Hey team, has anyone ever tried integrating Kratos with WorkOS’s SSO product? They implement a an OAuth2 interface so it is similar to a social sign-in but now super clear if it is possible to integrate this into Kratos?

Hey Alexey, I am not very familiar with WorkOS (made a note to give it a try) but it seems to me that you probably don’t need it when you run Kratos. You can add any number of providers to Kratos through OIDC, see the docs here: https://www.ory.sh/docs/kratos/social-signin/overview SAML is currently not available, but we have a PR driven by the community pretty far along, so it should be not too long. Was that what you were looking for?

Hi Vincent! Thanks for the response. Agreed that we might not need it once the SAML integration is fully completed (however WorkOS does provide a lot of user friendly SSO setup features so we may want to continue using it anyway). It would also be difficult to re-configure all the existing SAML connections at once so ideally we can get both systems running side by side.

Yea I see. Do you have a webapp, SPA, mobile or native?

How much control of the UI do we get with Kratos?

As all Ory products including Kratos are completely headless you have full control over the UI 🎉

collect the email address first …. then fall back to a Kratos powered flow

This should be possible, here are some examples for the sign up UI: https://www.ory.sh/docs/kratos/self-service/flows/user-registration#code-examples-for-nodejs-reactjs-go- You can also handle everything in your UI and then make an API call to create the identity in Kratos. (https://www.ory.sh/docs/reference/api#operation/adminCreateIdentity)