Discovery
When an end user authenticates and is then presented with all the Organizations that they:- Are an active Member of
- Have an eligible pending invite to join
- Have an eligible email domain
Recommended use
- To have a centralized login page for all Organizations
- To allow end users to find and discover existing Organization they have access to
Organization-specific login
Specialized, tenant-specific login flows—often a subdomain or route that contains theorganization_slug (e.g. <slug>.yourapp.com or yourapp.com/team/<slug>). End users are presented with the org-specific auth methods and can log into the Organization directly if they:
- Are an active Member
- Have a pending invite to join
- Have an eligible email domain or authenticated SSO connection
Recommended use
- We recommend using this flow alongside Discovery to support enterprise customers with SSO configured
- If your app doesn’t already have tenanted subdomains or routes, Stytch supports IdP-initiated SSO—which allows end users to initiate login to your app directly from their IdP and skip Discovery
Organization switching
Allows end users to switch between various Organizations without needing to log out and log back in. While Member Sessions are scoped to a specific Member in an Organization, Stytch provides out-of-box support for:- Surfacing other Organizations the end user belongs to
- Prompting any additional step-up authentication when switching Organizations, if needed
- Exchanging sessions between the current Member Session and a new Member Session with the selected Organization
Recommended use
- Allows seamless switching between multiple Organizations, while maintaining your customers’ data isolation and auth requirements