account
      • Navigation
      • Data (things)
      • Email
      • Element
      • Custom
    • Data
      • Data Sources
      • Operators and comparisons
      • Search
      • Privacy
    • Styles
    • API
      • The Bubble API
        • The Data API
          • Authentication
          • Data API endpoints
          • Data API requests
        • The Workflow API
      • The API Connector
        • Authentication
        • Adding calls
    • Bubble-made Plugins
      • AddtoAny Share Buttons
      • Airtable
      • API Connector
      • Blockspring
      • Box
      • Braintree
      • Bubble App Connector
      • Chart.js
      • Circle Music Player
      • Draggable Elements
      • Dropzone
      • Facebook
      • Fitbit
      • Full Calendar
      • Google
      • Google Analytics
      • Google Optimize
      • Google Places
      • Ionic Elements
      • iTunes
      • Slidebar Menu
      • LinkedIn
      • Localize Translation
      • Mixpanel
      • Mouse & Keyboard Interactions
      • Multiselect Dropdown
      • Progress Bar
      • Rich Text Editor
      • Rich Text Editor (Legacy)
      • Screenshotlayer
      • SelectPDF
      • Slack
      • Segment
      • Slick Slideshow
      • SQL Database Connector
      • Star Rating
      • Stripe
      • Tinder-like Element
      • Twitter
      • YouTube
      • Zapier
    • Application Settings
      • App plan
      • General
      • Domain / email
      • Languages
      • SEO / metatags
      • API
      • Collaboration
      • Sub-apps
      • Versions
  • Account & Marketplace
    • Account and billing
      • Pricing and plans
        • Plans and billing
        • Billing cycle
        • FAQ: Pricing and Workload
      • Account Management
      • Building Apps for Others
      • Selling on the Marketplace
      • Plans & Billing (legacy)
    • Official Bubble Certification
      • Hiring certified developers
    • Building Plugins
      • The Plugin Editor
      • General Settings
      • Updating to Plugin API v4
      • Adding API Connections
      • Building Elements
      • Building Actions
      • Loading Data
      • Publishing and versioning
      • Github Integration
    • Building Templates
    • Application and data ownership
    • Marketplace policies
    • Bug reports
  • Vulnerability Disclosure Policy
  • Beta features
    • About the Beta features section
    • Native mobile apps 🔒
      • Introduction
        • What is a native mobile app?
        • Native mobile vs. web development
        • Differences in native and web elements
        • Native mobile app terminology
      • Building
        • Views and navigation
        • Native mobile actions
        • Components and gestures
        • Device resources
          • Location services
          • Camera/photo library
      • Previewing
      • Publishing
Powered by GitBook
On this page
  • Understanding SSO
  • What is SSO?
  • Why is this important for enterprise end-users?
  • How does WorkOS facilitate SSO?
  • Setting up a signup/login workflow with WorkOS
  • Other ways to learn

Was this helpful?

  1. User manual
  2. Integrations
  3. WorkOS

WorkOS SSO

Last updated 1 year ago

Was this helpful?

In configuring your app’s integration with WorkOS, you'll find that a big part of the setup happens within WorkOS itself. For up-to-date documentation on this process, be sure to refer to WorkOS documentation.

External page:

Understanding SSO

What is SSO?

Single Sign-On (SSO) is a user authentication service that allows a user to use one set of login credentials (e.g., name and password) to access multiple applications. Essentially, it simplifies the login process by eliminating the need for different usernames and passwords for each application.

You may have already used this in different contexts. For example, you can log in to your Bubble account using your Google credentials, even though Bubble is not affiliated with Google. For single end-users, this can make signup and login processes more streamlined, and for enterprise users it helps maintain a higher degree of security, as administrators can manage all their employees in one centralized system (in this case WorkOS).

When you use an SSO provider to log into another service, the login credentials are not shared with that service. For example, when you use your Google credentials to log into your Bubble account, Bubble never has access to your credentials.

Why is this important for enterprise end-users?

