Product led business selling subscriptions to organizations

This applies if you are an organization that drives growth primarily through the value and usability of your product, rather than relying heavily on sales teams. In this model:

The digital product (e.g., software, platform, or tool) is designed to be intuitive and self-serve, allowing users to experience value quickly—often through a free plan or trial.
The target customers are organizations (B2B), whose teams or individuals can sign up on their own, explore the product, and adopt it without needing to engage with a sales rep.
Customer organizations can also manage their own subscription—including upgrades, downgrades, or cancellations.

This model is especially common in SaaS businesses, collaboration tools, analytics platforms, and developer-first products.

Set up your application on Veriam

Steps to configure application on Veriam

Before you can integrate your application with Veriam, you need to register it in the Veriam app. This allows Veriam to:

Know where to redirect users after they sign up or authenticate
Generate the Client ID and Client Secret required for secure integration
Provide you with a signup URL to direct users into your Veriam-powered onboarding flow

Steps:

Log In to the Veriam App
In the sidebar, navigate to "Applications".
Click 'Add application'
Enter basic application details
- Application name: This is for your internal reference.
- Description: Provide context about what this app does.
Select application type - choose the option that best represents your application.
Provide the Application URL
Note: This is only used for internal configuration—it will not be shown to end users.
Configure Redirect URLs
- On the "Connection configuration" tab.
- Add at least one Redirect URL. This is where Veriam will send users after signup or login is complete.
- If you add multiple Redirect URLs, ensure that your authentication request specifies which one to use.
Save the Application
Copy Your Credentials
- After saving, a popup will display your Client Secret.
  ⚠️ Important: Copy this immediately—you will not be able to view it again.
- After closing the popup, your Client ID will also be visible on the application detail page.
- Also note the Veriam OpenID Connect Discovery URL (provided in our integration docs).
Add to Your Application Configuration In your app's authentication setup you will need the following from the app setup:
- The Client ID
- The Client Secret
- The Discovery URL
- The Redirect URL(s)
- Sign up URL

Create a plan with access settings

Simple access control: Grant access with an active subscription only

If your application does not require fine-grained access control—meaning all users with an active subscription should have full access, and there's no need to define custom roles, permissions, or conditional logic—Veriam offers a simple way to set this up.

When to Use This

Use this approach if:

All subscribers should have equal access to your application
You don’t need role-based or permission-based restrictions
You want a quick and straightforward setup

How to Set It Up

Create a New Plan In the Veriam dashboard, go to the Plans section and create a new plan. Detailed steps here
Add Pricing Details Define the pricing structure for your plan.
Add Legal Terms Include any terms of use, privacy policy, or other legal content applicable to the plan. Detailed steps here
Add Access Create a policy with an 'Allow' outcome or, the easier option is to:
Save the Plan When you save the plan without any access added, a prompt will appear asking if you'd like to create a default policy as you have not added any access yet.
Accept the Default Policy Click "Yes" to add a default allow policy. This will grant access to all users subscribed to the plan without requiring any roles or permissions.

What This Means

A single, generic allow policy is automatically attached to the plan.
All users with an active subscription to the plan will be authorized to access your application.
No additional setup is required—this is the fastest way to go live with access control.

Advanced access control: Restrict user access based on plan subscriptions

If you'd like to control what users can access in your application based on the plan they are subscribed to, the recommended approach is to use policies with permissions. This makes it simple to manage access levels across different subscription tiers.

How It Works

When a user logs into your application, Veriam checks whether they have an active subscription that includes a policy with an allow outcome. If so, the login is successful and Veriam returns the associated policy, including the relevant permissions.

Your application should then enforce access controls using those permissions—only allowing users to access features or content they’re entitled to.

Benefits

Centralized access control through Veriam
Scales easily as you add more plans or permissions
Keeps sensitive features behind correct paywalls

Example: Offering Tiered Course Access

Let’s say your platform offers two business courses:

Time Management (available to all users)
Leadership (available only to advanced users)

You want to offer:

A Basic Plan that grants access to just the Time Management course.
An Advanced Plan that includes both courses.

Here's how you’d set this up:

1. Define Permissions

time_management_course
leadership_course

2. Create Policies

Basic Plan Policy:
- Outcome: allow
- Permissions: time_management_course
Advanced Plan Policy:
- Outcome: allow
- Permissions: time_management_course, leadership_course
- Detailed steps on creating policies with permissions here.

