# Scalekit > Scalekit is a developer platform for enterprise authentication, providing Full Stack Auth (FSA), Single Sign-On (SSO), SCIM provisioning, and API authentication solutions for B2B applications. Key features: - **Agent Auth**: Get started with Agent Auth in minutes. Learn how to create your first connection, authenticate users, and execute tools. - **MCP Auth**: Secure your Model Context Protocol (MCP) servers with Scalekit's drop-in OAuth 2.1 authorization solution and protect your AI integrations - **Modular SSO**: Enable enterprise SSO for any customer in minutes with built-in SAML and OIDC integrations ## Full stack auth - [/authenticate/fsa/quickstart/](https://docs.scalekit.com/authenticate/fsa/quickstart/) - [Set up environment & SDK](https://docs.scalekit.com/authenticate/set-up-scalekit): Create your account, install the SDK, set up AI tools, and verify your setup to start building with Scalekit - [Code samples](https://docs.scalekit.com/authenticate/fsa/code-samples): Full stack auth code samples demonstrating complete authentication implementations with hosted login and session management - [Initiate user signup or login](https://docs.scalekit.com/authenticate/fsa/implement-login): Create authorization URLs and redirect users to Scalekit's hosted login page - [Complete login with code exchange](https://docs.scalekit.com/authenticate/fsa/complete-login): Process authentication callbacks and handle redirect flows after users authenticate with Scalekit - [Manage user sessions](https://docs.scalekit.com/authenticate/fsa/manage-session): Store tokens safely with proper cookie security, validate on every request, and refresh with rotation to keep sessions secure - [Implement logout](https://docs.scalekit.com/authenticate/fsa/logout): Terminate user sessions across your application and Scalekit - [Redirects](https://docs.scalekit.com/guides/dashboard/redirects): Learn how to configure and validate redirect URLs in Scalekit for secure authentication flows, including callback, login, logout, and back-channel logout endpoints - [Sign in with magic link or Email OTP](https://docs.scalekit.com/authenticate/auth-methods/passwordless): Enable passwordless sign-in with email verification codes or magic links - [Add social login to your app](https://docs.scalekit.com/authenticate/auth-methods/social-logins): Implement authentication with Google, Microsoft, GitHub, and other social providers - [Add passkeys login method](https://docs.scalekit.com/authenticate/auth-methods/passkeys): Enable passkey authentication for your users - [Implement enterprise SSO](https://docs.scalekit.com/authenticate/auth-methods/enterprise-sso): How to implement enterprise SSO for your application - [Overview of modelling users and organizations](https://docs.scalekit.com/fsa/data-modelling): Put together a data model for your app's users and organizations - [Create organizations](https://docs.scalekit.com/authenticate/manage-users-orgs/create-organization): Ways the organizations are created in Scalekit - [Add users to organizations](https://docs.scalekit.com/authenticate/manage-organizations/add-users-to-organization): Ways in which users join or get added to organizations - [Configure email domain rules](https://docs.scalekit.com/authenticate/manage-users-orgs/email-domain-rules): Set up allowed domains for organization auto-join and configure restrictions for generic and disposable email sign-ups - [Provision user accounts Just-In-Time (JIT)](https://docs.scalekit.com/authenticate/manage-users-orgs/jit-provisioning): Turn first-time SSO logins into instant, secure access - [Merge user identities](https://docs.scalekit.com/authenticate/manage-users-orgs/merge-identities): Scalekit automatically merges user identities from different authentication methods, ensuring a single user profile and preventing duplicate accounts - [Implement organization switcher](https://docs.scalekit.com/authenticate/manage-users-orgs/organization-switching): Let users switch across workspaces using prompt-based selection or direct org routing via organization ID - [Remove users from organizations](https://docs.scalekit.com/authenticate/manage-organizations/remove-users-from-organization): Remove users from organizations through dashboard management and API while maintaining security and compliance - [Delete users and organizations](https://docs.scalekit.com/authenticate/manage-users-orgs/delete-users-and-organizations): Trigger deletions and let