June 2, 2023
Author: Stytch Team
Today, Stytch is excited to introduce our authentication suite for business-to-business (B2B) companies, complete with SSO (both OIDC and SAML), built-in organization-based tenancy, and platform staples our business-to consumer (B2C) platform is known for like breach-resistant passwords and passwordless auth options like email magic links, SMS one-time passcodes, and OAuth.
Authentication is a critical requirement for B2B applications to successfully grow their customer base. The authentication and authorization requirements that your business customers need only grow in number and complexity as you move upmarket and sell to larger customers. Enterprise customers require more advanced controls and capabilities to manage provisioning of user accounts, control user access and permissions, and mitigate any security risks tied to their users’ accounts.
When a business has a need for specific authentication features – whether it’s SSO, controlling how members can join an Organization, or something else – these are hard requirements that can become dealbreakers, especially for enterprise customers. B2B applications need to be able to support these authentication requirements in order to win these customers and scale successfully.
When compared to B2C authentication, B2B is much more complex. It requires:
These complexities mean that B2B auth is much more difficult and time-consuming to build in-house: to achieve even the basic requirements of B2B authentication, in-house developers need to build a multi-tenancy data model from the ground up, in addition to key infrastructure and features like SSO, organization auth settings, invitation management, and more.
At the same time, existing solutions fall short: they lack the foundational data structures necessary to build scalable B2B authentication. In fact, until now, no B2B authentication solution on the market has offered organization tenancy (also known as “multitenancy”) built into their data architecture. Instead, they offer what is fundamentally a B2C architecture with a few B2B elements tacked on.
Why is this such a big deal?
By failing to build this structure into their B2B product from the beginning, the onus of building and maintaining this incredibly complex architecture falls to your eng team.
Not only does this tax precious developer resources, it also often results in under-informed decisions that can have big downstream effects when new edge cases inevitably arise as your business grows and your authentication needs evolve. How companies handle things like org and member definition, onboarding and provisioning, or the relationship between email domains, Identity Providers, and organizations can each become big obstacles for your business. They ultimately require significant rebuilds as B2B companies take on bigger, more complex customers, each of whom will likely expect unique specifications / settings for their organization. Without an organization-first data model built in to your authentication architecture, these customizations will require custom code and constant painful revisions to your backend systems.
Providers like Auth0 will tell you their solution simplifies the developer experience, but that simplicity is only skin-deep. Without an organization-first data model at the core of their product, they ultimately create pain points both for developers and end users that cost more time and money to resolve.
At Stytch, we decided to do things differently.
In light of the gap in the current B2B authentication market, Stytch decided to build an organization-first authentication solution, with organization-based tenancy built directly into our data models.
What this means is that our architecture is built with a membership model in mind – a critical requirement for building scalable, flexible B2B authentication. In contrast with a B2C data model, which is built entirely around the concept of an individual user, an org-first data model is built on the presumption that all users are members of an organization. Unlike a B2C app in which a user is the sole owner of the resources in their account, members of organizations must establish and verify not just their identity, but their membership in the organization. Apps must also orchestrate how members are invited to organizations, and how their permissions and accessible resources within that organization are governed. In case it’s not evident in the description, that’s a very different and more difficult data model to build, and it is fundamental to B2B authentication.
What’s more, as many B2B companies find as they scale, their enterprise customers expect to be able to set custom member invitations, provisioning, and authentication factors that are unique to their app. Without an org-first data model, it’s impossible to offer these customizations without ripping out your data model and building it from scratch. Authentication capabilities that organizations often want to offer and customize include:
Stytch’s org-first architecture makes all of these settings easy to customize and set by organization. This is incredibly important for companies that want to scale (and really, what company doesn’t?), because enterprise companies have more idiosyncratic, tailored demands of their vendors, especially when it comes to things like auth and SSO.
Without an org-first approach, developers who buy B2B auth from current market solutions like Auth0 still have to build the features described above themselves. With Stytch’s solution, they come out of the box: you simply have to integrate our solution and set up how your customers will leverage those features. Stytch enables all the key requirements for B2B authentication – organization management, invites, approved domains and logins, SSO, etc. – right from the start. No superfluous assembly required.
By virtue of all the core B2B features an org-first architecture enables, we believe our approach to B2B auth uniquely delivers three outsized benefits to our customers:
In sum, Stytch’s org-first solution offers a vastly different product and developer experience than anything else on the market: an unparalleled depth and range of auth capabilities out of the box, greater flexibility so you can offer a tailor-made auth solution for your customers, and the ability to customize the exact experience you want for their end users. On top of all of this, our customers get the same great service we offer with our B2C product.
Interested in seeing how Stytch can accelerate your B2B product? Check out our docs and start building for free today.