Designing B2B Authentication Experiences: Universal vs. Organization-Specific Login

One of the first decisions you must make when architecting a new B2B application? How you’re going to allow users to authenticate.

You have two choices: the universal login page or the organization-specific login page. We’ll make the distinction clear in a moment, but for now, know that the path you choose here has significant downstream effects on the entire lifecycle of your B2B application, and in ways far more significant than designing and developing a login page that looks good. Notably, three personas are most affected with the choice you make:

• Your internal product engineers, who build your application.

• Your customers’ IT administrators, who provision users, manage privileges, and enable single sign-on (SSO) integration with their identity providers (IdPs) such as Okta, Microsoft Azure AD.
  Your product’s users, who will be logging into your application.

Conveniently, two popular applications—Notion and Slack—have made opposite choices for end-user authentication flows. Their ubiquity makes them ideal for identifying how they implemented differing flows, tracing the pros and cons for each affected persona, and ultimately helping you create the best authentication paradigm for your application.
What are the Notion and Slack styles of Authentication?

Before diving too deeply into authentication nuances, let’s clarify our definitions.

Notion-style authentication flow uses universal login page
Slack-style authentication flow uses organization-specific login page

How are they different?

With a universal login page, the application identifies which organization the end user belongs to. In contrast, with an organization-specific page, the end user shares the organization as input to the application before they can be authenticated.

With Notion, you start authentication by loading the universal login page at notion.so/login. You give your work email address, which Notion uses to identify which organization you belong to based on the domain name. If your email is celina@foocorp.com, Notion assumes you’re part of the organization associated with foocorp.com.