{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"redocly_category":"Guides","product":"Identity Management","type":"markdown"},"seo":{"title":"Setup overview","description":"Everything about Mosaic Journeys, SDKs, and APIs","siteUrl":"https://developer.transmitsecurity.com/","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"setup-overview","__idx":0},"children":["Setup overview"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This page provides the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["ordered setup flow"]}," for B2B Identity. Each step gives you the information you need to understand what to configure and why it matters, then links to a dedicated page for the full instructions."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-1-configure-b2b","__idx":1},"children":["Step 1: Configure B2B"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Configure the invite flow, set the Organization admin portal domain, and define how member events invalidate active sessions."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Start by creating the application that will serve as your B2B app, if you do not already have one. In the app's ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["B2B application"]}," settings, configure the invite flow, set the Org admin portal domain, define how long invite links remain valid, and choose which member events invalidate refresh tokens."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This step prepares the application for B2B use before you define roles, organizations, and members."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_configure_b2b"},"children":["Configure B2B"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-2-implement-authentication","__idx":2},"children":["Step 2: Implement authentication"]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Choose how members sign in to your app and make sure the login flow can resolve the correct organization."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before configuring access, decide which authentication model your B2B application will use. Members can sign in through ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Mosaic SSO Service"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Mosaic APIs or journeys"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["hosted login"]},", or an ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["organization's external IdP"]}," using OIDC or SAML."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Whatever model you choose, the login flow must identify the member's organization so the correct B2B context can be applied. Depending on the integration, this can be based on signals such as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["org_id"]},", email domain, or organization context in the journey."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_implement_authentication"},"children":["Implement authentication (B2B)"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-3-define-the-app-roles","__idx":3},"children":["Step 3: Define the app roles"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Define the application-level member roles that describe what users can do inside your app."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["At this step, define the full set of ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," your application may need, even if only some organizations will use certain roles. These roles are created once at the application level and later grouped into ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For each role, you typically define:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Role name"]}," — the display name shown to administrators"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Description"]}," — optional context for administrators"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Value"]}," — the stable identifier your application uses in tokens or APIs"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["These roles are the building blocks for the role groups you create in the next step."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_define_app_roles"},"children":["Define app roles"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-4-create-app-role-groups","__idx":4},"children":["Step 4: Create app role groups"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Bundle member roles into role groups that reflect the scope each type of organization should have."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Role groups"]}," are bundles of the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," you defined in Step 3. You design them around real business scope, so that each organization can later receive only the roles that match its responsibilities."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For example, one organization might receive a narrow group with only sales roles, while another receives a broader group that includes sales, after-sales, or finance roles."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you use a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["parent and child organization"]}," model, role groups also help define what parent organizations can expose to their managed children. This lets you control precisely which bundles child organizations are allowed to use."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_create_role_groups"},"children":["Create app role groups"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-5-create-organizations","__idx":5},"children":["Step 5: Create organizations"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Create the customer organizations that use your app and link each one to the relevant applications."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In B2B Identity, each external business entity that accesses your application is represented as an ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["organization"]},". At creation time, you associate the organization with one or more applications. Only those linked applications will be available to that organization's members."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You can also use this step to model a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["parent-child hierarchy"]},", where one organization manages one or more child organizations."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This step defines the organizational structure. In the next step, you will configure the access scope and authentication behavior for each organization."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_create_organization"},"children":["Create organizations"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-6-configure-org-roles--auth","__idx":6},"children":["Step 6: Configure org roles & auth"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For each organization, assign the allowed role groups and define how that organization's members authenticate."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Once applications, member roles, role groups, and organizations are in place, configure each organization's scope for each linked application."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["At this step, you:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["assign the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["role groups"]}," created in Step 4 to each organization"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["decide whether the organization inherits the app's authentication settings or overrides them"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This is the step where the application-level model becomes organization-specific. It determines which ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["member roles"]}," an organization can assign and how its members sign in."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_configure_org_roles_auth"},"children":["Configure org roles & auth"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-7-set-members","__idx":7},"children":["Step 7: Set members"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Admin Portal "]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Org admin portal "]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Add members to each organization and assign their application access and organization-level permissions."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["After the organization's scope is configured, you can add its members in either the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Admin Portal"]}," or the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization admin portal"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["When setting a member, you assign two kinds of access:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Member roles"]}," — what the user can do inside the application, chosen from the roles allowed by the organization's assigned role groups"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Organization-level roles"]}," — what the user can do in Mosaic for that organization, such as administering members or using the Organization admin portal"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This is the final step in the setup flow, because member access depends on the application roles, role groups, and organization configuration already being in place."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For the complete conceptual and instructional details of this step, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_set_members"},"children":["Set members"]},". Org admins can also manage members directly from the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/user/b2b/b2b_org_portal"},"children":["Organization admin portal"]},", without needing access to the Admin Portal."]},{"$$mdtype":"Tag","name":"style","attributes":{},"children":["\n    [data-component-name=\"Markdown/Markdown\"] blockquote {\n        border-left: 4px solid #BBC5FF !important;\n        border-radius: 2px;\n        background-color: #F1F2FF !important;\n        padding: 20px 10px 15px 10px;\n        margin: 10px 1px;\n    }\n"]}]},"headings":[{"value":"Setup overview","id":"setup-overview","depth":1},{"value":"Step 1: Configure B2B","id":"step-1-configure-b2b","depth":2},{"value":"Step 2: Implement authentication","id":"step-2-implement-authentication","depth":2},{"value":"Step 3: Define the app roles","id":"step-3-define-the-app-roles","depth":2},{"value":"Step 4: Create app role groups","id":"step-4-create-app-role-groups","depth":2},{"value":"Step 5: Create organizations","id":"step-5-create-organizations","depth":2},{"value":"Step 6: Configure org roles & auth","id":"step-6-configure-org-roles--auth","depth":2},{"value":"Step 7: Set members","id":"step-7-set-members","depth":2}],"frontmatter":{"navigation":{"nextButton":{"text":"Start implementing:","hide":false},"previousButton":{"hide":true}},"seo":{"title":"Setup overview"}},"lastModified":"2026-04-09T16:05:37.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/user/b2b/b2b_setup-overview","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}