The seller administrators use the Account Management service to create and manage corporate accounts and sub-accounts for buyer organizations and the entities within the buyer organization. The following diagram demonstrates the workflow for the buyer and seller within Account Management service:
Elastic Path Account Management service uses the open source identity and access management solution, Keycloak, for user authentication. Each user is authenticated with Keycloak when logged in to Account Management service. For more information, see the Keycloak documentation page.
Elastic Path Account Management APIs provide resources for managing accounts and sub-accounts within the buyer organizations. You can access the REST endpoint for the Elastic Path Account Management user interface, store fronts, and touch points.
The merchandisers use Elastic Path Commerce Manager to configure store catalogs, pricing, and other store configurations required for each account. Each account in a buyer organization might have specific pricing depending on contract agreements, initial negotiations, or initial terms and conditions.Â
Seller Administrator Workflow
The seller administrators adds accounts and sub-accounts as in the following workflow:
- The seller administrators logs in to the Account Management user interface with the credentials.
- The seller administrator is redirected to the Keycloak identity provider for authentication.
- Browser is redirected back to the Account Management user interface with authentication code if authentication is successful. An error code or message is returned if authentication fails.
- The Account Management user interface calls the Account Management APIs to create an account for the buyer organization or to add associates as required. All other accounts and sub-accounts for various entities within the buyer organization are created within this account.
- The Account Management API queries database to get the details of the existing accounts or to add the new account configuration.
- Account Management service uses customer segments to provide account-specific pricing for associates shopping on behalf of an account. For more information about account specific pricing configuration, see the Pricing documentation.
Buyer Associate Shopping Workflow
Only a buyer associate can shop on behalf of an account in B2B commerce. For more information about various user roles, see the Roles and Permissions section. The following workflow provides list of activities in an associate shopping workflow:
The buyer associate clicks the login button in the storefront user interface.
The browser is redirected to the Keycloak identity provider to enter the credentials.
Keycloak authenticates the user credentials and generates an authentication code.
The browser is redirected to the storefront with an authentication code to create a user session on successful authentication.
An error code or message is returned if authentication fails.
Each user requires a valid session with the Account Management API to generate authenticated requests. The user session might be used to make further authentication requests to the Account Management API, such as querying or selecting accounts to shop for.
For an associate to perform actions on behalf of an account in a B2B store, the storefront requires a JSON Web Token from the Account Management API. This token is used to access the B2B store. For the authentication requests to a B2B store, the JSON Web Token must be added to the authorization header in the form of
bearer <TOKEN>. For example,
bearer ABC123. After adding the token, the associates can perform commerce transactions on the storefront on behalf of an account.
Buyer Organization Configuration Workflow
A buyer organization administrator can manage the account hierarchy of the organization to shop on the seller organization storefront.
The following diagram illustrates the structure of an organization and the distribution of accounts and sub-accounts within it:
- The seller administrator creates the accounts and sub-accounts and assigns associates authorized to shop for a specific account.
- An organization might have an associate or multiple associates authorized to shop for a specific account. For each buyer organization, a list of associates is provided by the organization. The seller administrator uses this list to assign an associate to an an account depending on the requirement.
- Each account in Account Management service has a list of associates assigned to the account.
- For example, when the seller administrator adds an associate, associate_123 to the account 1 in Buyer Organization 2, the Account Management service adds the associate to the associate list of Buyer Organization 2.
- Seller organization with multiple stores have separate Account Management configuration for each store.