B2B Identity Platform — Capability Overview

IDHub for Elevate

Everything Elevate needs from IDHub — organization management, authentication, entitlements, and self-service — mapped to your requirements and ready to explore.

🧪 Open Playground

Realm: b2b • OIDC + PKCE • LoginUI on port 3002

📊 Capability Coverage

8 Live

3 Ready

3 Planned

Live Demo — try it now in the playground Architecture Ready — designed & configured, pending full integration Planned — architecture designed, implementation scheduled

E1 Architecture Ready

Bulk Organization Import

Load 8,000+ organizations (pharmacies, hospitals, distributors) from SAP before user onboarding begins.

E2 Try It Now

Per-Org Corporate SSO

Organizations with their own IdP (Azure AD, Okta) get automatic redirect — users never see the default login form.

E3 Try It Now

First User Becomes Admin

First person to register at an org with no members is automatically promoted to organization administrator.

E4 Try It Now

Default Role Assignment

New members get a configurable default role upon joining, or can choose from available self-registrable roles.

E5 Try It Now

Realm-Level Role Templates

Roles defined once at realm level, inherited by all 8K+ organizations — no per-org role duplication.

E6 Try It Now

Multi-Module Access, Single Auth

One OIDC login → JWT with per-module permissions. Portal, Club Bayer, and My-Orders gated from one token.

E7 Architecture Ready

Attribute-Based App Access

Access to My-Orders requires billing/shipping address — determined by attributes, not just role.

E8 Planned

Organization Discovery

If email domain doesn't match, users can search for their org or request a new one to be created.

E9 Architecture Ready

Mandatory Member Attributes

Org-level mandatory attributes for ALL members (e.g., billing address), regardless of role.

E10 Planned

Approval Workflow Toggle

Enable/disable approval workflows realm-wide in bulk — no per-org configuration needed.

E11 Try It Now

Rule-Based Role Assignment

Automatic role assignment from attributes — e.g., businessType = "wholesaler" → wholesaler role with My-Orders access.

E12 Try It Now

Realm-Level Attribute Schemas

Member attribute definitions shared across all orgs — one change applies everywhere.

E13 Planned

Org-Level Settings Override

Specific organizations can override realm defaults (e.g., disable approval for VIP orgs).

E14 Try It Now

Custom Token Mappers

Per-client custom claims injected into JWTs at issuance — department, tags, computed values, and extra audiences — configured in MGM, evaluated server-side.

⚡ Quick Start

Test Accounts

Email	What Happens
`demo@yopmail.com`	Auto-join Munich Pharma (Gigya auth)
`demo@byom.de`	Multi-org selector — pick Acme Hospital or Berlin Med
`dr.mueller@berlin-med.de`	Corporate SSO via Keycloak, pw: `test1234`
`demo@hamburg-bio.de`	Auto-join Hamburg Biotech (Gigya auth)
`demo@gmail.com`	No org match — continue without organization

Service URLs

Service	URL
Elevate Simulator	localhost:3003
LoginUI (OIDC)	localhost:3002
MyAccount	localhost:3000
MGM App	localhost:3001 (localadmin / localadmin)
Keycloak Admin	localhost:8080/admin (admin / admin)