As your B2B SaaS application scales, so do your requirements for complex data models, granular permissions, and many-to-many relationships between Organizations and Members. You need a strong multi-tenant architecture to securely govern multiple entities and their authentication flows within your application.
Designed with an organization-first data model, Stytch's solution enables developers to scale their authentication solutions with their B2B applications at every stage of growth.
B2B SaaS Authentication features
Stytch offers developers a comprehensive set of features and capabilities in order to build secure and scalable B2B SaaS Authentication. This includes but is not limited to:
Multi-tenancy: Stytch's B2B SaaS Authentication platform is built upon two key data entities: Organizations and their Members. With Stytch, you can implement B2B SaaS Authentication without needing to build all the back-end logic to solve the many challenges that multi-tenancy poses like per organization settings, authentication settings, invites, provisioning, multiple memberships, account deduplication, and more.
Organizations: Stytch treats Organizations as first-class entities. Every Organization has configurable settings for administering important access controls like allowed auth methods, allowed email domains, provisioning, invites, IdP connections, and more. Organizations can have thousands or just one single Member, making it flexibly suited for enterprises, teams, and collaborative data models.
Members: Stytch stores and manages authenticated end users as Members who are primarily identified by their email addresses. A single end user can have multiple distinct Members in different Organizations linked by the same email address.
RBAC: Stytch's RBAC framework is an authorization model that governs resource access within your application. The RBAC model streamlines the management and enforcement of permissions with a flexible interface designed for a multi-tenant auth system.
SCIM (coming soon): Stytch's SCIM solution offers a way to integrate with workforce identity providers for automated user provisioning. Developed to streamline identity management processes, SCIM provides a common framework for handling user data synchronizations within complex, multi-domain environments.
Just-in-time (JIT) provisioning: Organizations can specify trusted sources (such as an Identity Provider or a verified email domain) that enable end users to join the Organization without an explicit invite. Through these sources, Members will be automatically created when an end user successfully authenticates.
Discovery: Stytch's Discovery flow enables end users to discover all of their Organizations upon authentication. Instead of logging in to each Organization separately, the end user can use the Discovery flow to log in once, see all of their memberships, and select an Organization to authenticate into. Discovery also allows end users to switch between Organizations within an active Session.
Enterprise onboarding: Stytch supports manual onboarding processes, often used to restrict access behind a sales team (e.g. Lattice), by exposing direct API calls to create Organizations.
Self-onboarding: Stytch also supports end users being able to create Organizations, often used for self-service onboarding flows (e.g. Slack). This can be done by creating an Organization and initial Member as the final step of the Discovery flow.
Single Sign On: Stytch supports both SAML and OIDC protocols for SSO login. Integrate with IdPs for centralized authentication with existing identity systems and frameworks. Organizations can support multiple SSO connections with different IdPs and specify which connections can be used as defaults or for JIT provisioning.
Sessions: Stytch issues, stores, and validates Sessions on behalf of your application. After an end user successfully authenticates, Stytch's API will return both a session_token and a session_jwt for you to store and manage. Use Stytch's Sessions to validate requests, authorize actions, and store metadata.
Auth methods: Stytch offers a comprehensive suite of authentication methods. Choose the right login experience for your application user base. We offer Email Magic links, Passwords, Single Sign On, OAuth, and One-Time Passcodes (OTP). More auth methods are coming soon, like Time-Based One-Time Passcodes (TOTP).
Break glass: Members can also be designated as breakglass which grants them elevated privileges in the Organization for use cases such as emergency access.
Multi-Factor Authentication: Stytch supports MFA. Organizations and Members can opt-in to MFA and add an extra layer of security by requiring multiple forms of verification factors during the authentication process.