Try a B2B use case (with organization login)
# Try a B2B use case (with organization login)
The following guide is a complete end-to-end use case on how to manage B2B (Business-to-Business) applications in Asgardeo.
# Scenario
You are an administrator of Guardio Insurance, which is a company that provides its services to other business organizations.
Best Car Mart has a partnership with Guardio Insurance to provide life insurance policies to its employees. Guardio Insurance exposes its services to Best Car Mart’s employees through its Guardio Insurance App.
The employees of Best Car Mart should be able to log in to the Guardio Insurance App to consume its services. The administrators of Best Car Mart will manage the users of its organization and also determine the login experience that their users should have.
# Prerequisites
You should create an organization. For this example we have created an organization named Guardio Insurance
.
# Set up the organization
As the administrator of Guardio Insurance, you need to first set up an organization.
# Step 1: Onboard the organization
Create an organization in the Asgardeo Console with Best Car Mart
as the organization name.
# Step 2: Onboard an organization administrator
Onboard an administrator to the Best Car Mart organization using the values given below.
Username (Email) | Enter an email address as the user name. |
---|---|
First Name | Enter the first name of the user.Alex |
Last Name | Enter the last name of the user.Doe |
Password | Set a temporary password for the user. |
# Set up the app
The following guides explain how you can share an application with organizations and allow organization users to log in to it using SSO.
Let's use the sample application, Guardio Insurance app (opens new window), to explore this use case.
# Step 1: Register the app on Asgardeo
Follow the steps given below to register the Guardio Insurance App with Asgardeo.
Switch to the primary organization.
Register a standard-based application in your primary organization with the following settings:
Application Name Add a name for the application.
guardio-app
Protocol The authentication protocol to use.
OAuth2.0 OpenID Connect
Management Application Select this checkbox to indicate that the application has access to Asgardeo's management APIs.
# Step 2: Share the app with organizations
Share the Guardio Insurance app with your Best Car Mart organization. See instructions on how to share applications with organizations.
By doing so, you enable Sign In with SSO as a login option in the application login screen, which organization users can use to log in.
# Step 3: Configure the app on Asgardeo
To configure the registered application on Asgardeo:
On the Asgardeo Console, go to Applications and select the application you registered.
Go to the Protocol tab of the application, configure the following values.
Note that the
Organization Switch
grant will only be visible after you share the application with organizations.Allowed Grant Types Select the following grant types: - Client Credential
- Code
- Organization Switch
Authorization Redirect URL Enter the URLs of the application to which users should be redirected after login and logout.
http://localhost:3000/api/auth/callback/wso2is
http://localhost:3000
Allowed Origins Enter the allowed origins.
http://localhost:3000
Take note of the
client_id
andclient_secret
generated for your application.Click Update to save your configurations.
# Step 4: Set up the client app
Open the config.json
file found in the b2b-sample/guardio-insurance-sample-application
folder and update the following parameters:
Parameter | Description | Value |
---|---|---|
BaseOrganizationUrl | The base URL of the organization. | https://api.asgardeo.io/t/{organization-name} |
ClientId | The client ID of the application created on Asgardeo. | Client ID copied from step 1 above. |
ClientSecret | The client secret of the application created on Asgardeo. | Client secret copied from step 1 above. |
HostedUrl | The URL of the client application. | http://localhost:3000 |
APIScopes | The scopes required by the application to access user resources. | openid , email , internal_login , etc. |
Branding.name | The branding name of your application. | Guardio Insurance |
Branding.tag | A branding tag line for your apllication. | Anytime . Anywhere |
SharedApplicationName | The application name you used to register the application in Asgardeo. | Guardio Insurance App |
ImageBaseUrl | Add the URL of Asgardeo Console to load images required for the sample application. | https://console.asgardeo.io |
Remove the SampleOrganization
section from the config.json
file as it is not required for Asgardeo configurations.
To start the application, open a terminal, navigate to the
b2b-sample/guardio-insurance-sample-application
folder and execute the following commands:npm install
1npm run dev
1
# Try it out
The following guides explain how an organization user can log in to the sample application, Guardio Insurance App and how an organization administrator can use the built-in administration portal.
# Try out organization login
Follow the steps below to see how organization login works for a user in the Best Car Mart organization when logging into Guardio Insurance App.
Open the application by copying the following URL to your browser:
http://localhost:3000/
Click Sign In and see that you are diverted to the Asgardeo login screen.
Click Sign In with SSO to specify the organization to which you are signing in.
Enter Best Car Mart as the organization name and click Submit.
Enter the username and password of a user who you have onboarded to Best Car Mart.
Click Sign in and grant permission for the application to access your user attributes.
You have successfully logged into the Guardio Insurance App as a user of the Best Car Mart organization.
# Try out the administration portal
Learn how to build an administration portal for your B2B application in the implement an administration portal section.
Best Car Mart needs to manage its employees through an external IdP. As the administrator of Best Car Mart, Alex, is tasked with enabling login from the external IdP for Best Car Mart employees.
To configure an identity provider for Guardio Insurance App:
Log in to the application with the credentials of Alex.
On the application, go to Settings > Identity Providers and click Add Identity Provider.
Select Google if you are onboarding a Google IdP or Enterprise if you are onboarding an enterprise IdP.
Provide the details specific to your IdP and click Create.
Click Add to login flow to enable this IdP as the login option for Best Car Mart users in the application.