Auth is table stakes. Buyers expect email login, password reset and sensible session expiry. B2B buyers also expect invites and role separation.
Pick managed auth (Clerk, Auth0, Supabase Auth) when speed matters. Roll your own only when compliance or pricing forces it and you budget time for edge cases.
Flows you must ship
- Sign up, sign in, sign out.
- Email verification or magic link.
- Password reset.
- Invite teammate (B2B).
- Optional: Google or Microsoft OAuth for enterprise buyers.
Sessions vs JWTs
Server-side sessions in HTTP-only cookies are simpler to revoke and debug for most MVPs.
JWT access tokens shine for mobile or third-party API consumers. Add them when you have those clients, not before.
Roles in version one
Owner, admin, member is enough for most B2B SaaS. Customer-facing portals may need a separate user type with narrower permissions. See our RBAC guide.
Use this as a working checklist inside your team first. When the same steps repeat every week and spreadsheets start breaking, that is usually the moment to scope the smallest reliable integration that removes repeated copy-paste from a core workflow as an owned system. See the relevant Standen service · More guides · SaaS ops audit.