Given below are concepts you will use when you work with WSO2 Private CIAM Cloud for your B2B organizational requirements.


An organization represents a grouping of users and other organizations in the WSO2 Private CIAM Cloud. You can maintain multiple organizations within a single organization that depicts a hierarchical or flat organizational structure.

The WSO2 Private CIAM Cloud can manage a large number of roles and user groups within an organizational boundary. Because organizations are isolated from one another, businesses can maintain their own enterprise structures and identity providers.

Listed below are the types of organizations you work with.

Super organization The super organization is the default organization of a WSO2 CIAM Cloud instance. All other organizations will be subordinate in structure to the super organization.
Suborganization A suborganization is an organization that is subordinate to a parent organization. For example, the super organization may have suborganizations at multiple levels in the B2B organization structure.

Learn more about managing organizations.

Business applications

B2B applications are hosted by the super organization and shared with its suborganizations. Learn more about managing business applications.

For example, in this sample use case, Guardio-SaaS-App is a business application in Guardio Insurance, which is shared with its suborganizations Best Auto Mart and Car Traders.

Identity providers

Listed below are the types of federated identity providers used in a B2B business.

Organization SSO IdP

This is a federated IdP that is defined in the root organization of the B2B business and enabled for the business applications at the root level. This IdP ensures that suborganization users can be authenticated through their suborganization IdP when they log in to business applications.

Learn more about configuring the organization IdP.

Suborganization Suborganization in the B2B business will have their own identity providers to authenticate users when they sign in to the B2B business's applications. These suborganization IdPs should be defined as federated IdPs in the application sign-in flow for that specific organization.

User roles

User roles specify the permissions that are granted to a particular user or user group. These may include permissions to access business applications or to use the Management Console.


Listed below are the type of users in the WSO2 CIAM Cloud for B2B businesses. Learn more about managing users.

System administrators Administrators of the super organization who set up and manage the B2B business.
Organization administrators Administrators of the respective organizations in the B2B business. These administrators are set up by a system administrator and assigned a role with the permissions required.
B2B Consumers Users within an individual organization who consume the business applications of the B2B business. Consumers are specific to an individual organization. However, they consume business applications of the B2B business through organization login.