Take me back

Introducing B2B Authentication

Latest

Product

June 2, 2023

Author: Stytch Team

"Introducing B2B Authentication" on a dark blue screen, with different single sign on login screens visible in the foreground

Today, Stytch is excited to introduce our authentication suite for business-to-business (B2B) companies, complete with SSO (both OIDC and SAML), built-in organization-based tenancy, and platform staples our business-to consumer (B2C) platform is known for like breach-resistant passwords and passwordless auth options like email magic links, SMS one-time passcodes, and OAuth. 

The importance of authentication for B2B applications

Authentication is a critical requirement for B2B applications to successfully grow their customer base. The authentication and authorization requirements that your business customers need only grow in number and complexity as you move upmarket and sell to larger customers. Enterprise customers require more advanced controls and capabilities to manage provisioning of user accounts, control user access and permissions, and mitigate any security risks tied to their users’ accounts.

When a business has a need for specific authentication features – whether it’s SSO, controlling how members can join an Organization, or something else – these are hard requirements that can become dealbreakers, especially for enterprise customers. B2B applications need to be able to support these authentication requirements in order to win these customers and scale successfully.

Current challenges with B2B authentication

When compared to B2C authentication, B2B is much more complex. It requires: 

  1. More complicated data models that are built around organizations and members instead of users
  2. Handling provisioning/access/permissions for users across different organizations
  3. Providing unique authentication settings for each B2B customer while still ensuring security at scale 

These complexities mean that B2B auth is much more difficult and time-consuming to build in-house: to achieve even the basic requirements of B2B authentication, in-house developers need to build a multi-tenancy data model from the ground up, in addition to key infrastructure and features like SSO, organization auth settings, invitation management, and more.

At the same time, existing solutions fall short: they lack the foundational data structures necessary to build scalable B2B authentication. In fact, until now, no B2B authentication solution on the market has offered organization tenancy (also known as “multitenancy”) built into their data architecture. Instead, they offer what is fundamentally a B2C architecture with a few B2B elements tacked on.

Why is this such a big deal? 

By failing to build this structure into their B2B product from the beginning, the onus of building and maintaining this incredibly complex architecture falls to your eng team. 

Not only does this tax precious developer resources, it also often results in under-informed decisions that can have big downstream effects when new edge cases inevitably arise as your business grows and your authentication needs evolve. How companies handle things like org and member definition, onboarding and provisioning, or the relationship between email domains, Identity Providers, and organizations can each become big obstacles for your business. They ultimately require significant rebuilds as B2B companies take on bigger, more complex customers, each of whom will likely expect unique specifications / settings for their organization. Without an organization-first data model built in to your authentication architecture, these customizations will require custom code and constant painful revisions to your backend systems. 

Providers like Auth0 will tell you their solution simplifies the developer experience, but that simplicity is only skin-deep. Without an organization-first data model at the core of their product, they ultimately create pain points both for developers and end users that cost more time and money to resolve. 

At Stytch, we decided to do things differently. 

"Want to see how Stytch can support your product? Start building for free" Click on this image to start building with Stytch

The only organization-first authentication solution

In light of the gap in the current B2B authentication market, Stytch decided to build an organization-first authentication solution, with organization-based tenancy built directly into our data models. 

What this means is that our architecture is built with a membership model in mind – a critical requirement for building scalable, flexible B2B authentication. In contrast with a B2C data model, which is built entirely around the concept of an individual user, an org-first data model is built on the presumption that all users are members of an organization. Unlike a B2C app in which a user is the sole owner of the resources in their account, members of organizations must establish and verify not just their identity, but their membership in the organization. Apps must also orchestrate how members are invited to organizations, and how their permissions and accessible resources within that organization are governed. In case it’s not evident in the description, that’s a very different and more difficult data model to build, and it is fundamental to B2B authentication. 

What’s more, as many B2B companies find as they scale, their enterprise customers expect to be able to set custom member invitations, provisioning, and authentication factors that are unique to their app. Without an org-first data model, it’s impossible to offer these customizations without ripping out your data model and building it from scratch. Authentication capabilities that organizations often want to offer and customize include:

  • Organization creation & onboarding
  • Approved domains and login methods (including enterprise auth factors like passwords, OAuth, etc.)
  • Setting up single sign on connections (both OIDC & SAML)
  • Member creation settings (invitations, just-in-time provisioning, etc.)
  • Session length 

Stytch’s org-first architecture makes all of these settings easy to customize and set by organization. This is incredibly important for companies that want to scale (and really, what company doesn’t?), because enterprise companies have more idiosyncratic, tailored demands of their vendors, especially when it comes to things like auth and SSO. 

Benefits of the org-first approach

Without an org-first approach, developers who buy B2B auth from current market solutions like Auth0 still have to build the features described above themselves. With Stytch’s solution, they come out of the box: you simply have to integrate our solution and set up how your customers will leverage those features. Stytch enables all the key requirements for B2B authentication – organization management, invites, approved domains and logins, SSO, etc. – right from the start. No superfluous assembly required. 

By virtue of all the core B2B features an org-first architecture enables, we believe our approach to B2B auth uniquely delivers three outsized benefits to our customers: 

  1. It saves valuable developer resources: An org-first data model not only saves your developers time in the short-term, it saves them headaches in the long run too. An org-first model can handle all the various auth requirements a B2B company may encounter with their customers. And as your business grows to take on more enterprise clients, the various edge cases and unique auth demands will only proliferate. Stytch’s data model is ready for any of these scenarios, making them incredibly easy and time-efficient to set-up.
  2. It offers more fine-grained customization and features: B2B auth is not a one-size-fits-all solution. Depending on their size, industry, end users, and any regulations they may be subject to, B2B customers have requirements for the end user experience and security they want to provide for their customers. An organization-first architecture allows your platform to build and offer enterprise-level customization for authentication so each organization can have fine-grained control over their authentication experience.A diagram of four boxes representing four different organizations, each with different authentication settings, including different approved login methods, different SSO connections, different user provisioning, and different maximum session lengths.
  3. It empowers developers to provide a better end user experience: By simplifying the work developers need to do on the backend, Stytch makes it easy to build a good B2B auth experience. With features like invitations, organization discovery,organization switching, and account deduplication built into our platform, our B2B solution avoids all the pitfalls and provides the key capabilities that help you deliver a delightful and effortless end user experience.

Three separate screenshots of an app showing the steps of a user searching for, discovering, and then selecting which organization they'd like to log in with.

In sum, Stytch’s org-first solution offers a vastly different product and developer experience than anything else on the market: an unparalleled depth and range of auth capabilities out of the box, greater flexibility so you can offer a tailor-made auth solution for your customers, and the ability to customize the exact experience you want  for their end users. On top of all of this, our customers get the same great service we offer with our B2C product. 

Start building for free

Interested in seeing how Stytch can accelerate your B2B product? Check out our docs and start building for free today. 

And if you have any questions, feel free to contact us at support@stytch.com or schedule a chat with a member of our team. 

SHARE

Get started with Stytch

Start building for free