Identity & Access Management

B2B Feature with Asgardeo

Sachin Mamoru

Published in

Identity Beyond Borders

5 min readDec 20, 2022

WSO2 Asgardeo supports the B2B Organization Management feature

Before understanding the B2B concept, let’s talk about B2C businesses.

B2C Organizations

In the B2C scenario, you’ll be managing your business by creating an organization in the Asgardeo portal. You can add IDPs and manage your login flow according to your business needs. And the users also can be onboarded to that organization and managed accordingly.

B2B Organizations

In the B2B scenario, the businesses will first create their root organization and then create the sub-organizations to onboard the subordinate customer businesses. That customer business also can act as an organization under the root organization. They can also incorporate IDPs and manage user groups to the requirement of the business.

Corporate IDP login flow for B2B Sub Organizations

Step 1: Create 1st level Organization

Go to the Asgardeo portal and sign up. Then create your 1st level organization.

Step 2: Create the Sub Organization

Create a sub-organization by navigating to the organization section of the Asgardeo.

Provide an organization name [<B2B Sub Organization>] and register.

Step 3: Create a sub-organization administrator to manage the sub-organization

Switch to the sub-organization through the organization switcher.

Navigate to the Users section on the Manage tab and create a user.

Then create an Admin role by allocating all the permissions to the role. After that assign the role to the created admin user.

Step 4: Share the B2B Application with the Sub Organization

Go to the application edit section and click on the Share Application button.

Then click on the Share with all sub-organizations option and update.

Step 5: Set up B2B Sample Application

Switch to the root organization and create a Standard-Based Application

Provide a name and select the check box to make it as Management Application.

Go to the Protocol section of the application and provide the following information.

Allowed Grant Types

Client Credentials
Code
Organization Switch

Authorization Redirect URLs

Allowed Origins

http://localhost:3000

Then click on the update button.

Keep a note of the Client ID and the Client Secret, which will be needed to configure the sample application.

Now add the needed user attributes for the application.

First Name
Last Name
Email
Username

Then click on the update button

2. Now configure the sample application:

Download the b2b sample application from here.
Update the config.json file found in the b2b-sample/guardio-insurance-sample-application folder as follows:

{
    "AuthorizationConfig": {
        "BaseOrganizationUrl": "<PARENT ORGANIZATION URL> ex: https://dev.api.asgardeo.io/t/guardio",
        "ClientId": "<CLIENT ID>",
        "ClientSecret": "<CLIENT SECRET>"
    },
    "ManagementAPIConfig": {
        "SharedApplicationName": "<SHARED APPLICATION NAME> ex: guardio-app",
        "ImageBaseUrl" : "<IMAGE BASE URL - FOLLOW README.MD FOR MORE INFORMATION>"
    }
}

“BaseOrganizationUrl”: “https://api.asgardeo.io/t/sachinmb2b”

Paste the Client ID and Client Secret copied from the B2B SaaS App.

“SharedApplicationName”: “B2B-SaaS-App”

“ImageBaseUrl” : https://console.asgardeo.io/

Now run the sample application