Discovery vs. Organization authentication flows

In Stytch’s B2B product, there are two different authentication flows used for login:

  1. Organization-specific authentication: This flow enables users to log into a specific Organization.
  2. Discovery authentication: This flow enables users to log in without specifying an Organization. Upon authentication, users discover all their associated Organizations and can either choose one to log into or create a new Organization.

It's important to note that while each authentication flow is tailored for distinct use cases, they can both be implemented within the same application and are designed to work well together. Both auth flows result in the user being authenticated into a specific Organization and receiving a Member Session.

Organization-specific auth flow

Discovery auth flow

Login

Specific to one Organization

Discover multiple Organizations

Signup

JIT provisioning, invites

JIT provisioning, invites

Primary auth methods

Email Magic Links, OAuth, SSO, Passwords

Email Magic Links, OAuth

Secondary auth methods (MFA)

SMS OTP, TOTP

SMS OTP, TOTP

Organization creation / onboarding

Manual creation via API call or Dashboard

Self-serve creation within the login flow

Organization-specific authentication

The Organization-specific authentication flow is designed for users who already know which Organization they'd like to log into. This approach is a common pattern for enterprise B2B applications that utilize company-specific login portals.

The auth flow is hosted on an organization-specific login page within your application. The login page's URL will include the organization_slug, a unique identifier, which scopes the auth flow to the exact Organization. For example, URLs like https://yourdomain.com/example-org/login and https://example-org.yourdomain.com/login utilize example-org as the organization_slug.

B2B Organization loginUsers specify the organization_slug at login to access a particular Organization within the MoneyApp application.

The Organization-specific auth flow lends itself to a more manual onboarding process and does not support self-serve creation. Creating a new Organization requires using the Stytch Dashboard or making separate direct API calls to the Create Organization endpoint. This method is commonly used to restrict access behind a sales team or within other enterprise onboarding flows.

To learn more about integration details, check out our Email Magic Links guide, OAuth guide, or Stytch UI components guide.

Discovery authentication

The Discovery authentication flow is designed for users to view all their associated Organizations upon login. This approach is a common pattern for SaaS applications where users have multiple accounts and need the ability to switch between organizational contexts such as workspace environments.

The auth flow is hosted on a centralized login page within your application, without any specific Organization context. Upon authentication, the Stytch API returns a list of Discovered Organizations, which includes those the user is already a member of and those they are eligible to join.

B2B Discovery loginUsers discover all their Organizations from a centralized login page, and select one to authenticate into.

Discovery also provides users with the option of creating a new Organization via Discovery for self-serve onboarding. This feature enables users to simultaneously sign up and create a new Organization within the same flow.

To learn more about integration details, check out our Email Magic Links guide, OAuth guide, or Stytch UI components guide.