HubSpot's full scope list triggers unnecessary consent friction. Optional scopes let agents connect with only the permissions they need now — admins grant access without a procurement stall, and additional scopes can be added incrementally.

Users can connect their accounts inline in your product — no redirect to a hosted page. The Connected Account Widget and Actions Portal drop into any web surface, with Scalekit handling the OAuth flow and credential storage underneath.

Salesforce's Metadata API is SOAP-only with no REST equivalent. AgentKit now extends the proxy to handle XML/SOAP — agents call the Metadata API through the same proxy interface, with auth injected and SOAP routing handled by Scalekit.

Tableau sessions expire silently. Without a pre-run hook, agents hit a 401 mid-workflow with no recovery. Scalekit exchanges stored PAT credentials for a fresh session token before each tool call — automatically.

BigQuery doesn't offer user OAuth for backend access — service account JSON keys are the GCP standard. Scalekit stores the key securely and injects credentials at proxy time. Agent code specifies the query; Scalekit handles everything else.

Not every agent runs as a delegated user. OAuth M2M adds the client credentials flow as a first-class connection type — backend agents authenticate as a service principal, with Scalekit managing the full token lifecycle automatically.

SSO and SCIM setup just got easier for your customers. The Admin Portal and Hosted Widgets now include embedded, per-provider guidance, so configuration completes faster, without leaving the portal.

Most enterprise Microsoft 365 deployments use single-tenant Azure AD app registrations. Single-tenant support unblocks agents connecting to M365, Teams, SharePoint, and Graph API without requiring IT to make a policy exception.

Snowflake's recommended auth for programmatic access is RSA key-pair, not OAuth. Scalekit stores the private key and handles the auth exchange — data agents connect the way data teams already provision service account access.

A completed OAuth flow doesn't mean the right person authorized it. User verification requires both the OAuth consent and a session match before your agent can act, closing the gap that forwarded links create.

Not every agent runs on prebuilt integrations. AgentKit's connector layer lets you use what's built, extend it with custom tools, bring your own OAuth config, or request a new connector, all backed by the same token injection and auth infrastructure.

MCP is now a first-class tool provider type in AgentKit. Point agents to any MCP server and Scalekit handles auth end-to-end: Dynamic Client Registration, token issuance, refresh, and BYOA identity propagation through the token.

Most enterprise Zendesk deployments use API tokens, not OAuth. Static auth support means agents connect to Zendesk in the configuration the enterprise actually uses — no OAuth app registration, no policy exceptions.

Dropbox access tokens are short-lived. Without refresh handling, agents fail mid-workflow. Scalekit now stores and manages the refresh token — access renewed automatically before each tool execution, no re-auth prompts.

Every Atlassian Cloud customer runs their own instance at a unique subdomain. Scalekit now resolves the instance URL dynamically at proxy time — one connector config routes correctly across all your enterprise customers.

Not every API your agents need is in a prebuilt catalog. The Custom Connector Registry lets you register any API — internal, proprietary, or custom MCP server — with OAuth config, tool schemas, and proxy routing as a first-class connector.

Enterprise agent deployments need hard tenant boundaries. Workspace Domain APIs give you programmatic control over which email domains can authenticate into a given workspace — misconfigured cross-tenant access fails at auth, not silently downstream.

Static tool catalogs break the moment a connector changes. ListAvailableTools lets agents discover what tools are available for a connected account at runtime — no hardcoded lists, no redeployment needed.

Your agent shouldn't discover a disconnected account mid-task. Agent Webhooks delivers connected account lifecycle events, auth signals, and token activity in real time — so your workflows stay in sync with user authorization state.

Agents aren't limited to predefined tool catalogs. ToolProxy lets agents hit any API endpoint — REST, SOAP, or internal — with credentials injected automatically from the connected account. No custom auth plumbing required.

Building agents that act isn't the hard part. Building agents that act as your customer's user, inside their org, or as your employees in your own org scoped to respective permissions? That is! Agent Actions handles the delegated OAuth, token lifecycle, and tool execution across 100+ enterprise connectors.

Scalekit is now agent-native. Install one plugin, prompt your coding agent, ship production auth. If you are building agents, Scalekit handles delegated OAuth and tool calling so agents can act as real users — without touching credentials.

Let users sign in once and hold sessions across every app you ship, each with its own OAuth client and scopes in a single environment.

‍

SCIM provisioning is now built into Scalekit’s Full Stack Authentication, letting enterprise customers manage users and groups directly from their directory. Setup and control happen through the Admin Portal, with changes enforced automatically across access and sessions.

See external identities linked to a user in one place to simplify troubleshooting and maintain clean identity records.

Set default roles so every new org member starts with the correct permissions automatically.

‍

Automatically sync user attributes across SSO and social login providers to keep identity data consistent.

‍

Use this when you need to enforce seat caps per organization—for example, when organizations map to departments or when pricing plans include per-org seat limits.

‍

Scalekit MCP Auth now supports Client ID Metadata Documents (CIMD).
‍Securely authenticate dynamic MCP clients using metadata URLs—no pre-registration or open DCR required.

Provision users into existing organizations at signup using interceptors—route users by email domain, map attributes, and avoid duplicate org creation.

‍

Trigger downstream workflows instantly with real-time user, org, and session events—no polling required.

‍

Integrate Scalekit as a Remote OAuth provider for FastMCP to handle token validation, scopes, and key rotation automatically.

Give users a secure, self-serve dashboard to view and revoke their active sessions—no custom tooling required.

Scalekit now supports Passkeys, a FIDO2-based authentication method that replaces passwords with biometric or device verification. Deliver faster, phishing-proof login experiences, enabled directly from your Scalekit Dashboard, without code changes or complex migrations.

Add custom validation and security logic directly to your auth flows. With Scalekit Auth Interceptors, you can block, enrich, or approve authentication events in real time.

‍

Seamlessly migrate SSO providers without customer involvement. Scalekit’s SSO proxy preserves IdP settings, routes requests intelligently, and eliminates migration downtime.

‍

Deliver a cohesive, branded authentication experience. With Scalekit, you can customize login pages, use your own email infrastructure, and fully edit authentication email templates.

‍

Keep your user base clean and secure. Scalekit’s sign-up restrictions block disposable and public email domains, ensuring only legitimate business users can register or be invited.

‍

Streamline onboarding with allowed email domains. Users signing in with trusted company emails are instantly matched to their organization—no manual invites needed.

‍

Give customers the power to define roles that fit their teams. With custom roles in Scalekit, admins can tailor permissions and manage access with complete flexibility.

‍

We’ve redesigned the Scalekit dashboard from the ground up to deliver a faster, more intuitive experience. Here’s what’s new.

‍

‍

Scalekit now lets you connect your own SMTP provider for auth emails. Send from your domain, control deliverability, and meet compliance needs with full support for providers like SendGrid, SES, and Postmark.

‍

Scalekit’s new MCP server lets AI agents like Claude and ChatGPT securely access tools using OAuth 2.1 and scoped permissions. It’s built for real-time agent workflows with support for SSE, modular tool registration, and full compatibility with MCP clients.

‍

Scalekit now offers drop-in OAuth 2.1 authorization for MCP servers. Add scoped, standards-based access control to your AI tools with minimal setup. Supports PKCE, dynamic client registration, token validation, and audit logging—ready for production, no custom infra needed.

‍

Scalekit Full Stack Auth lets you build complete authentication flows with hosted login pages, secure session management, and support for SSO, passwordless, and social logins. It’s designed for SaaS apps, requires no frontend work, and handles multi-tenant user management out of the box.

Scalekit now supports passwordless login via both direct API and OIDC flows using magic links or OTPs.You can send verification emails and handle auth with just a few API calls or a simple redirect.No refactoring needed—drop it into your existing stack using our SDKs. Choose your flow, customize behavior, and go live with secure, frictionless login in minutes.

Scalekit now enables SCIM-like Directory Sync for Google Workspace, making it easy for your customers to automate user provisioning, de-provisioning, and role assignments—without custom builds or SCIM limitations. IT admins can sync groups, map them to roles, and ensuring their directory and your app is in sync. The integration brings automated user management to one of the world’s most widely-used productivity suites.

‍

Scalekit is launching Service Accounts to enable secure, organization-level machine-to-machine (M2M) authentication for modern SaaS apps. These service accounts let non-human clients—like CLI scripts, AI agents, and data pipelines—authenticate independently of users, using scoped, short-lived JWT tokens. Built for automation, they offer persistent, auditable, and secure access to your APIs without the risks of shared credentials or static API keys.

Scalekit now integrates with Microsoft AD FS for secure and seamless SSO, making it easy to onboard enterprise customers using on-prem Active Directory. The setup includes SAML 2.0 compatibility, flexible attribute mapping, and straightforward configuration through the admin portal.

Scalekit now integrates with AWS Cognito as an OIDC provider to deliver seamless enterprise Single Sign-On (SSO). With support for major identity providers, and a customer-facing admin portal, developers can onboard enterprise customers faster and streamline authentication with minimal setup.

Scalekit’s upgraded Webhooks UI gives developers greater control and visibility with features like event filtering, delivery logs, secret rotation, and automatic retries—making SSO and SCIM integrations more reliable and secure.

Major updates to social logins: control Google/Microsoft login flow with prompt parameters and test instantly using built-in Scalekit credentials—no OAuth setup required.

Scalekit now supports Custom Domains, allowing you to use your own domain for authentication flows. Deliver a seamless user experience and maintain brand consistency—all available on every plan, including the free tier.

Scalekit’s Admin Portal now supports SCIM, allowing IT admins to manage directory integrations independently. Reduce  support overhead and streamline onboarding with a fully embeddable, customizable experience.

Simplify role assignments for your customers. Enable group-based role mapping and eliminate the hassle of manual access management

We are excited to launch SCIM-as-a-Service—empowering SaaS teams to effortlessly manage user and role management across directories. Developers can now integrate production-ready SCIM in days with a single integration and a unified data format.

Discover how you can effortlessly test a Single Sign-On (SSO) connection without setting up your own Identity Provider. Leverage Scalekit's new IdP Simulator to seamlessly test SSO integration into your app!

‍

IdP-initiated SSO enables users to access your B2B SaaS application directly from their identity provider's (IdP) portal. Scalekit now empowers your application to offer this feature, while enhancing security through digitally signed JWT tokens.

Increase your user signup conversion rates with Social Logins. Instantly add OAuth based social authentication methods like ‘Login with Google’, Microsoft, Github, Salesforce, LinkedIn. Go live with social logins in less than a day.

We’ve recently added Single Sign-on integration to a Firebase application, allowing users to seamlessly login to an existing Firebase application using SSO authentication.

Scalekit can now be configured as Single Sign-on (SSO) solution to your application along with Auth0. If you are currently using Auth0 for identity and session management and are considering adding SSO to your application, Scalekit can facilitate that.

We are introducing Admin Portal—a self-service config portal that empowers your customers’ IT admins to setup SSO connections and manage identity providers, thus reducing the overhead for your engineering teams.

Scalekit now offers comprehensive SAML-based SSO solution that’s specifically built for B2B SaaS applications. Developers can implement SSO with just a few lines of code, in under a day.

We have launched SSO-as-a-service, making it easier for B2B SaaS teams to connect their applications with all identity providers through the OIDC protocol.