Discovery vs. Organization authentication flows
In Stytch’s B2B product, there are two different authentication flows used for login:
- Organization-specific authentication: This flow enables users to log into a specific Organization.
- Discovery authentication: This flow enables users to log in without specifying an Organization. Upon authentication, users discover all their associated Organizations and can either choose one to log into or create a new Organization.
It's important to note that while each authentication flow is tailored for distinct use cases, they can both be implemented within the same application and are designed to work well together. Both auth flows result in the user being authenticated into a specific Organization and receiving a Member Session.
Organization-specific auth flow | Discovery auth flow | |
---|---|---|
Login | Specific to one Organization | Discover multiple Organizations |
Signup | JIT provisioning, invites | JIT provisioning, invites |
Primary auth methods | Email Magic Links, OAuth, SSO, Passwords | Email Magic Links, OAuth |
Secondary auth methods (MFA) | SMS OTP, TOTP | SMS OTP, TOTP |
Organization creation / onboarding | Manual creation via API call or Dashboard | Self-serve creation within the login flow |
Organization-specific authentication
The Organization-specific authentication flow is designed for users who already know which Organization they'd like to log into. This approach is a common pattern for enterprise B2B applications that utilize company-specific login portals.
The auth flow is hosted on an organization-specific login page within your application. The login page's URL will include the organization_slug, a unique identifier, which scopes the auth flow to the exact Organization. For example, URLs like https://yourdomain.com/example-org/login and https://example-org.yourdomain.com/login utilize example-org as the organization_slug.
Users specify the organization_slug at login to access a particular Organization within the MoneyApp application.The Organization-specific auth flow lends itself to a more manual onboarding process and does not support self-serve creation. Creating a new Organization requires using the Stytch Dashboard or making separate direct API calls to the Create Organization endpoint. This method is commonly used to restrict access behind a sales team or within other enterprise onboarding flows.
To learn more about integration details, check out our Email Magic Links guide, OAuth guide, or Stytch UI components guide.
Discovery authentication
The Discovery authentication flow is designed for users to view all their associated Organizations upon login. This approach is a common pattern for SaaS applications where users have multiple accounts and need the ability to switch between organizational contexts such as workspace environments.
The auth flow is hosted on a centralized login page within your application, without any specific Organization context. Upon authentication, the Stytch API returns a list of Discovered Organizations, which includes those the user is already a member of and those they are eligible to join.
Users discover all their Organizations from a centralized login page, and select one to authenticate into.Discovery also provides users with the option of creating a new Organization via Discovery for self-serve onboarding. This feature enables users to simultaneously sign up and create a new Organization within the same flow.
To learn more about integration details, check out our Email Magic Links guide, OAuth guide, or Stytch UI components guide.