Showing posts with label B2B. Show all posts
Showing posts with label B2B. Show all posts

Sunday 3 October 2021

SaaS Onboarding & Payment Collection

Overview:  Selling a SaaS generally can be split into B2C and B2B.  Both SaaS models require the ability to onboard a customer and collect the payments for the service.  And to do this a website /Content Management System is need to allow the customer to trial, buy, purchase add-on and collect recurring revenue.

B2C SaaS (small to large):  You need "brochureware", web pages that show the service and allow the user to purchase.   As I generally sell SaaS software, and B2C is often 1 off or pay as you need, I'd recommend Shopify, there are add-ons for selling digital goods.  You can always use marketplaces like amazon or eBay also.  WooCommerce (integrates with WordPress), BigCommenrce, Magento, Wix, SquareSpace can be used for selling physical goods but need some thought and add-ons for digital goods.  All the options are not great at Monthly Recurring Revenue (MRR) e.g. Netflix, or ARR (annual, e.g. Grammarly, Blinkist) billing, or "pay as you consume" also referred to as "metered billing" or "pay-as-you-go pricing" (Uber, AWS, Twilio, Stripe, Azure, GCP) revenue models.  Pay-as-you-go pricing has variable costs but allows your to reduce the cost to your customer by only charging them for what they use.

Update 2022/06/24: Webflow is a great tool for semi web literate developers to build websites.  UI drag and drop experience.  In the Wix space but you drag vs choosing a template.  I've used it to generate clean semantically correct HTML/CSS to implement in a custom developed SPA solution.  Always consider Webflow, it has checkout and can easily integrate with Shopify and Zapier for simple workflows.  Has free SSL and you can host on their platform.  Priced per website but reasonable with various options.

There are plenty of add-ons but in the Shopify world it's bring in an add-on and a few moving pieces.  For a medium sized SaaS selling MMR solutions, the overhead of setting up and managing the processes is fairly steep.  As the business gets bigger, it's worth the integration or using a dedicated solution like ChargeBee.

B2B SaaS: Could use any revenue model but it is best if your product lends itself to subscription-based selling.  e.g. Office 365, Workday, Legal practice management software to manage clients and work for law firm.  For small SaaS startups selling digital services use a solution like ChargeBee (low end) or Paddle (top end).  You can use anything in-between and addons to get a solution but for the price, setup, expansion as a general rule ChargeBee is good:

  1. Recurly
  2. Chargify
  3. Zuora
  4. Chargify
  5. Stripe
  6. Billby (Good for startups)
  7. ChargeBee (Good for startups)
  8. Bill.com for Accounts payable and receivable.
In the UK, we need direct debits often setup, you can look at something like Bottomline PTX.  I also like recharge.

Privacy Management: OneTrust provides a good configurable SaaS service for cookies and privacy.  If not built into your CMS/platform, then OneTrust is an option.
Pay-as-you-go/metered billing:  You pay based on consumption of services you owed x for the last 30 days e.g. AWS, Azure.  I try to stay away from this model as it's normally difficult to understand and customers in SaaS as a general rule don't like complex unknown pricing models.

Traditional:  Basically, pay as you buy a license.  So you get a perpetual license.  Akin to physical shopping but for digital goods.  Shopify is perfect for this model with a digital download add-on.  E.g. bjjfanatics.com

SME SaaS Business Checklist:

  1. Where you you selling, physical vs virtual
  2. Subscription or 1 off payments (account maintenance), trials, upgrade, upsell and cross selling.  Autorenewals.
  3. Jurisdictions (Tax, VAT, shipping, currency)
  4. Cost (fees, what's included, percentage of sales, growth)
  5. Support (Tech touch, Low touch e.g. email vs 24 hrs phone support, is this subscription based)
  6. Retention (Churn, New, Length of time for customers, support churn warnings, unsubscribing).
  7. Does my billing/subscription allow me to sell on web, native mobile, marketplaces.
Methods to set the SaaS price:
  1. Value based pricing - set the price based on the value the customer saves/gets
  2. Cost plus pricing - your cost plus markup
  3. Competitor pricing - what our our competitors charging
  4. Art of adjustment pricing - set a price see how much demand, change price how does it affect demand, MRR and total expected revenue.
Metrics to capture in SaaS Sales:
  1. MRR
  2. ARR
  3. CLV (Customer lifetime value)
  4. Churn rate
  5. Cost of Customer Acquisition

Marketinghttps://sproutsocial.com/

Support:  It's important to minimize human support effort, automating as much as possible is key.  Bots, knowledge articles that are easy to find are awesome.  Coveo does a nice job of setup for community channels.

User tracking:  Google analytics is pretty good for getting stats.  I do like a new tool to me Pendo which is expensive but extremely powerful.  Pendo's main 2 features for me are user interaction/how they use the site, and providing help tips/Guides are html injected into applications.



Wednesday 22 May 2019

Azure B2C Authentication for SaaS applications

Overview:  This blog post looks at setting up multiple public federation services on an Azure based SaaS web application.  It is worth understanding that a Microsoft account (old passport accounts) is like a google account and not the same as an Organisational Account (Azure AD IT company (e.g. paul@mycompany.com) setup account.

AAD B2C Overview
1. Client using a browser, goes to a website URL
2. User receives a 302 HTTP response and is redirected to Azure's B2C (AAD and Azure B2C are separate services)
3. User is prompted to login (assuming they don't already have a valid token)
4. After the user is authenticated, they get a Valid token.
5. Using a valid token, the users sessions is established on the web site.

The diagram does not show the flow pass B2C, this shall use "Passive-claims base authentication" to select the users Identity Provider e.g. Google account.  Once the user has a google account authenticated, they are redirected back to the B2C service where the Google token is used to issue a B2C user token for the user.  And step 4 continues.