Scalekit handle sessions, memberships, and cleanup automatically - [User management settings](https://docs.scalekit.com/authenticate/fsa/user-management-settings): Configure user management settings, including user attributes and configuration options from the Scalekit dashboard. - [Role based access control (RBAC)](https://docs.scalekit.com/authenticate/authz/overview): Control what authenticated users can access in your application based on their roles and permissions - [Create and manage roles and permissions](https://docs.scalekit.com/authenticate/authz/create-roles-permissions): Set up roles and permissions to control access in your application - [Assign roles to users](https://docs.scalekit.com/authenticate/authz/assign-roles): Learn how to assign roles to users in your application using the dashboard, SDK, or automated provisioning - [Implement access control](https://docs.scalekit.com/authenticate/authz/implement-access-control): Verify permissions and roles in your application code to control user access - [Add auth to your APIs](https://docs.scalekit.com/authenticate/m2m/api-auth-quickstart): Secure your APIs in minutes with OAuth 2.0 client credentials, scoped access, and JWT validation using Scalekit - [Verify API client scopes](https://docs.scalekit.com/guides/m2m/scopes): Define permissions for API client applications using scopes and validate them in your API server - [Branded custom domains](https://docs.scalekit.com/guides/custom-domain): Learn how to set up a branded custom domain with Scalekit - [Brand your login page](https://docs.scalekit.com/fsa/guides/login-page-branding): Learn how to customize the look and feel of your Scalekit-hosted login page to match your brand. - [Personalize email delivery](https://docs.scalekit.com/guides/email-providers): Learn how to personalize email delivery by using Scalekit's managed service or configuring your own SMTP provider for brand consistency and control. - [Custom email templates](https://docs.scalekit.com/guides/dashboard/custom-email-templates): Customize authentication email templates with your branding and content - [Customize user profiles](https://docs.scalekit.com/authenticate/manage-users-orgs/custom-user-attributes): Tailor user profiles to your business needs by creating and managing user profile attributes in Scalekit - [Production readiness checklist](https://docs.scalekit.com/authenticate/launch-checklist): A focused checklist for delivering a production-ready authentication system that's secure, reliable, and compliant - [View logs](https://docs.scalekit.com/guides/dashboard/auth-logs): Monitor authentication activities and webhook deliveries using comprehensive logs that track user sign-ins, authentication methods, and webhook event processing. - [Migrate to Full Stack Auth](https://docs.scalekit.com/fsa/guides/migration-guide): Step-by-step guide to move user, organization, and auth flows from existing systems to Scalekit. ## Agent Auth - [Agent Auth - Quickstart Guide](https://docs.scalekit.com/agent-auth/quickstart): Get started with Agent Auth in minutes. Learn how to create your first connection, authenticate users, and execute tools. - [Overview](https://docs.scalekit.com/agent-auth/overview): Learn about Agent Auth, Scalekit's authentication solution for securely connecting to third-party applications through OAuth 2.0 - [Agent Auth - Quickstart Guide](https://docs.scalekit.com/agent-auth/quickstart): Get started with Agent Auth in minutes. Learn how to create your first connection, authenticate users, and execute tools. - [Code samples](https://docs.scalekit.com/agent-auth/code-samples): Code samples of AI agents using Scalekit along with LangChain, Google ADK, and direct integrations - [Providers](https://docs.scalekit.com/agent-auth/providers): Learn about third-party application providers supported by Agent Auth and how they enable tool execution across different platforms. - [Connections](https://docs.scalekit.com/agent-auth/connections): Learn how to configure and manage connections in Agent Auth to enable authentication and tool execution with third-party providers. - [Connected accounts](https://docs.scalekit.com/agent-auth/connected-accounts): Learn how to manage connected accounts in Agent Auth, including user authentication, authorization status, and account lifecycle management. - [Authorize a user](https://docs.scalekit.com/agent-auth/tools/authorize): Learn how to authorize users for successful tool execution