Use Logto for various business models' identity systems
Logto is a flexible identity management tool designed to address a variety of business needs. In this article, we'll explore different business models that can support your specific requirements and help you architect your product effectively.
A simple consumer app (B2C)
n the context of a consumer-focused (B2C) app, like a music streaming service, the identity model manages different types of user access and privileges based on their subscription plans. This app, available on Android, iOS, and Web platforms, categorizes users into three distinct tiers:
- Free Plan User:
- Access to a limited selection of free music.
- Pro Plan User:
- Access to the free music library.
- Ability to create and save custom playlists.
- Advanced Plan User:
- Access to the entire music library, including HiFi quality tracks.
- Ability to create and save custom playlists.
Identity architecture
| Logto Tenant | 1 |
| App | Android app, iOS app, Web App |
| API resource | ✅ |
User management
| User management | ✅ |
| Permissions and roles | Free user, Pro user, Advanced user |
Sign-in experience
| Email passwordless | ✅ |
| Social sign in | ✅ |
| MFA | Potentially |
For simple consumer apps needing basic access control, these features are a great starting point. However, how you use them will depend entirely on your app's specific needs. Logto has the flexibility to adapt and support your success.
SaaS (B2B)
SaaS is the most popular model for B2B companies. In this setup, you provide services to many clients using a multi-tenant architecture, where each client has their own separate resources, yet identities are managed together through a unified system.
Identity architecture
| Logto Tenant | 1 |
| App | Usually, one app is enough, but it varies based on business requirements. (For example, you have both native and web applications) |
| Organization | ✅ |
User management
| User management | ✅ |
| Organization-level RABC |
|
Sign-in experience
| Passwordless | ✅ |
| Social sign in | ✅ |
| MFA | Potentially |
| SSO | To sell your SaaS app to enterprise clients, you'll need to offer enterprise SSO. |
The main difference between SaaS and consumer apps is that SaaS apps introduce an "organization" layer with its own access control policies. This is because an organization is a group of users who need structured access to resources.
Also, when you start selling to enterprises, clients often have their existing enterprise Identity Providers (IdP). Ensuring smooth integration with these IdPs is crucial for winning clients.
Multisided business (B2B2C)
The multisided platform business model connects different groups of users, acting as a middleman. It serves both consumer (B2C) and business (B2B) sectors. Examples include Uber, Airbnb, and various e-commerce platforms. For instance, consider a ride-sharing taxi app.
Identity architecture
| Logto Tenant | 1 |
| App | Driver app, Rider app, Management App |
| Organization | ✅ |
User management
| User management | ✅ |
| System role (to differentiate you are rider or driver) | ✅ |
| Organization-level RABC | ✅ |
Sign-in experience
| Passwordless | ✅ |
| Social sign in | ✅ |
| MFA | Potentially |
| App-level sign-in experience (branding) | Potentially |
Agencies that create unique products for various clients
If you're an agency or an IT consulting firm working with various clients to develop apps and manage user identity systems, each client's app will have its unique identity system. In this case, creating separate tenants for each is the best strategy.
Your primary job is to set up and manage multiple Logto tenants, with each one having its own isolated user identity system. The specifics of your work will depend on the product you're building. For managing multiple Logto tenants and for advanced support, reach out to Logto.
Integrate with other partnered applications (Logto as IdP)
You're creating a consumer app named App A, intended for sale to end users.
Meanwhile, App B and App C are designed as third-party apps or services that complement App A. They are offered as plugins in a package deal to your end users.
Users can log in to all three apps using the same account credentials.
Identity architecture
| Logto Tenant | 1 |
| App | App A, App B (3rd party), App C (3rd party) |
User management
| User management | ✅ |
| Role | ✅ |
Sign-in experience
| Passwordless | ✅ |
| Social sign in | ✅ |
| MFA | Potentially |
| Logto as IdP consent screen | ✅(OIDC, SAML, OAuth) |
Platform and marketplace product (Logto as IdP)
Imagine an app that's a headless CRM system and has already attracted many users. Now, third-party companies want to develop their own services using your app's API. They'll specify what permissions (scopes) they need from users.
This setup often leads to a marketplace and an open ecosystem with many integrations and plugins. Users can explore various apps built on this platform. These apps are managed by third parties, not by you, except the user identities.
Identity architecture
| Logto Tenant | 1 |
| App | Your first-party app and third-party apps |
| Organization | ✅ |
User management
| User management | ✅ |
| Organization-level RABC | ✅ |
Sign-in experience
| Passwordless | ✅ |
| Social sign in | ✅ |
| MFA | Potentially |
| Logto as IdP consent screen | ✅(OIDC, SAML, Oauth) |
Conclusion
Does your scenario match the model we described? Logto fully supports all the features mentioned. If you need something not listed, please contact us. We're here to discuss further and help you find the best solution.