3. Set Up Plans

Create a Basic Plan and assign it the Basic Plan Policy.
Create an Advanced Plan and assign it the Advanced Plan Policy.
Add pricing and legal terms as needed.
Detailed steps for creating plans here
Detailed steps for creating and adding legal terms here

4. Enforce Access in Your App

In your application code, use the returned permissions to determine what the user can access. For example:

jsCopyEditif (user.permissions.includes('leadership_course')) {
  // show leadership course
}

Advanced access control: Enable role-based access for your customers' users

You can give your customers the ability to assign roles to their users—controlling who can view or manage specific features.

This is achieved by creating roles, optionally linked to permissions, and adding them as optional access to your plans.

How It Works

Each plan includes a default role that every user receives by default when subscribed.
You can also define optional roles (such as admin or editor) that customer organization admins can assign to specific users within their team.
When a user logs in, Veriam will return:
- The assigned role(s)
- Any associated permissions (if configured)
Your application can then enforce what each user can see or do based on these roles and permissions.

Benefits

Supports complex team access setups
Keeps roles and permissions flexible and customer-managed
Reduces hardcoded logic in your app for role management

Example: Viewer, Editor, and Admin Roles

Suppose you offer a collaboration tool where different users need different levels of access.

Here’s how you could configure this:

1. Create Roles

viewer: Default role with read-only access.
editor: Optional role with content editing permissions.
admin: Optional role with user and settings management permissions.
Detailed steps here

2. Link Permissions (Optional)

You can associate permissions like:

edit_content (linked to editor)
manage_users (linked to admin)
Detailed steps here

3. Configure the Plan

Set viewer as the default access for the plan.
Add editor and admin as optional roles.
Add pricing and legal terms as needed.
Detailed steps for creating plans here

Detailed steps for creating and adding legal terms here

4. Let Customers Assign Roles

Your customer’s organization admin can assign these optional roles to users in their team.

5. Enforce Roles in Your App

When users log in, you’ll receive their role and any linked permissions. Use this to control access:

jsCopyEditif (user.role === 'admin') {
  // show user management features
}
if (user.permissions.includes('edit_content')) {
  // enable editing capabilities
}

Add branding settings

Steps to add branding settings

Veriam allows you to personalize your hosted pages with your own logo and brand color. This ensures that your brand is front and center throughout the customer experience - from signup to checkout - helping customers recognize and trust your service.

Where Your Branding Appears

Once set, your branding will appear on the following Veriam-hosted pages:

Signup, login, and onboarding flows
Veriam hosted pricing page
Checkout screens
Invoices generated on your behalf

If you do not configure your branding, the default Veriam branding (logo and colors) will be used alongside your provider name.

Steps:

Open the Veriam App Log in to your Veriam account.
Navigate to Branding Settings Go to the Advanced menu and select Branding Settings.
Upload Your Logo Click Edit, then upload your logo in .png or .jpg format.
Set Your Brand Color Enter your primary brand color using a HEX code (e.g. #1A73E8) or RBG (e.g. 40, 161, 35 ) or selecting from the colour picker.
Save Your Changes Once you're done, save the settings to apply your branding instantly.

Tips

Use a high-resolution logo for best results.
Choose a color that contrasts well with white or dark backgrounds for readability.
You can update these settings anytime.

Enable pricing page

Steps to set up your pricing page

For businesses using Veriam, a hosted pricing page can be enabled and easily configured to convey the different subscriptions plans available to customers.

A pricing page is a publicly accessible page where potential customers can review available subscription plans, their features, and their costs. It serves as a key conversion point, helping businesses communicate the value of their offerings.

Navigate to Advanced > Subscriptions > Pricing Page.
Enable the Veriam-hosted pricing page.
Select and add the plans you want customers to choose from.
Save your changes.
Preview the pricing page to ensure it displays correctly.

Integrate your application with Veriam

Steps to connect your application to Veriam

To connect your application with Veriam, you can use the standard OpenID Connect (OIDC) protocol for authentication and user identity management.

Alternatively, if you prefer to handle integration directly in your codebase, you can use our official TypeScript SDK. The SDK provides simple, ready-to-use methods to authenticate users, retrieve identity information, and enforce access—all without needing to manage the full OIDC flow yourself.

Configure Veriam Credentials in Your Application

To begin, you’ll need the following details from your Veriam application configuration:

Setting

Description

Client ID

Retrieved from the Connection Configuration tab under your registered application in Veriam.

Client Secret

Provided immediately after you create the application. You can also generate a new one later if needed.

OIDC Discovery URL

Available on your application detail page.

Note: If you generate a new Client Secret, the old one will still remain active unless you explicitly delete it.