with Agent Auth. - [Token Management](https://docs.scalekit.com/agent-auth/authentication/token-management): Learn how Scalekit manages access tokens, refresh tokens, and token lifecycle for Agent Auth connections. - [Bring your own Credentials](https://docs.scalekit.com/agent-auth/advanced/bring-your-own-oauth): Learn how to use your own OAuth authentication credentials with Agent Auth for complete whitelabeling and control. - [Domain Customization](https://docs.scalekit.com/agent-auth/advanced/custom-domain): Learn how to use a custom domain with Scalekit - [Connectors](https://docs.scalekit.com/reference/agent-connectors): Connectors - [Agentic Tool Calling](https://docs.scalekit.com/agent-auth/agentic-quickstart): Learn how to authenticate a user to GMail and use LLMs to create an agentic tool calling workflow using LangChain or Google ADK. - [LangChain](https://docs.scalekit.com/agent-auth/frameworks/langchain): Learn how to use LangChain with Agent Auth. - [Google ADK](https://docs.scalekit.com/agent-auth/frameworks/google-adk): Learn how to use Google ADK with Agent Auth. - [Quickstart](https://docs.scalekit.com/agent-auth/mcp/quickstart): Learn how to get started with Agent Auth's MCP server. - [Tools Overview](https://docs.scalekit.com/agent-auth/tools/overview): Learn about tools in Agent Auth - the standardized functions that enable you to perform actions across different third-party providers. - [Tool Calling](https://docs.scalekit.com/agent-auth/tools/execute): Learn how to execute tools in Agent Auth to interact with third-party applications using connected accounts. - [Tool Modifiers](https://docs.scalekit.com/agent-auth/tools/modifiers): Learn how to use pre and post modifiers to customize tool behavior, enforce deterministic workflows, and optimize token usage in Agent Auth. ## Developer Resources - [/dev-kit/code-samples/](https://docs.scalekit.com/dev-kit/code-samples/) - [MCP Auth](https://docs.scalekit.com/dev-kit/code-samples/mcp-auth): Model Context Protocol authentication examples and patterns - [Agent Auth](https://docs.scalekit.com/dev-kit/code-samples/agent-auth): Code samples of AI agents using Scalekit along with LangChain, Google ADK, and direct integrations - [Modular SSO](https://docs.scalekit.com/dev-kit/code-samples/modular-sso): Code samples demonstrating Single Sign-On implementations with Express.js, .NET Core, Firebase, AWS Cognito, and Next.js - [Modular SCIM](https://docs.scalekit.com/dev-kit/code-samples/modular-scim): Code samples demonstrating SCIM provisioning examples and integration patterns for user and group management - [Full stack auth](https://docs.scalekit.com/dev-kit/code-samples/full-stack-auth): Code samples demonstrating complete authentication implementations with hosted login and session management - [OpenAPI Specifications](https://docs.scalekit.com/dev-kit/api-collections/openapi-spec): Access Scalekit OpenAPI specifications for API documentation and client generation - [Scalekit MCP Server](https://docs.scalekit.com/dev-kit/ai-assisted-development/scalekit-mcp-server): Learn how to use the Scalekit MCP Server to manage your users, organizations, and applications. - [Set up AI-assisted development](https://docs.scalekit.com/dev-kit/resources/ai-assisted-setup): Learn how to use AI assisted setup to create a new project in Scalekit - [Handle webhook events in your application](https://docs.scalekit.com/authenticate/implement-workflows/implement-webhooks): Receive real-time notifications about authentication events in your application using Scalekit webhooks - [Following webhook best practices](https://docs.scalekit.com/guides/webhooks-best-practices): Learn best practices for implementing webhooks in your SCIM integration. Covers security measures, event handling, signature verification, and performance optimization techniques for real-time directory updates. - [Intercept authentication flows](https://docs.scalekit.com/authenticate/interceptors/auth-flow-interceptors): Apply decision checks at key points in the authentication flow - [Interceptor triggers](https://docs.scalekit.com/reference/interceptors/triggers): The points in the authentication flow where Scalekit calls your interceptor endpoint - [Social connections](https://docs.scalekit.com/guides/integrations/social-connections): Social connections - [SSO integrations](https://docs.scalekit.com/guides/integrations/sso-integrations): SSO integrations - [SCIM