Organizations

In Strivacity, an Organization serves as a way to segment accounts within an Identity Store, enabling business-to-business (B2B) use cases such as delegated administration and B2B customer-specific policies for login and registration.

Organization Policies allow brands to define policies that override those set for a given Application. This gives brands the flexibility to set per-organization external login providers, adjust Adaptive Access policies with stricter rules, or deliver custom branding experiences, such as for Business to Business to Customer (B2B2C) dealer or agency models. Each user account is associated with a single Organization, although a user may have different accounts across multiple Organizations.

Delegated Administration enables a brand’s B2B customers to manage their own users’ access to the brand portals through the Organization Administration portal. Access to this portal is controlled via Organization Roles, which are defined using granular RBAC (Role-Based Access Control) permissions and can be customized on a per-identity store basis.

The Organization Role assigned to a user account determines the user’s ability to manage the Organization. A user account may be part of one organization but hold roles in other organizations, granting them management permissions in multiple organizations. Role memberships can also be passed via OIDC claims or in SAML assertions for brand portals to use for authorization purposes.

In summary:

Organizations segment users into groups for B2B use cases.
Organization membership dictates which login, registration, and self-service experiences a user will encounter.
Organization roles define organization and user management permissions. A user in one organization can hold management permissions in other organizations as well.

Capabilities

Organizational applications: Strivacity allows you to set up B2B and/or B2C customer journeys by configuring organization or hybrid application types. Organization-only applications will only log in and register users who are members of an organization. In contrast, hybrid applications allow both organization and non-organization users to log in and register.
Organizational policy overrides: Organizational policy overrides allow you to configure unique sign-in and sign-up experiences for specific segments of users, including presenting different branding, identity providers, or self-service capabilities.
Multiple organization management: Strivacity supports multiple organizations within a single instance. Each organization operates independently, allowing you to manage multiple brand divisions under one Strivacity instance without compromising security or data privacy.
Organizational routing: Users can be routed to the correct organization (and thus the correct login/registration experience) by the user specifying the route for the organization, via Login hint for organizational routing or by being automatically routed based on membership in a single organization in a hierarchy of organizations.
Delegated administration: Organizational account management lets you delegate customer relationships to your B2B customers so they can manage their own users, reducing reliance on customer support teams.

Use cases

Delegated administration for enterprise SaaS: Allows customers to manage their own users through a dedicated management portal. Customers' users can sign in or sign up via their company’s enterprise SSO platform, offering a seamless experience for large B2B clients.
White-labeled application/dealer model: Brands can delegate customer relationships to third-party companies. Each white-labeled company can have a unique customer journey and manage its own customers while using the same application and identity store. Multi-level organization hierarchies support complex relationships, such as when third parties further delegate to their own customers.
Multinational company with country-specific requirements: Segregate user registration and management based on the customer’s country. Customize sign-up flows, attribute requirements, and customer management rules for specific countries, ensuring compliance with local regulations and customer needs.

Configuration

Strivacity’s organizational management allows for flexible configuration across multiple areas.

New application types: Supports simple applications, organization-only applications, and hybrid applications, catering to different use cases such as B2B, B2C, or combined customer bases. Organization-enabled applications
Organization policies: Dynamically adjust policies (e.g., branding, MFA, or SSO) based on an organization’s membership or route, ensuring tailored authentication flows. Organization policies
Organization management: Brand administrators can create and manage organizations directly from the admin console, including parent-child relationships for hierarchical structures. Creating an organization
Organization roles Create rules using granular RBAC controls to determine which accounts have which permissions in a particular organization. Organization roles
Delegated administration: Facilitates the delegation of user management to organization members, allowing them to manage users and descendant organizations with specific roles. Delegated administration
Lifecycle Event Hooks: Expose the organization ID in lifecycle event hooks, enabling the customization of customer journeys based on the organization. Lifecycle event hooks

For more in-depth configuration details, visit the relevant sections in the documentation: