npm - @workos/mcp-docs-server - Versions diffs - 0.1.0 - Mend

@workos/mcp-docs-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/.docs/organized/docs/user-management/jit-provisioning.mdx ADDED Viewed

@@ -0,0 +1,36 @@
+---
+title: Just-in-time Provisioning
+description: Automatically provision users and memberships with JIT provisioning.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/jit-provisioning.mdx
+---
+## Introduction
+JIT provisioning automatically creates users and organization memberships when a user signs in for the first time. This feature allows users to access an organization’s resources without requiring manual invitations from the IT admin.
+## Automatically add users with verified domains as members
+Users with [verified email domains](/user-management/domain-verification) can be automatically added as members to an organization through the organization's [domain policy](/user-management/organization-policies/domain-policy). This feature is useful when an application or organization wants to automatically group individuals into the same workspace based on their email domain.
+![Configuring a domain policy in the dashboard](https://images.workoscdn.com/images/b98493d9-f9fe-475d-a448-f9099558cd19.png?auto=format&fit=clip&q=50)
+## SSO JIT provisioning
+When a user signs in for the first time, WorkOS detects when their email domain matches a verified domain of an organization and prompts the user to sign in through the organization's IdP. This user is then automatically created and added as a member to the organization.
+![Configuring just-in-time provisioning for SSO users in the dashboard](https://images.workoscdn.com/images/90a85516-ed7a-4bd4-88a5-384b2f818436.png?auto=format&fit=clip&q=50)
+### Guest provisioning
+SSO JIT provisioning is not fully supported for guests whose email domain has not been [verified](/user-management/domain-verification) by the organization.
+For example, an IT admin may want to gate all contractor access through their IdP (to enable access revocation across applications) but the contractor prefers to use their own email address.
+Instead, guest users must be [invited](/user-management/invitations) to join the organization before they are able to sign in with the organization's IdP.
+## Disabling JIT provisioning
+Both automatic membership by email domain and SSO JIT provisioning are enabled by default but can be disabled in the [WorkOS Dashboard](https://dashboard.workos.com).
+Disabling these features may be useful if the IT admin prefers to manually control membership through [invitations](/user-management/invitations).

package/.docs/organized/docs/user-management/jwt-templates.mdx ADDED Viewed

@@ -0,0 +1,278 @@
+---
+title: JWT Templates
+description: Customize the claims in your application's access tokens.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/jwt-templates.mdx
+---
+## Introduction
+JWT templates allow you to customize the claims in your application's access tokens issued by WorkOS. You can leverage core attributes of users and organizations, in addition to [custom metadata](/user-management/metadata) you set on these objects.
+---
+## Create a JWT template
+JWT templates are managed in the Authentication section of the [WorkOS Dashboard](https://dashboard.workos.com/). Under the sessions section, choose Configure JWT Template.
+![WorkOS dashboard demonstrating the position of the "Configure JWT template" button](https://images.workoscdn.com/images/27daa36f-ca4e-4733-bd1b-ebb961f45454.png?auto=format&fit=clip&q=50)
+JWT templates are comprised of a template string which is rendered with the user and organization context after a user successfully authenticates.
+## Example usage
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-example.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+## Syntax
+### 1. **Basic Variable Interpolation**
+You can reference variables inside the template.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-1.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-1.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-1.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### 2. **Fallback Values** (`||` operator)
+If the first value is `null` or undefined, the next value in the fallback chain is used.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-2.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-2.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-2.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### 3. **String Literals**
+Strings can be used as fallback values.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-3.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-3.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-3.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### 4. **Concatenation in Strings**
+Multiple variables can be used within a single string.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-4.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-4.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-4.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### 5. **Object Interpolation**
+Interpolating entire objects and arrays is allowed if they are valid JSON objects. This is not allowed inside string literals and will throw a validation error.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-5.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-5.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-5.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### 6. **Reserved Keys Restriction**
+The following keys cannot be used in templates:
+- `iss`
+- `sub`
+- `exp`
+- `iat`
+- `nbf`
+- `jti`
+Any attempt to use these keys will result in a validation error.
+## Whitespace Handling
+The rendering engine trims whitespace from the beginning and end of string values.
+## Error Handling
+If the template contains invalid syntax, an error will be thrown:
+- **Template must render to an object:** If the template does not evaluate to a valid JSON object (e.g., an array or primitive value). Example:
+  ```js
+  [ {{ user.email }} ]
+  ```
+- **Keys reserved (`iss`, `sub`, `exp`, etc.):** These keys cannot be used in the template.
+  ```js
+  { "iss": {{ user.email }} }
+  ```
+- **String encapsulated expression cannot contain object reference:** Objects cannot be interpolated inside a string.
+  ```js
+  { "user": "{{ user.metadata }}" }
+  ```
+- **Invalid expression segment:** Logical operators (`||` with empty operands) or malformed expressions are not allowed.
+  ```js
+  {{ user.email && user user }}
+  {{ user.email || || user.email }}
+  ```
+- **Template parse error: missing '}}':** A template block was opened but never closed.
+  ```js
+  {{ user.id
+  ```
+- **Expression cannot be empty:** An empty expression inside `{{ }}` is invalid.
+  ```html
+  {{}}
+  ```
+- **Missing closing braces:** `Template parse error: missing '}}'`
+- **Invalid key usage:** `Keys reserved (iss, sub, exp, etc.)`
+- **Unknown variables:** `Invalid path: "unknown.variable"`
+## Null Handling
+JWT templates provide built-in handling for `null` values to ensure access tokens only contain populated claims.
+### **1. Removing Top-Level Null Values**
+If an expression evaluates to `null`, the corresponding key is removed from the final JSON output.
+#### **Example**
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-6.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-6.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-6.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### **2. Handling Null Values in Concatenated Strings**
+If a `null` value appears in a string concatenation, it is replaced with an empty string (`""`) instead of being removed.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-7.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-7.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-7.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+### **3. Using Fallbacks to Avoid Null Values**
+The `||` operator can be used to provide a fallback value when an expression evaluates to `null`.
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-8.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-context-8.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="jwt-template-output-8.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>
+## Size limits
+JWT templates must render to a JSON object that is 3072 bytes or smaller due to cookie size constraints in web browsers.