integrations](https://docs.scalekit.com/guides/integrations/scim-integrations): SCIM integrations ## MCP Auth - [Add OAuth 2.1 authorization to MCP servers](https://docs.scalekit.com/authenticate/mcp/quickstart): Secure your Model Context Protocol (MCP) servers with Scalekit's drop-in OAuth 2.1 authorization solution and protect your AI integrations - [Auth for MCP servers - Overview](https://docs.scalekit.com/authenticate/mcp/overview): Secure your Model Context Protocol (MCP) servers with Scalekit's drop-in OAuth 2.1 authorization solution - [Add OAuth 2.1 authorization to MCP servers](https://docs.scalekit.com/authenticate/mcp/quickstart): Secure your Model Context Protocol (MCP) servers with Scalekit's drop-in OAuth 2.1 authorization solution and protect your AI integrations - [Managing MCP Clients](https://docs.scalekit.com/authenticate/mcp/managing-mcp-clients): Manage MCP clients by viewing registered MCP clients, tracking user consent, and revoking access to your MCP servers. - [MCP Auth code samples](https://docs.scalekit.com/authenticate/mcp/code-samples): MCP Auth authentication examples and patterns - [Secure MCP with Enterprise SSO](https://docs.scalekit.com/mcp/auth-methods/enterprise): Use Scalekit's out-of-the-box enterprise SSO connections to authenticate your MCP server from the first request. - [Secure MCP with Social Logins](https://docs.scalekit.com/mcp/auth-methods/social): Use Scalekit's out-of-the-box social connections to authenticate your MCP server from the first request. - [Federated Auth Integration Guide](https://docs.scalekit.com/mcp/auth-methods/custom-auth): Using Scalekit as a drop-in OAuth 2.1 authorization layer for your MCP Servers with federated authentication to your existing auth layer. - [Human interacting with MCP Server](https://docs.scalekit.com/authenticate/mcp/topologies/human-mcp): Learn how a human authenticates with an MCP Server via OAuth 2.1 when using MCP-compliant hosts such as ChatGPT, Claude, VSCode, or Windsurf. - [Agent / Machine interacting with MCP Server](https://docs.scalekit.com/authenticate/mcp/topologies/agent-mcp): Learn how an autonomous agent or machine securely authenticates with an MCP Server using OAuth 2.1 Client Credentials flow in Scalekit. - [MCP Server interacting with MCPs / APIs](https://docs.scalekit.com/authenticate/mcp/topologies/mcp-api): Understand how an MCP Server integrates with internal systems, other MCP servers, or external APIs using secure tokens or API keys. - [FastMCP quickstart](https://docs.scalekit.com/authenticate/mcp/fastmcp-quickstart): FastMCP todo server with OAuth scope validation and CRUD operations. - [FastAPI + FastMCP quickstart](https://docs.scalekit.com/authenticate/mcp/fastapi-fastmcp-quickstart): Build a production-ready MCP server with FastAPI custom middleware for OAuth token validation and Scalekit authentication. - [Express.js quickstart](https://docs.scalekit.com/authenticate/mcp/expressjs-quickstart): Build a production-ready Express.js MCP server with TypeScript, custom middleware for OAuth token validation, and Scalekit authentication. - [New to MCP?](https://docs.scalekit.com/authenticate/mcp/intro-to-mcp-auth): Lock down MCP connections with OAuth 2.1 so agents get only the access they need - [MCP Auth code samples](https://docs.scalekit.com/authenticate/mcp/code-samples): MCP Auth authentication examples and patterns - [Troubleshooting MCP auth](https://docs.scalekit.com/authenticate/mcp/troubleshooting): Troubleshooting guide for common errors while adding auth for MCP Servers ## Modular SSO - [Add Modular SSO](https://docs.scalekit.com/authenticate/sso/add-modular-sso): Enable enterprise SSO for any customer in minutes with built-in SAML and OIDC integrations - [Add Modular SSO](https://docs.scalekit.com/authenticate/sso/add-modular-sso): Enable enterprise SSO for any customer in minutes with built-in SAML and OIDC integrations - [Code samples](https://docs.scalekit.com/authenticate/sso/code-samples): Code samples demonstrating Single Sign-On implementations with Express.js, .NET Core, Firebase, AWS Cognito, and Next.js - [Integrate SSO with own auth](https://docs.scalekit.com/guides/integrations/auth-systems): Integrate SSO with own auth - [Authorization URL to initiate SSO](https://docs.scalekit.com/sso/guides/authorization-url): Learn how to construct and implement authorization URLs in Scalekit to initiate secure Single Sign-on (SSO) flows with your identity provider. - [Handle identity provider initiated