PostHog

The PostHog AuthKit Add-on forwards AuthKit events – sign ups, logins, password resets, and more – directly to PostHog as $identify and custom events. When combined with posthog-js running on your marketing site, the Add-on stitches each authenticated user back to their pre-login anonymous activity, giving you end-to-end funnels across your landing pages and your AuthKit sign-in experience.

To use the Add-on, your Authentication API Domain must share the same root as the domain where you load the PostHog browser snippet. This gives the Add-on access to PostHog’s anonymous distinct ID via the ph_<project>_posthog first-party cookie.

For example, if your PostHog snippet is loaded on www.example.com:

• Valid: auth.example.com is a valid Authentication API Domain
• Invalid: auth.workos.com is not a valid Authentication API Domain

In the WorkOS Dashboard, click the Authentication icon in the sidebar. Then click Add-ons.

Click Enable next to PostHog.

In another browser tab, open PostHog and navigate to Project settings. Copy your Project API Key (it starts with phc_). Paste it in the Project API Key field in the WorkOS Dashboard.

If you use PostHog EU Cloud or a self-hosted PostHog instance, set the Host field accordingly (for example, https://eu.i.posthog.com). Otherwise leave it set to the default https://us.i.posthog.com.

Toggle the Add-on Enable switch on, then click Save changes. The PostHog AuthKit Add-on is enabled and will begin forwarding AuthKit events to your PostHog project.

The Add-on sends events to PostHog when certain WorkOS Events occur:

• user.created – emitted as $identify plus a signed_up event with the authentication method as a property.
• authentication.*_succeeded – emitted as $identify plus a logged_in event with the authentication method as a property.
• All other forwarded AuthKit events use the WorkOS event name verbatim.

Every event includes the authenticated user’s WorkOS user ID as PostHog’s distinct_id. When the anonymous PostHog distinct ID is available from the shared cookie, it is included as $anon_distinct_id so PostHog stitches the pre-login session to the authenticated user.

After enabling the Add-on, visit your website, click your sign in button, and sign in to your application. Open PostHog and navigate to Activity. You should see a signed_up or logged_in event for the user, and – if PostHog was loaded on your marketing site under the same root domain – the user’s previous anonymous events should be merged onto the same person.

If you do not see events, return to the Add-ons page in the WorkOS Dashboard and confirm your Project API Key matches the value from PostHog. If after confirming the values match you still need support, please reach out to us in Slack.