Azure Active Directory (AAD) also sometimes referred to as AAD B2C
Has two types of users, namely:
1. Members - these are internal company users from an organization e.g., paul.beck@mycompany.com
2. Guests - are external users from outside our company e.g., harry@jpmorgan.com
Tip: Native member users passwords are stored in your Azure B2C service.  Whereas, native guest users e.g. harry@jpmorgan.com, actually logs into JP Morgans AAD and our AAD tenant sees him as a guest and issues a SAML token from us based on JPMorgan's assertion that the user is valid on their AAD tenant.
Note:  A guest user can be made a member and a member user can be changed to be a guest user.  There is no good reason that I have come across for switching guests to members (maybe 2 companies merging) but it is possible if you need to do it.
AAD supports the  following protocols: WS-Federation, SAMLP, & OIDC & OAuth2.  WS-Fed and SAMLP are used but go for OIDC as the default.

AAD B2C Instance:
The diagram above show AAD B2C not B2C.  B2B is provisiong on you Azure tenant and is tied to your O365 instance.  B2C is a separate Azure service used fro managing customers identities.  So if I have a website and some mobile applications, offered an API to clients, I would use B2C not B2B for managing security.  You can connect multiple AAD B2C to your single B2C instance.  B2C basically allows you to connect to other Identity providers using SAML, OIDC, OAuth2 and WS-Fed.  B2C also has the option to use it's own local store if the user doesn't want to connect existing accounts.

If a user has a gmail account, B2C can create an object in the service, but the users password is still maintained by Google.   When accessing our applications, the user goes to the B2C service instance, and then is pushed onto their own IdP (Google in this example) , once they authenticate, they are redirected to the B2C servce, get another new B2C token and are redirected back to the app and shall have access.

Billing/Cost of AAD B2C Service:
B2C is base on Monthly Active Users (MAU), you can have 60k users in the B2C but only 20k of the users have actively logged in using the B2C service.  Dormant/unused accounts in a calendar moth are not counted.
Updated 30 Nov 2019: first 50k MAU's are free for single factor authentication.  It's very cheap per user after the initial 50k and get's cheaper the more you have per user i.e. 50k-100k are £0.0041 per user.  So if I have 61,000 users, the first 50,000 are free and I pay £0.0041 per MAU for the next 11,000 users, amounting to £45.10 for my additional 11k users.
Multi Factor Authentication (MFA) is billed at £0.023 per event (think event as each SMS attempt both successful or failed).  So if the users use MFA and each of the 20k MAU users do 3 MFA's per month on average, the first part is free and the MFA part will cost (20,000 users * 3 attempts * 0.023 per SMS) £1380 per month.  It's a bargain.


More Info:
Great Post from my ex colleague Deepak Srinivasan on Guest and Member AAD access
Understanding ADFS Authentication with SharePoint

Sunday 2 December 2018

O365 AAD - Federation B2B options

Problem: Using O365 as an Extranet.  A basic analysis before starting is a minimal requirement.  The existing Extranet will make a lot of the questions fairly easy to clarify.  You can cover this in tremendous detail but to avoid information paralysis, I recommend a decision maker, and preferably someone that already works on Extranet.  A committee is cool if you have the cash but it's so hard to guess at the future, my preference is to get the broad strokes right and amended once we are in the weeds.  These four points can be answered with the right people in a meeting or may take months for complex organisations especially if there is no clear leader to make decisions.

Consideration Point:
1. Who is using the Extranet?  Clients, partners, vendors, ..., or Client Users
2. How will Client and Company users authenticate? O365 options including ADFS, another federation service e.g. Ping, Passport/Live, Google, Facebook,...
3. Self-registration or known approved Client Users?  Try to figure out what the process for on-boarding your Client User will be.
4. Client User Profile Usage?  Will the client users amend content, have the ability to share permissions or old school, they will read web published pages (read-only).  Will client users have OneDrive, use teams, only SharePoint or other O365 applications.

2.> O365 authentication
The most basic option is to allow O365 to have client users (guests), as long as a user has an O365 account they can be a Client User.  You can also use any Microsoft account for a client user.
Azure has a service that allows for you to connect users as guests, the user shall use their own AAD or ADFS or any federation service including Google and Facebook to authenticate.  Microsoft allows 5 guest accounts on AAD for every 1 member (licence user).

4.> Client Usage Profiles
O365 can share a document anonymously in a link within an email.  Obviously, this means anyone can potentially access the file.  However, to replace attachment in an email and wide distribution this is a great step forward, as you can control versions and retract the access at any point.  Additionally, the link settings can be customised to control who can use the link.  For example, you can set the specific people who get the link or you could specify only internal people get the link.  Once it is set to "Anyone" the email or link can be forwarded and literally anyone can get access.

Governance:  Manage O365 to apply the businesses rules so users comply with governance.  O365 has an easy straight forward configuration to make this happen.  When configuring sharing governance you need to ensure it is done at the O365, SharePoint Admin and Site Admin levels.  If 1 of these says no external sharing you can't share so it is a fairly granular approach.  This allows Extranet and Intranet to live on the same O365 tenant.

Licensing: As a general rule, there tends to be no cost for External users, as 5 client Users for every internal O365 user is allowed for the O365 extranet scenario.  Check with Microsoft as business scenarios play out differently.

Thoughts:

  • O365 uses Azure Active Directory (B2C), there is a 1-to-1 relationship between your tenant AAD and you O365 instance.
  • External accounts can be connect as guests e.g. Another AAD tenant, Micsrosoft accounts (passport), ADFS or any auth provider (SAML), Facebook, Google+, AAD B2C (separate service from AAD).  There is also a One Time Passcode option.