Skip to main content
B2B

Building B2B SaaS platforms with Organizations

Are you an independent software vendor (ISV) or SaaS company building a product that multiple business customers will use? SecureAuth organizations solve a critical problem: how do you give each customer isolated access to your platform while letting them manage their own users without you having to manually add or remove thousands of people?

The problem

Imagine you're InsureTech, a company offering insurance policies online. Your customers are painting companies, construction firms, plumbing businesses, and other contractors.

Each customer needs:

  • Their own account with isolated data
  • Their employees to access the insurance portal
  • An IT person from their company to manage user access
  • To use their existing identity provider (Google, Entra ID, Okta, etc.)
  • Security policies tailored to their business

If you manually add and remove every employee from every customer company, your operations team becomes a bottleneck. You can't scale.

The solution: Organizations in a Workspace

SecureAuth lets you use organizations to represent each of your business customers within a single workspace.

Here's how it works:

You create a workspace in SecureAuth. This is InsureTech's main environment.

For each customer, you create an organization.

  • ABC Painting Company gets an Organization
  • BuildRight Construction gets an Organization
  • Speedy Plumbing gets an Organization
  • And so on for hundreds of customers

Each organization:

  • Has its own users and groups
  • Has its own sign-in configuration
  • Can integrate with the customer's identity provider (Entra ID, Google Workspace, etc.)
  • Has delegated administrators (the customer's IT person manages their own users)
  • Is completely isolated from other organizations

Delegated administration: The key benefit

Instead of you managing users, you give each customer access to manage their own. Here's what happens:

ABC Painting Company's IT person logs in to their organization admin portal and:

  • Adds new painters as they get hired
  • Removes employees who leave
  • Organizes people into groups (office staff, field crews, supervisors)
  • Updates company details (address, phone number, domains)
  • Never sees other companies' data

You (InsureTech):

  • Don't manually manage ABC Painting's users
  • Don't get asked "can you add John from accounting?"
  • Can scale to hundreds of customers without growing your operations team
  • Maintain security oversight through audit logs
  • Set baseline security policies that all customers follow

Real example: ABC Painting Company

ABC Painting Company is a national painting contractor with offices in Los Angeles and San Diego.

When they sign up for InsureTech, you create:

ABC Painting Company (Organization)

  • ABC Painting's headquarters staff
  • Connected to their Microsoft Entra ID

Within that, two suborganizations:

  • ABC Painting Los Angeles (Suborganization)

    • LA office staff and painters
    • Managed by LA office IT person

  • ABC Painting San Diego (Suborganization)

    • San Diego office staff and painters
    • Managed by San Diego office IT person

ABC Painting can organize their users however they want. You just created the structure and gave them the keys.

Multiple identity providers

Different customers use different authentication systems:

  • ABC Painting uses Microsoft Entra ID
  • Speedy Plumbing uses Google Workspace
  • BuildRight Construction uses Okta

With organizations, each customer brings their own identity provider. You don't have to support a single system. SecureAuth handles all of them in one platform.

Security: Policies and isolation

You set baseline security policies in your workspace that all organizations inherit:

  • All users must use MFA
  • Sessions expire after 8 hours
  • Passwords must be complex

Individual organizations can enforce stricter rules if they need them:

  • ABC Painting might require WebAuthn for all administrators
  • BuildRight Construction might require step-up authentication for payments

Data isolation is complete. ABC Painting users cannot see BuildRight's data, users, or organization. This is enforced at the platform level.

Scaling efficiency

Without organizations, you'd need to:

  • Manage 10,000 individual users across 500 customers
  • Create separate workspaces for different compliance regions
  • Build custom admin portals for each customer
  • Handle escalating user management requests

With organizations, you:

  • Create one organization per customer (a 5-minute task)
  • Delegate user management to each customer
  • Maintain one workspace and one security baseline
  • Scale to hundreds or thousands of customers

Templates for onboarding

When you onboard many similar customers (like painting companies), you can create templates:

  1. Set up ABC Painting's organization perfectly
  2. Create a template from it
  3. Use that template when onboarding the next 10 painting companies

They all get the same authentication settings, policies, and branding automatically. No copy-pasting configuration.

Next steps

Ready to set up organizations for your customers?

See also