package/.docs/organized/docs/user-management/magic-auth.mdx ADDED Viewed

@@ -0,0 +1,36 @@
+---
+title: Magic Auth
+description: Maximize user experience and security with passwordless authentication.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/magic-auth.mdx
+---
+## Introduction
+Magic Auth is a passwordless authentication method that allows users to sign in or sign up via a unique, six digit one-time-use code sent to their email inbox.
+## Getting started
+AuthKit will make the necessary API calls to issue one-time-use codes via email and provide input verification and authentication automatically. If desired, you can [send these emails yourself](/user-management/custom-emails).
+> **Important:** Emails will not be sent from the **production** environment until you have configured a domain. See the [Custom Domains](/custom-domains/email) guide for more information on how to configure this.
+### Enabling Magic Auth
+Magic Auth can be enabled in the _Authentication_ section of the [WorkOS dashboard](https://dashboard.workos.com). Users will then be able to sign in or sign up via Magic Auth on the AuthKit authentication page.
+One-time-use codes expire after **10 minutes**.
+![Dashboard showing how to enable Magic Auth](https://images.workoscdn.com/images/78df279e-3bd5-451e-a0a0-7e93ed5e5bd5.png?auto=format&fit=clip&q=80)
+![AuthKit displaying email sign-in](https://images.workoscdn.com/images/9129ad29-d488-462b-ad85-3a2a7908235d.png?auto=format&fit=clip&q=80)
+![AuthKit displaying code input UI](https://images.workoscdn.com/images/1810724e-466f-4f76-b905-12167a051cdf.png?auto=format&fit=clip&q=80)
+---
+## Integrating via the API
+If you’d prefer to build and manage your own authentication UI, you can do so via the User Management [Magic Auth API](/reference/user-management/magic-auth).
+Examples of building custom UI are also [available on GitHub](https://github.com/workos/authkit).