For enterprise end-users, SSO is crucial for several reasons. Firstly, it simplifies account management and compliance with corporate security policies, making it easier to manage individual employees and oversee permissions as the enterprise scales in size. Secondly, it boosts efficiency and user experience, as employees can quickly access multiple tools and services without repeatedly logging in. Finally, it enhances security by allowing administrators to establish robust, cross-platform password policies and prevent employees from reusing the same password across multiple accounts.

How does WorkOS facilitate SSO?

For you as the developer

WorkOS facilitates SSO by acting as an intermediary between your app and various identity providers (IdPs) like Google or Microsoft. It handles the complex part of the authentication process, allowing your app to offer a streamlined login experience without having to build and maintain the infrastructure for each IdP's authentication protocol. This outsources both the work needed to implement additional IdPs in your app, and lets each of your clients use the IdP that their organization prefers.

For many larger and enterprise organizations, this is not only a convenience or preference, but a necessity as part of their security policy. As such, the WorkOS plugins can open the door to an additional group of clients, without needing extensive customization to offer the right IdPs.

For your enterprise administrators

WorkOS allows administrators to manage Single Sign-On (SSO) through an admin portal, where they can:

  • Set up and configure SSO connections: Admins can establish connections with various identity providers (IdPs), like Google or Microsoft, customizing the SSO experience to align with their organization's needs.

  • Control user access: They have the ability to manage which users or groups within their organization have access to specific applications, ensuring that the right people have the right access.

  • Monitor and audit logins: The portal provides tools for tracking and auditing user logins and activities.

  • Customize authentication policies: Administrators can define and enforce authentication policies, including multi-factor authentication requirements.

  • Troubleshoot and support users: The admin portal offers tools to assist with any SSO-related issues.

By centralizing these functions, WorkOS makes it easier for administrators to implement and manage SSO effectively across their organization's applications.

How does an SSO login process work for end-users with the WorkOS SSO API?

When an end-user logs in to an app integrated with the WorkOS SSO API, they are redirected to a familiar identity provider's login page (like their corporate login system or that of a third party such as Google). After entering their credentials, WorkOS verifies their identity and sends a confirmation back to the app, granting the user access. This process is seamless, secure, and requires minimal input from the user, aligning with their existing login habits.

How can enterprise administrators manage their organization in WorkOS?

Enterprise administrators can manage their organization in WorkOS through the Admin Portal. Here, they can configure SSO connections, set up and adjust authentication policies, and manage user access to various applications. This centralized management system allows for efficient control over how employees access and use enterprise applications, ensuring both ease of use and adherence to security protocols.

Setting up a signup/login workflow with WorkOS

After having installed the plugin and set up the ID and secret key in the plugin settings, you can start using WorkOS as a signup and login action. First, set up the event/workflow where you want the signup or login to take place, and then add the Signup/login with a social network action.

Then, pick WorkOS SSO as the OAuth provider.

The action property editor will ask for three more pieces of information (assuming that you have already entered the App ID and secret key in the plugin settings):

Connection ID

A Connection refers to a link or integration between your app and the identity provider (like Google Workspace, Microsoft Azure AD, etc.). This connection is what allows your application to communicate with these external services. Each SSO integration with a different identity provider is a separate connection.

Organization ID:

An Organization is the top-level resource in WorkOS, and represents a company or a group of users that share the same domain or are part of the same corporate structure. When you integrate WorkOS into your app, you can configure it to recognize different organizations. This way, users belonging to a particular organization can have specific authentication providers/methods and access controls.

Provider:

The Provider refers to the external service or identity provider that WorkOS can connect to. These are the services like Google Workspace, Microsoft Azure AD, Okta, etc., that provide identity management.

When you set up a connection in WorkOS, you specify which provider you're connecting to, and this determines how your app will interact with that service.

Other ways to learn

Articles

Related articles

Bubble for Enterprise

Article series:

Article:

Article series: (introduction to WorkOS)

Article: (setting up SSO for your Bubble account, as opposed to your Bubble app)

WorkOS Docs
Introduction to APIs
The API Connector
WorkOS
SSO