{"section":"tutorials","requestedLocale":"en","requestedSlug":"configuring-authentication-methods-by-organizational-unit","locale":"en","slug":"configuring-authentication-methods-by-organizational-unit","path":"docs/en/tutorials/b2b/organization-account/configuring-authentication-methods-by-organizational-unit.md","branch":"main","content":"> ⚠️ This feature is only available for stores using the [B2B Buyer Portal](https://help.vtex.com/en/docs/tutorials/b2b-buyer-portal), which is currently available for selected accounts.\n\nIn B2B, each organizational unit can have its own authentication settings. This allows different branches or divisions within the same organization to use different login methods based on their needs.\n\n## Available settings\n\nAuthentication settings are divided into two main groups: **User identification** and **Authentication methods**. Each group can enable one or more options, depending on the organization's needs.\n\n### User identification\n\nDefines the identifiers the user can enter when starting the login (username, email, or both).\n\n| Identifier | Description |\n| - | - |\n| **Username** | The user enters their username during login. |\n| **Email** | The user provides their email address to start the login process. |\n\n### Authentication methods\n\nDefines how the user will be authenticated after identification (by password, external identity provider, or both).\n\n| Method | Description |\n| - | - |\n| **Password** | The user is authenticated with a password registered on the VTEX platform. |\n| **External IdP (SSO)** | The user is redirected to an external identity provider configured by the store admin for authentication via Single Sign-On. Learn more in [Enabling login for the organization via external identity provider (IdP)](https://help.vtex.com/en/docs/tutorials/enable-login-for-the-organization-via-an-external-identity-provider-idp). |\n\nYou can enable one or more options in each group. Disabled options are unavailable to members of the organizational unit.\n\n## Prerequisites\n\n- Have the **Organizational Unit Admin** role in the buyer organization.\n- To enable login via an external IdP, the store admin must have previously configured the identity provider in the VTEX Admin. Learn more at [Login (SSO)](https://developers.vtex.com/docs/guides/login-integration-guide) and [Webstore (OAuth 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-webstore-oauth2).\n- Have the app [vtex.login-alternative-key](https://developers.vtex.com/docs/apps/vtex.login-alternative-key) installed in the store.\n\n## Configuring authentication methods in the organization account\n\nTo configure authentication methods directly from the [organization account home screen](https://help.vtex.com/en/docs/tutorials/organization-account#accessing-the-organization-account), follow the steps below:\n\n1. Go to the store using a browser and log in with your user account.\n2. In the top menu, click **Company**. The organization dashboard will be displayed.\n3. Click **Manage**.\n4. If you want to configure the main organization's methods, proceed to step 5. If you want to configure a child organizational unit, click **Organizational Units** and then the name of the unit.\n5. Click the **⋮** menu and then **Authentication**.\n6. In the **Authentication** modal, configure the desired options:\n\n   - In **User identification**, check the identifiers that members can use to start the login (**username**, **email**, or both).\n   - In **Authentication methods**, check the available authentication methods (**password**, **external IdP**, or both). Uncheck any that shouldn't be available.\n7. Click **Save**.\n\n## Configuring authentication methods via API\n\nYou can also manage authentication methods by organizational unit via API. The available endpoints are:\n\n| Method | Endpoint | Description |\n| - | - | - |\n| `GET` | [Get organization unit authentication settings](https://developers.vtex.com/docs/api-reference/vtex-id-api#get-/api/vtexid/organization-units/-unitId-/settings) | Checks the authentication methods configured for an organizational unit. |\n| `POST` | [Set organization unit authentication settings](https://developers.vtex.com/docs/api-reference/vtex-id-api#post-/api/vtexid/organization-units/-unitId-/settings) | Defines the authentication methods for an organizational unit. |\n| `PATCH`  | [Update organization unit authentication settings](https://developers.vtex.com/docs/api-reference/vtex-id-api#patch-/api/vtexid/organization-units/-unitId-/settings) | Partially updates the authentication methods of an organizational unit. |\n| `DELETE` | [Delete organization unit authentication setting](https://developers.vtex.com/docs/api-reference/vtex-id-api#delete-/api/vtexid/organization-units/-unitId-/settings) | Deletes an authentication method from an organizational unit. |\n\n## Learn more\n\n- [Enabling login for the organization via external identity provider (IdP)](https://help.vtex.com/en/docs/tutorials/enable-login-for-the-organization-via-an-external-identity-provider-idp)\n- [Login (SSO)](https://developers.vtex.com/docs/guides/login-integration-guide)\n- [Webstore (OAuth 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-webstore-oauth2)"}