package/.docs/organized/docs/user-management/mcp.mdx ADDED Viewed

@@ -0,0 +1,146 @@
+---
+title: Model Context Protocol
+description: How to use AuthKit as the authorization server for your MCP server.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/mcp.mdx
+---
+## Introduction
+[Model Context Protocol](https://modelcontextprotocol.io/) (MCP) is a new protocol that standardizes how LLM-based clients can programmatically interact with applications. This includes querying data, in the form of resources, or taking direct actions in the application in the form of tools.
+This guide is intended for application developers implementing an MCP _server_ that requires authentication. WorkOS and AuthKit can provide a secure way to manage access to your MCP server with minimal effort.
+> Support for the MCP authorization spec is currently in feature preview. Reach out to [WorkOS support](mailto:support@workos.com?subject=MCP%20Authentication%20with%20AuthKit) if you want early access.
+## Authorization
+The MCP specification builds on industry-standard protocols like [OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749) in order to secure access to an MCP server. It makes the following distinctions between entities in the authorization flow:
+- **Resource Server** – This is your MCP server, which you may choose to build using the [official Model Context Protocol SDKs](https://github.com/modelcontextprotocol).
+- **Authorization Server** – This is AuthKit, which is a spec-compatible OAuth authorization server. While the spec allows the authorization and resource server to be the same, it can be architecturally simpler to delegate to an existing authorization server like AuthKit.
+Support for MCP authorization is built on top of [WorkOS Connect](/user-management/connect), which provides all of the necessary OAuth API endpoints MCP clients will use to authenticate. You can view your AuthKit metadata by making a request to its `/.well-known/oauth-authorization-server` endpoint:
+```bash
+curl https://authkit_domain/.well-known/oauth-authorization-server | jq
+{
+  "authorization_endpoint": "https://authkit_domain/oauth2/authorize",
+  "code_challenge_methods_supported": ["S256"],
+  "grant_types_supported": ["authorization_code", "refresh_token"],
+  "introspection_endpoint": "https://authkit_domain/oauth2/introspection",
+  "issuer": "https://authkit_domain",
+  "registration_endpoint": "https://authkit_domain/oauth2/register",
+  "scopes_supported": ["email", "offline_access", "openid", "profile"],
+  "response_modes_supported": ["query"],
+  "response_types_supported": ["code"],
+  "token_endpoint": "https://authkit_domain/oauth2/token",
+  "token_endpoint_auth_methods_supported": [
+    "none",
+    "client_secret_post",
+    "client_secret_basic"
+  ]
+}
+```
+## Integrating
+AuthKit handles the authentication flow so your MCP server only needs to implement the following concerns:
+1. Verifying access tokens issued by AuthKit for your MCP server.
+1. Direct clients to AuthKit using standardized metadata endpoints.
+### Enabling Dynamic Client Registration
+The MCP protocol requires authorization servers (AuthKit) to implement the [OAuth 2.0 Dynamic Client Registration](https://datatracker.ietf.org/doc/html/rfc7591). This allows MCP clients to discover and self-register without prior knowledge of the MCP server.
+Dynamic Client Registration is off by default but can be enabled in the WorkOS Dashboard under _Applications_ → _Configuration_.
+![A screenshot of the Applications Configuration page in the WorkOS Dashboard.](https://images.workoscdn.com/images/10ae97ec-770c-46b6-b7b1-4a9464392590.png)
+### Token Verification
+Your app needs to gate access to the MCP endpoints by verifying access tokens issued by AuthKit for your MCP server. This process is very similar to [the way any Connect JWT is verified](/user-management/connect/verifying-tokens), with one important addition:
