Where WeftID is going, in rough order. This is direction, not a delivery commitment: priorities move as we ship and learn. Today WeftID is a multi-tenant SAML and SCIM federation layer. The path below extends it toward OIDC in both directions, social sign-in, and an identity layer that SaaS builders can embed.
Put WeftID sign-in in front of HTTP apps that have no SSO of their own: internal dashboards, homelab and small-team tools. Your reverse proxy enforces access; the app stays untouched.
Federate to providers that speak OIDC (Microsoft Entra ID, Google, Okta, Keycloak, Auth0) alongside today's SAML, and act as an OIDC provider so applications can offer "Sign in with WeftID."
Google, GitHub, Apple, and Microsoft login for end users, built on the same OIDC connector.
Reflect Workspace users and groups into WeftID, the way Okta and Entra already do over SCIM (Workspace does not push SCIM, so this uses the Admin SDK).
Additional vendor profiles on top of today's Slack, GitHub Enterprise, Atlassian, and GitLab.
Provision organizations through an API, let your customers configure their own SSO and SCIM, and integrate through webhooks and hosted login, so a product can ship enterprise-ready identity without building it. This work follows the OIDC milestones above.
Need something on this list sooner? Try WeftID, or start a conversation on GitHub.