SSO](https://docs.scalekit.com/sso/guides/idp-init-sso): Learn how to securely implement IdP-initiated Single Sign-On for your application - [Pre-check SSO by domain](https://docs.scalekit.com/guides/user-auth/check-sso-domain): Validate that a user's email domain has an active SSO connection before redirecting to prevent dead-end redirects and improve user experience. - [Map user attributes to IdP](https://docs.scalekit.com/sso/guides/sso-user-attributes): Learn how to add and map custom user attributes, such as an employee number, from an Identity Provider (IdP) like Okta using Scalekit. - [Test SSO flow](https://docs.scalekit.com/sso/guides/test-sso): Validate your Single Sign-On implementation using the IdP Simulator or real identity providers like Okta - [Onboard enterprise customers](https://docs.scalekit.com/sso/guides/onboard-enterprise-customers): Complete workflow for enabling enterprise SSO and self-serve configuration for your customers - [Migrate SSO without IdP reconfiguration for customers](https://docs.scalekit.com/guides/sso/sso-migration-strategy): Learn how to coexist with external SSO providers while gradually migrating to Scalekit's SSO solution - [Introduction to Single Sign-on](https://docs.scalekit.com/sso/guides/sso-basics): Learn the basics of Single Sign-On (SSO), including how SAML and OIDC protocols work, and how Scalekit simplifies enterprise authentication. - [Ways to implement SSO logins](https://docs.scalekit.com/sso/guides/add-login-ux-sso): Implement single sign-on on your login page using three UX strategies: identifier-driven, SSO button, or organization-specific pages. - [Production readiness checklist](https://docs.scalekit.com/sso/guides/launch-checklist): A focused checklist for launching your Scalekit SSO integration, based on the core enterprise authentication launch checks. ## Modular SCIM - [/directory/scim/quickstart/](https://docs.scalekit.com/directory/scim/quickstart/) - [Add Modular SCIM provisioning](https://docs.scalekit.com/directory/scim/quickstart): Automate user provisioning with SCIM. Directory API and webhooks for real-time user data sync - [Code samples](https://docs.scalekit.com/directory/code-samples): Code samples demonstrating SCIM provisioning examples and integration patterns for user and group management - [Automatically assign roles](https://docs.scalekit.com/directory/guides/group-based-role-assignment): Automatically assign roles to users in your application by mapping directory provider groups to application roles using Scalekit - [Set up SCIM connection](https://docs.scalekit.com/guides/user-management/scim-provisioning): Set up a SCIM connection to your directory provider - [Onboard enterprise customers](https://docs.scalekit.com/directory/guides/onboard-enterprise-customers): Complete workflow for enabling enterprise SSO and self-serve configuration for your customers - [Understanding SCIM Provisioning](https://docs.scalekit.com/directory/guides/user-provisioning-basics): The business case for implementing SCIM - [Review SCIM protocol](https://docs.scalekit.com/directory/guides/scim-protocol): Learn about core components, resources, schemas, and real-world implementation scenarios for identity management across cloud applications through SCIM - [Production readiness checklist](https://docs.scalekit.com/directory/guides/launch-checklist): A focused checklist for launching your Scalekit SCIM provisioning integration, based on the core enterprise authentication launch checks. ## SDKs & APIs - [/sdks/](https://docs.scalekit.com/sdks/) ## Core Documentation - [Complete documentation](/llms-full.txt): Full Scalekit developer documentation in LLM-friendly format ## Developer Resources - [Developer Kit](https://docs.scalekit.com/dev-kit/code-samples/): SDKs, webhooks, development tools, and API references - [Webhook Events](https://docs.scalekit.com/reference/webhooks/): Real-time event notifications and webhook handling - [SDKs and Libraries](https://docs.scalekit.com/dev-kit/): Official SDKs for Node.js, Python, Go, Java, and community libraries ## Optional - [MCP Auth](https://docs.scalekit.com/authenticate/mcp/quickstart): Secure your Model Context Protocol (MCP) servers with Scalekit's drop-in OAuth 2.1 authorization solution and protect your AI integrations - [Custom Domains](https://docs.scalekit.com/guides/custom-domain): White-label domain configuration - [Email Providers](https://docs.scalekit.com/guides/email-providers): Custom email delivery setup