+```js
+import { jwtVerify, createRemoteJWKSet } from 'jose';
+const JWKS = createRemoteJWKSet(new URL('https://authkit_domain/oauth2/jwks'));
+const WWW_AUTHENTICATE_HEADER = [
+  'Bearer error="unauthorized"',
+  'error_description="Authorization needed"',
+  `resource_metadata="https://mcp.example.com/.well-known/oauth-protected-resource"`,
+].join(', ');
+const bearerTokenMiddleware = async (req, res, next) => {
+  const token = req.headers.authorization?.match(/^Bearer (.+)$/)?.[1];
+  if (!token) {
+    return res
+      .set('WWW-Authenticate', WWW_AUTHENTICATE_HEADER)
+      .status(401)
+      .json({ error: 'No token provided.' });
+  }
+  try {
+    const { payload } = await jwtVerify(token, JWKS, {
+      issuer: 'https://authkit_domain',
+    });
+    // Use access token claims to populate request context.
+    // i.e. `req.userId = payload.sub;`
+    next();
+  } catch (err) {
+    return res
+      .set('WWW-Authenticate', WWW_AUTHENTICATE_HEADER)
+      .status(401)
+      .json({ error: 'Invalid bearer token.' });
+  }
+};
+```
+Note the addition of a [`WWW-Authenticate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/WWW-Authenticate) header with the `resource_metadata` challenge parameter containing a `/.well-known/oauth-protected-resource` URL. This allows clients to dynamically discover the appropriate authorization server, enabling zero-config interoperability between different MCP clients and servers.
+### Metadata
+Your MCP server should implement `/.well-known/oauth-protected-resource` endpoint mentioned in the previous section, returning the following minimal JSON response:
+```js
+app.get('/.well-known/oauth-protected-resource', (req, res) =>
+  res.json({
+    resource: `https://mcp.example.com`,
+    authorization_servers: ['https://authkit_domain'],
+    bearer_methods_supported: ['header'],
+  }),
+);
+```
+MCP clients that support metadata discovery will automatically fetch this metadata when they initially encounter a `401 Unauthorized` error from the middleware implemented above. Since AuthKit is included in the metadata under `authorization_servers` the MCP client will redirect the user to AuthKit in order for them to sign in.
+![The authorization prompt users will be shown when giving access to an MCP client.](https://images.workoscdn.com/images/ce1d133c-503c-4abc-8422-c274bbd8786c.png)
+Behind the scenes, AuthKit implements the necessary authorization, dynamic client registration, and token endpoints so that your application doesn't need to. You can read more in the [latest version of the MCP authorization spec](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/901ac03e1c72827acb8017f80eeb14e38ad8ba42/docs/specification/draft/basic/authorization.mdx) but most apps can consider them implementation details of AuthKit as the authorization server.
+Upon successful authentication the client will receive credentials and can start making requests to your application's MCP endpoints.
+## Compatibility
+The MCP space is rapidly evolving and not every client may support the latest version of the specification.
+In particular, some clients may not support [OAuth 2.0 Protected Resource Metadata](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-13) and its `/.well-known/oauth-protected-resource` endpoint, instead attempting to fetch [OAuth 2.0 Authorization Server Metadata](https://datatracker.ietf.org/doc/html/rfc8414) directly from your application's MCP server.
+For these clients, your server can implement a metadata endpoint as a proxy with AuthKit as the upstream source of truth:
+```js
+app.get('/.well-known/oauth-authorization-server', async (req, res) => {
+  const response = await fetch(
+    'https://authkit_domain/.well-known/oauth-authorization-server',
+  );
+  const metadata = await response.json();
+  res.json(metadata);
+});
+```
+Clients will use AuthKit as the authorization server and the rest of the flow will be identical.

