Sacra estimates that WorkOS hit $20 million in annual recurring revenue (ARR) in June 2025. The company crossed 1,000 paying customers in early 2025, representing significant growth from ~200 paying customers in June 2022.

WorkOS generates revenue through a usage-based SaaS model with tiered pricing. The company's AuthKit product is free for the first 1 million monthly active users, then charges $2,500 per additional million users. Enterprise features like SSO and directory sync are priced per connection, making the platform attractive to startups that haven't reached scale yet while allowing for expansion as customers grow.

The average revenue per customer sits around $20,000 annually, reflecting the company's focus on serving mid-market and enterprise SaaS companies that need enterprise-ready features. This ARPC has grown from approximately $15,000 in 2022 as WorkOS has moved upmarket and expanded its product suite.

WorkOS raised an $80 million Series B in June 2022 led by Greenoaks, bringing total funding to approximately $100 million. The round included participation from existing investors Lightspeed Venture Partners and Lachy Groom, along with Abstract Ventures.

The company previously raised a $15 million Series A in March 2021, positioning itself as building infrastructure for enterprise-ready features. WorkOS has maintained a relatively lean approach to fundraising compared to other developer infrastructure companies, with the Series B representing the largest single round to date.

WorkOS provides APIs and SDKs that let developers add enterprise features to their applications without building them from scratch. The platform functions as infrastructure for enterprise-readiness, similar to how Stripe handles payments.

AuthKit serves as the core authentication product, offering a hosted login interface that supports email and password, OAuth providers like Google and Microsoft, magic links, and enterprise single sign-on. Developers drop an AuthKit component into their frontend and connect it to WorkOS APIs to immediately get production-grade authentication flows with built-in security features like multi-factor authentication and bot protection.

The SSO product supports both SAML and OIDC protocols, integrating with dozens of identity providers through a single API endpoint. WorkOS provides a test SSO environment so developers can build and test integrations without needing actual enterprise identity provider accounts.

Directory Sync normalizes user provisioning from various SCIM and HRIS systems, sending real-time webhooks when users are created, updated, or deactivated in the customer's directory. The Admin Portal gives IT administrators a self-service interface to configure SSO, connect directories, and manage settings without requiring developer involvement.

Additional products include Audit Logs for compliance reporting, Radar for fraud detection, and Vault for encryption key management. The platform also acquired Warrant to add fine-grained authorization capabilities, allowing developers to implement complex permission systems.

WorkOS operates a developer-first SaaS business model with usage-based pricing that scales with customer growth. The company targets B2B SaaS companies that need to add enterprise features to move upmarket but lack the resources to build identity infrastructure in-house.

The go-to-market approach combines self-serve developer adoption with enterprise sales. Developers can start using WorkOS APIs immediately through generous free tiers, then upgrade as their applications gain enterprise customers who require SSO and other compliance features.

Revenue scales through both customer acquisition and expansion within existing accounts. As WorkOS customers grow and add more enterprise clients, their usage of SSO connections, directory sync, and other features increases. The company also drives expansion by launching new products that existing customers can adopt, such as adding audit logs or fine-grained authorization to complement existing SSO implementations.

The business model benefits from strong retention characteristics since identity infrastructure becomes deeply embedded in customer applications. Switching costs are high once WorkOS handles authentication and user management for a SaaS application, creating predictable recurring revenue streams.

WorkOS maintains relatively lean operations with approximately 90 employees supporting $20 million in ARR, suggesting efficient unit economics as the platform scales through API-driven distribution rather than high-touch sales processes.

Auth0, now part of Okta, remains the established leader in customer identity and access management with extensive protocol support and enterprise sales channels. The platform has deep integration capabilities and strong brand recognition among enterprise buyers, though it typically requires more complex implementation than WorkOS.

Microsoft Entra External ID leverages existing Office 365 relationships and Azure infrastructure to provide identity services. The platform benefits from bundling with other Microsoft products and simplified billing for organizations already using Microsoft's ecosystem.

