{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"redocly_category":"Guides","product":"Identity Management","type":"markdown"},"seo":{"title":"B2B Identity — Main concepts","description":"Everything about Mosaic Journeys, SDKs, and APIs","siteUrl":"https://developer.transmitsecurity.com/","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"b2b-identity--main-concepts","__idx":0},"children":["B2B Identity — Main concepts"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This page introduces the core B2B Identity concepts through a single example. In this guide set, your company uses Mosaic to manage access to a holiday booking platform used by external travel agencies, their staff, and optional branch organizations."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["As you read, the holiday booking platform is the application, each travel agency is an organization, and agency staff are members of that organization."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"application","__idx":1},"children":["Application"]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In Mosaic, the holiday booking platform is the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["application"]},"."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["application"]}," is the product that external business entities use. In a B2B model, access is always evaluated in the context of a specific application."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In this guide set, the main example is a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail travel agency"]}," that uses the holiday booking platform. For that application, you define the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," that your product recognizes and the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]}," that bundle those roles."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"organization","__idx":2},"children":["Organization"]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In Mosaic, the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail travel agency"]}," is an ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["organization"]},"."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["An ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["organization"]}," represents one of the external business entities that access your application, such as a customer company, partner, branch, or supplier."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You link each organization to one or more applications. For each linked application, you also decide which ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]}," that organization can use."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"parent-and-child-organizations","__idx":3},"children":["Parent and child organizations"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["An organization can optionally manage other organizations."]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In Mosaic, the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail travel agency"]}," can be a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["parent organization"]},", while ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["New York branch"]}," is a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["child organization"]}," it manages."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This model is useful when one business entity needs to manage a set of sub-organizations within a controlled scope."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In this example, the parent organization can use a broader role group such as ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail storefront"]},", while the managed child organization can be limited to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail sales only"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"member","__idx":4},"children":["Member"]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In Mosaic, the staff who access the booking platform through the Retail travel agency or New York branch are ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["members"]}," of those organizations."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["A ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member"]}," is a user who belongs to an organization."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In Mosaic, a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["user"]}," is the underlying identity record, while a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member"]}," is that user in the context of a specific organization. The same user can be a member of multiple organizations, and adding a member does not necessarily create a new user."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This is why you may see the same person both in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["B2B Identity"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Users"]}," and under one or more organizations in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["B2B Identity"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organizations"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Members access only the applications linked to their organization. What they can do depends on the roles assigned to them."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For example, a head-office member in the Retail travel agency might receive ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["After-sales specialist"]},", while a member in New York branch might receive only ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Members can be managed by administrators in the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Admin Portal"]}," or, when allowed, in the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization admin portal"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"roles-and-role-groups","__idx":5},"children":["Roles and role groups"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["B2B access is built from three related concepts:"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"member-roles","__idx":6},"children":["Member roles"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Member roles"]}," define what a member can do inside your application."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In this guide set, the main example roles are ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["After-sales specialist"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Invoice reviewer"]},". You define these roles once at the application level."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"role-groups","__idx":7},"children":["Role groups"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Role groups"]}," are bundles of member roles."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You assign role groups to an organization for a specific application. This defines which member roles that organization is allowed to assign to its members."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For example, the Retail travel agency can receive ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail storefront"]},", which includes ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["After-sales specialist"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Invoice reviewer"]},". A managed child organization such as New York branch can receive the narrower ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail sales only"]}," group, which includes only ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"organization-level-roles","__idx":8},"children":["Organization-level roles"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization-level roles"]}," are Mosaic system roles that define what a member can do in the organization itself, not inside your application."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["These roles control actions such as managing members or accessing the Organization admin portal. Typical examples include ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization admin"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization member"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"recap-of-the-access-model","__idx":9},"children":["Recap of the access model"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["At a high level, access works like this:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You define ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," for the application, such as ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Booking agent"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["After-sales specialist"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Invoice reviewer"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You bundle those roles into ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]},", such as ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail storefront"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Retail sales only"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You assign the appropriate ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]}," to each organization."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["When you add or edit a member, you assign that member the relevant ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," from the roles allowed for that organization."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You also assign any required ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["organization-level roles"]}," for administrative actions in Mosaic."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This lets you control the maximum scope available to each organization while still allowing each organization to manage its own members within that scope."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"admin-portal-and-org-admin-portal","__idx":10},"children":["Admin Portal and Org Admin Portal"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["B2B configuration is split between two portals:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Admin Portal"]},": where you define the B2B structure, including applications, organizations, member roles, and role groups."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization Admin Portal"]},": where organization admins manage their own organization within the scope you allowed, such as managing members and assigning allowed roles."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"next-steps","__idx":11},"children":["Next steps"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_setup-overview"},"children":["Setup overview"]}," — follow the full implementation flow."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_implement_authentication"},"children":["Implement authentication (B2B)"]}," — choose how members authenticate."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_define_app_roles"},"children":["Define app roles"]}," — define application-level member roles."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_create_role_groups"},"children":["Create app role groups"]}," — bundle member roles into role groups."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_create_organization"},"children":["Create organizations"]}," — create organizations and optional parent-child structures."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_configure_org_roles_auth"},"children":["Configure org roles & auth"]}," — assign role groups and configure authentication per organization."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_set_members"},"children":["Set members"]}," — add members and assign roles."]}]}]},"headings":[{"value":"B2B Identity — Main concepts","id":"b2b-identity--main-concepts","depth":1},{"value":"Application","id":"application","depth":2},{"value":"Organization","id":"organization","depth":2},{"value":"Parent and child organizations","id":"parent-and-child-organizations","depth":2},{"value":"Member","id":"member","depth":2},{"value":"Roles and role groups","id":"roles-and-role-groups","depth":2},{"value":"Member roles","id":"member-roles","depth":3},{"value":"Role groups","id":"role-groups","depth":3},{"value":"Organization-level roles","id":"organization-level-roles","depth":3},{"value":"Recap of the access model","id":"recap-of-the-access-model","depth":2},{"value":"Admin Portal and Org Admin Portal","id":"admin-portal-and-org-admin-portal","depth":2},{"value":"Next steps","id":"next-steps","depth":2}],"frontmatter":{"markdown":{"toc":{"depth":2}},"seo":{"title":"B2B Identity — Main concepts"}},"lastModified":"2026-05-14T12:07:42.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/user/b2b/b2b_main-concepts","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}