package/.docs/organized/docs/user-management/metadata.mdx ADDED Viewed

@@ -0,0 +1,119 @@
+---
+title: Metadata and External IDs
+description: Store additional information about users and organizations.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/metadata.mdx
+---
+## Introduction
+Metadata is an attribute of organizations and users that allows you to store additional information about these objects, structured as key-value pairs. For example, you can use metadata to store information about a user's profile picture, or the organization's address.
+External identifiers allow you to associate organizations and users with an identifier in your own system.
+---
+## External identifiers
+External identifiers are an attribute of organizations and users that allows you to associate these objects with an identifier in your own system. Once you have set an external identifier for an object, you can query on it via dedicated endpoints in the WorkOS API.
+External identifiers must be unique within your environment and are limited to 64 characters.
+## Metadata
+You can add up to 10 key-value pairs to an organization or user within these data limits:
+- **Key**: Up to 40 characters long. ASCII only.
+- **Value**: Up to 500 characters long. ASCII only.
+If your integration requires more than 10 key-value pairs, consider storing the additional data in your own external database and use an external identifier to associate the data with an organization or user.
+> Never store sensitive information in metadata such as passwords, API keys, or other private information.
+Metadata is returned in the response body for backend API operations that return organization or user objects, but not in the response body of the [User Authentication](/reference/user-management/authentication) operations. If you want to publicly expose metadata properties from users or organizations in your access tokens, you can use JWT templates to customize claims in your application's access tokens.
+## Set an external identifier
+To set an external identifier for an organization or user, include the `external_id` property in the request body of the [Create an organization](/reference/organization/create) or [Create a user](/reference/user-management/user/create) endpoints.
+<CodeBlock referenceId="set_external_id">
+  <CodeBlockTab title="Request" file="set-external-id" />
+  <CodeBlockTab title="Response" file="set-external-id-response" />
+</CodeBlock>
+To update an external identifier, include the `external_id` property in the request body of the [Update an organization](/reference/organization/update) or [Update a user](/reference/user-management/user/update) endpoints.
+## Query by external identifier
+To query an organization or user by their external identifier, use the [Get organization by external identifier](/reference/organization/get-by-external-id) or [Get user by external identifier](/reference/user-management/user/get-by-external-id) endpoints.
+## Add and update metadata
+Updates to metadata are partial. This means that you only need to include the metadata attributes that you want to update.
+Metadata can be included in the request body of the following endpoints:
+- [Create an organization](/reference/organization/create)
+- [Update an organization](/reference/organization/update)
+- [Create a user](/reference/user-management/user/create)
+- [Update a user](/reference/user-management/user/update)
+To add a metadata attribute to an entity, include the key and value pair in the `metadata` object of the request body.
+```json
+{
+  "metadata": {
+    "key": "value"
+  }
+}
+```
+To update a metadata attribute, include the key and value pair in the `metadata` object of the request body.
+```json
+{
+  "metadata": {
+    "key": "new_value"
+  }
+}
+```
+To delete a metadata attribute, set the key to `null` in the `metadata` object of the request body.
+```json
+{
+  "metadata": {
+    "key": null
+  }
+}
+```
+To delete all metadata attributes, set the `metadata` property an empty object.
+```json
+{
+  "metadata": {}
+}
+```
+## Exposing metadata in JWTs
+Custom metadata and external identifiers can be exposed as claims in JWTs using [JWT Templates](/user-management/jwt-templates).
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="metadata-jwt-template-1.trunk-ignore"
+    title="Template"
+  />
+  <CodeBlockTab
+    language="js"
+    file="metadata-jwt-context-1.trunk-ignore"
+    title="Context"
+  />
+  <CodeBlockTab
+    language="js"
+    file="metadata-jwt-output-1.trunk-ignore"
+    title="Output"
+  />
+</CodeBlock>

package/.docs/organized/docs/user-management/mfa.mdx ADDED Viewed

@@ -0,0 +1,32 @@
+---
+title: Multi-Factor Authentication
+description: Add an additional layer of security to your application.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/mfa.mdx
+---
+## Introduction
+Multi-Factor Authentication (MFA) is an additional method of securing your application. MFA adds a layer of security during sign in that requires a user to provide an additional time-based one-time password (TOTP).
+## Getting started
+AuthKit will make the necessary API calls to handle first-time configuration of users’ MFA factors automatically, and validate one-time codes as part of the authentication flow.
+### Enabling MFA
+MFA can be enabled in the _Authentication_ section of the [WorkOS Dashboard](https://dashboard.workos.com). New and existing users will be required to set up multi-factor authentication with an authenticator app that supports one-time passcodes before they can sign in.
+> The MFA requirement **does not** apply to SSO users.
+![Dashboard showing how to enable MFA](https://images.workoscdn.com/images/f660826c-cb2d-4912-ba10-1f622d6a447d.png?auto=format&fit=clip&q=80)
+![AuthKit displaying MFA configuration](https://images.workoscdn.com/images/31fcbe12-63c2-47e2-9685-d45fe4d41fb5.png?auto=format&fit=clip&q=80)
+---
+## Integrating via the API
+If you’d prefer to build and manage your own authentication UI, you can do so via the User Management [Multi-Factor API](/reference/user-management/mfa).
+Examples of building custom UI are also [available on GitHub](https://github.com/workos/authkit).

package/.docs/organized/docs/user-management/migrations.mdx ADDED Viewed

@@ -0,0 +1,20 @@
+---
+title: Migrating to User Management
+description: Guidance on moving your existing users to WorkOS.
+showNextPage: true
+originalPath: .tmp-workos-clone/packages/docs/content/user-management/migrations.mdx
+---
+## Introduction
+WorkOS provides a [range of guides](/migrate) to help you migrate your existing integration to WorkOS User Management.
+## Migrate from another service
+These guides will walk you through the process of moving your users and organizations to WorkOS from another service.
+<ProviderCards.UserManagementMigration />
+## Migrating an existing WorkOS integration
+If you already have an integration with WorkOS (for example, using the [standalone API](/sso) to provide SSO to your customers), you can migrate to User Management and take advantage of all of the features it provides by following [this guide](/migrate/standalone-sso).