AWS Cognito offers identity services within the broader AWS cloud platform, providing tight integration with other Amazon services. While cost-effective, Cognito requires significant technical expertise to implement properly and lacks the developer-friendly experience that WorkOS emphasizes.

Stytch competes directly with WorkOS by offering authentication APIs with a focus on developer experience. The company has expanded into SCIM directory management and admin portals, creating feature overlap with WorkOS's core offerings.

Frontegg positions itself as a comprehensive platform beyond basic SSO, bundling user management, admin portals, and analytics. The company targets similar B2B SaaS customers but takes a more all-in-one approach compared to WorkOS's modular API strategy.

Clerk focuses on consumer-facing authentication with some enterprise features, while companies like Descope and FusionAuth offer alternative approaches to identity infrastructure with varying degrees of self-hosting and customization options.

Large cloud providers continue expanding their identity offerings with better developer tools and competitive pricing. Google, Amazon, and Microsoft have the resources to match WorkOS features while offering deeper integration with their broader cloud platforms.

Open-source solutions like Keycloak provide cost-effective alternatives for companies willing to manage identity infrastructure internally. These platforms require more technical expertise but offer complete control and customization capabilities that some enterprises prefer.

WorkOS has systematically expanded beyond core authentication into adjacent enterprise infrastructure needs. The Warrant acquisition added fine-grained authorization capabilities, allowing the company to upsell permission management to existing SSO customers while attracting new workloads that require complex access control.

Security and compliance modules like Radar for fraud detection and Vault for encryption key management create higher-margin revenue streams. These products leverage WorkOS's existing customer relationships while addressing broader security requirements that enterprise buyers increasingly demand.

WorkOS Connect introduces platform capabilities that enable identity delegation and machine-to-machine authentication. This expansion opens opportunities in API management and B2B integrations, markets where established players like Auth0 and AWS already compete but where WorkOS can differentiate through developer experience.

The company has grown from serving 200 customers to over 1,000 while the broader market of B2B SaaS applications continues expanding rapidly. Many software companies still build authentication and enterprise features internally, representing a large pool of potential customers as development teams recognize the complexity and maintenance burden of identity infrastructure.

AI-native software companies launching with venture funding increasingly default to buying rather than building identity infrastructure. This trend expands WorkOS's addressable market as new categories of B2B applications emerge that need enterprise-ready features from day one.

Existing customers provide expansion opportunities as WorkOS launches new products that integrate with their current implementations. Each additional module increases revenue per customer without requiring new customer acquisition costs.

Enterprise customers increasingly require data residency and regional compliance capabilities. WorkOS's Vault product with bring-your-own-key encryption and planned regional hosting unlock opportunities in European markets subject to GDPR requirements and growing Asia-Pacific enterprise software adoption.

The global identity and access management market continues growing as digital transformation accelerates across industries. WorkOS can expand internationally by partnering with regional system integrators and cloud providers while maintaining its developer-first approach that transcends geographic boundaries.

Competitive pressure: Large cloud providers like AWS, Google, and Microsoft continue improving their identity services with better developer tools and aggressive pricing. These platforms can bundle identity features with other cloud services, potentially commoditizing the market where WorkOS competes and forcing the company to compete primarily on price rather than developer experience.

Customer concentration: WorkOS's growth depends heavily on the continued expansion of B2B SaaS companies that need enterprise features. Economic downturns or shifts in software buying patterns could reduce demand for new enterprise software, limiting WorkOS's customer acquisition while existing customers might downgrade or churn to reduce costs.

Technical complexity: Identity infrastructure involves complex security requirements and compliance standards that continue evolving. Any security incidents or compliance failures could damage WorkOS's reputation and customer trust, while keeping up with new protocols and regulations requires ongoing engineering investment that could strain the company's resources as it scales.