Create business applications

Depending on how your Organization implementation is designed, you have different options when creating Application definitions within your Organization. Whichever option you choose, the Organization behavior is defined at the application level.


First, configure the Organization SSO IdP for your root organization.

Register the business app

Follow the steps given below to register your organization's business apps in the root organziation.


This application will later be shared among suborganizations, which will allow users of the suborganizations to log in.

  1. Sign in to the WSO2 Identity Server Management Console as a super admin user.
  2. Use the Organization Switcher to switch to the root organization.

    Organization Switcher

  3. Go to Develop > Applications and click New Application to create an application.


    Make sure to tick Management Application when creating the application.

    Management Application


    You can use any of the available templates to register a new application.

    Create New Application

After registration, you are be directed to the Application.

Configure the login flow

Once you have registered the business application in your root organization, you need to define the login flow as follows:

  1. On the Management Console, go to the application you registered in the previous step.
  2. Go to the Sign-in Method tab and add the following IdPs for the first step of the sign-in flow:

    • Username & Password (basic authentication)
    • Organization SSO IdP

    Application Sign_in Method

  3. Go to the Conditional Authentication section and add the following script:


    • This conditional authentication script is used to identify the IdP that should be used for user authentication. That is, the user is prompted to specify the organization, based on which, the user is directed to that specific organization's IdP.
    • Be sure to replace the “<<ORGANIZATION_LOGIN_IDP_NAME>>” placeholder in the script.
    var onLoginRequest = function(context) {
            authenticationOptions: [{
                idp: ( && !context.steps[1].idp) ? "<<ORGANIZATION_LOGIN_IDP_NAME>>" : context.steps[1].idp
            authenticatorParams : {
                common : {
                    'skipIdentifierPreProcess' : "true"
            onSuccess: function (context) {
      "User successfully completed initial with IDP : " + context.steps[1].idp);
                if (context.steps[1].idp === "<<ORGANIZATION_LOGIN_IDP_NAME>>") {

What's next?

You can now share this application with the suborganizations in your organization structure. Learn more.