Using Typescript SDK

Use our official TypeScript SDK here @veriam/ts to easily connect your application with Veriam.

Using OpenID Connect:

Handle Authentication (Single Page Application Example)

Veriam supports integration via the industry-standard OpenID Connect (OIDC) protocol, enabling secure authentication and identity management for your users. OIDC builds on OAuth 2.0 to provide a federated login flow along with user profile data, making it ideal for modern web apps.

Below is a breakdown for integrating with Veriam using OIDC in a Single Page Application (SPA) context:

a. Install the Client

bashCopyEditnpm install oidc-client-ts

This library (oidc-client-ts) provides a high-level abstraction over the OIDC protocol. It handles complex flows like Authorization Code with PKCE, token renewal, storage, and redirection automatically.

📘 Note: oidc-client-ts is the modern TypeScript rewrite of the original oidc-client library and is actively maintained.

b. Configure the OIDC Client

tsCopyEditimport { UserManager, WebStorageStateStore } from "oidc-client-ts";

const settings = {
  userStore: new WebStorageStateStore({ store: window.localStorage }),
  authority: "https://idp.myveriam.com", // Veriam OIDC provider URL
  client_id: "YOUR_CLIENT_ID",
  redirect_uri: "YOUR_CALLBACK_URL",
  post_logout_redirect_uri: "YOUR_POST_LOGOUT_URL",
  response_type: "code",
  scope: "openid email profile",
  automaticSilentRenew: true,
};

const userManager = new UserManager(settings);

Explanation of Key Settings:

authority: The URL of Veriam’s OIDC-compliant identity provider. It hosts the .well-known/openid-configuration for discovery.
client_id: Issued by Veriam when you register your app. Used to identify the client.
redirect_uri: The callback URL to which the IDP will redirect after authentication.
post_logout_redirect_uri: Where users are taken after logging out.
response_type: "code": Uses Authorization Code Flow (recommended for SPAs with PKCE for security).
scope: Defines what information your app will receive. openid is required for OIDC. email, profile are optional standard claims.
automaticSilentRenew: Ensures the user stays logged in by renewing the session silently (without user interaction), reducing session expiration issues.

c. Trigger Login

tsCopyEdituserManager.signinRedirect().then();

What It Does: Redirects the user to Veriam’s login page using the OIDC Authorization Code flow.

Why: OIDC relies on the browser redirect model for SPAs. The user authenticates with Veriam, and is redirected back to your app with an authorization code.

🔐 Ensure your redirect_uri matches what you've configured in your Veriam app settings—case-sensitive and fully qualified.

d. Trigger Logout

tsCopyEdituserManager.signoutRedirect().then();

What It Does: Logs the user out from both your application and the Veriam identity provider.

Why: OIDC supports RP-Initiated Logout, ensuring a complete sign-out experience.

🔁 Consider adding a redirect or message after logout to improve UX.

e. Retrieve Authenticated User Info

tsCopyEditimport { User } from "oidc-client-ts";

userManager.getUser().then((user: User) => {
  // Access user profile details via user.profile
});

What It Does: Returns the currently logged-in user's session and profile data, if available.

Why: This allows you to extract information like email, name, and custom claims (if any), to personalize your UI or control access.

🧪 This is useful for conditionally rendering routes or verifying session state on page load.

f. Direct to Signup (Optional)

To direct users specifically to the signup flow:

tsCopyEdituserManager.signinRedirect({
  extraQueryParams: {
    screen_hint: "signup",
  },
}).then();

What It Does: Instructs Veriam’s login page to present the signup form instead of login.

Why: This helps you streamline onboarding by linking directly to a registration experience.

✉️ Use this in welcome emails, marketing CTAs, or "Sign Up" buttons.

3. Next Steps

Redirect URL Configuration: Make sure the redirect_uri used in your code is registered in the Veriam dashboard. Otherwise, login will fail due to a security mismatch.
Secure Client Credentials: Store your Client ID and Client Secret securely. For SPAs, avoid exposing secrets; instead, use PKCE (handled automatically by most OIDC libraries).
Signup Entry Point: Use the signup URL generated from your Veriam application config to onboard new users.

Next Steps

Customer journey

Once you are live with the above setup, your customers will be able to sign up and subscribe to one of your plans on the pricing page self service. More details here

Managing subscriptions

As the provider you can manage all subscriptions from Veriam. Details here

And, your customers have the ability to self service manage their subscriptions with you on Veriam too. Details here

PreviousSetup Guides NextSales led business selling digital product to organizations

Last updated 21 hours ago

Was this helpful?