Merge pull request wso2#4564 from divyaamunugama/api-auth

Added images to API auth docs in Asgardeo

en/includes/guides/organization-management/api-authorization-for-b2b.md

@@ -4,7 +4,7 @@
 API resources are created and authorized for applications on the organization (root). If the application consuming the API resources is shared with the organization, all application-specific configurations of API resources are inherited by the organization.
 
 {% if product_name == "Asgardeo" %}
-![The relationship between terms]({{base_path}}/assets/img/guides/api-authorization/b2b-api-authorization.png){: width="700" style="display: block; margin: 0;"}
+![The relationship between terms]({{base_path}}/assets/img/guides/authorization/api-authorization/b2b-api-authorization.png){: width="700" style="display: block; margin: 0;"}
 {% else %}
 ![The relationship between terms]({{base_path}}/assets/img/guides/authorization/api-authorization/b2b-api-authorization.png){: width="700" style="display: block; margin: 0;"}
 {% endif %}
@@ -16,17 +16,17 @@ You need to configure your API resources on the organization (root)
 2. [Authorize the API resource to an app]({{base_path}}/guides/api-authorization/#authorize-the-api-resources-for-an-app)
 3. [Create roles and associate to application]({{base_path}}/guides/api-authorization/#associate-roles-to-the-application)
 
-Organizations have the roles associated with their shared applications. Shared roles of organizations inherit the permission assignment to the role from the organization (root).
+Organizations have roles associated with their shared applications. Shared roles of organizations inherit the permission assignment to the role from the organization (root).
 
 !!! note "Roles of an organization"
-    The shared roles in organizations will inherit the permission to role assignments from the organization (root). 
+    The shared roles in organizations will inherit the permission to role assignments from the organization (root).
     Users and group assignment to the roles should be done separately for the organization, as the organization does not inherit the users or groups from the organization (root).
     {% if product_name == "Asgardeo" %}
-    ![Roles inherited from the organization (root)]({{base_path}}/assets/img/guides/api-authorization/b2b-inherited-roles.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+    ![Roles inherited from the organization (root)]({{base_path}}/assets/img/guides/authorization/api-authorization/b2b-inherited-roles.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
     {% else %}
     ![Roles inherited from the organization (root)]({{base_path}}/assets/img/guides/authorization/api-authorization/b2b-inherited-roles.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
     {% endif %}
-    Organization administrators cannot create new roles, modify name or permissions of the shared roles, or delete the shared roles, but you can assign these roles to your organization users and groups.
+    Organization administrators cannot create new roles, modify the name or permissions of the shared roles, or delete the shared roles, but you can assign these roles to your organization users and groups.
 
 ## Assign organization users to roles
 To assign roles to users of the organization:
@@ -36,16 +36,17 @@ To assign roles to users of the organization:
 3. Select the role you wish to assign to a user and click **Edit**.
 4. Go to Users and click **Assign Users**.
 5. Select the user who should be assigned to the selected role.
-6. Click **Update** to complete the role to user assignment.
+6. Click **Update** to complete the role-to-user assignment.
 
 ## Assign organization groups to roles
 
 Organizations maintain the following types of groups, and you can assign your application roles to any of these groups.
 
 - [Groups](#assign-user-groups-to-roles) - A collection of organization users.
-- [Federated IdP Groups](#assign-federated-idp-groups-to-roles) - These groups are federated from connections on the organization. For example, groups federated from the Google connection.
+- [Federated IdP Groups](#assign-federated-idp-groups-to-roles) - These groups are federated from connections in the organization. For example, groups federated from the Google connection.
 
 ### Assign user groups to roles
+
 To assign roles to user groups of the organization:
 
 1. On the {{ product_name }} Console, [switch to the organization]({{base_path}}/guides/organization-management/manage-organizations/#switch-between-organizations).
@@ -56,7 +57,7 @@ To assign roles to user groups of the organization:
 6. Click **Update** to complete the role to group assignment.
 
 ### Assign federated IdP groups to roles
-To assign roles to federated IdP Groups:
+To assign roles to federated IdP groups:
 
 !!! note "Before you begin"
     To get started,
@@ -82,20 +83,20 @@ To request scopes for the user:
 
 1. Add the new scopes to the `APIScope` parameter of the `config.js` file of the sample application. You need to request these new scopes in addition to the OIDC scopes of your application.
 
-   To get the scopes:
+    To get the scopes:
 
-   1. On the {{ product_name }} Console, log in to the organization(root).
-   2. Go to **Applications** and select your application.
-   3. Copy the scopes listed at the end of the **API Authorization** section
+    1. On the {{ product_name }} Console, log in to the organization(root).
+    2. Go to **Applications** and select your application.
+    3. Copy the scopes listed at the end of the **API Authorization** section
 
-      {% if product_name == "Asgardeo" %}
-      ![Additional scopes to access the API resource]({{base_path}}/assets/img/guides/api-authorization/additional-scopes.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-      {% else %}
-      ![Additional scopes to access the API resource]({{base_path}}/assets/img/guides/authorization/api-authorization/additional-scopes.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-      {% endif %}
+        {% if product_name == "Asgardeo" %}
+        ![Additional scopes to access the API resource]({{base_path}}/assets/img/guides/authorization/api-authorization/additional-scopes.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+        {% else %}
+        ![Additional scopes to access the API resource]({{base_path}}/assets/img/guides/authorization/api-authorization/additional-scopes.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+        {% endif %}
 
     !!! tip
-            When you add scopes to the configuration file, add them as comma-separated values.
+        When you add scopes to the configuration file, add them as comma-separated values.
 
 2. Access the application URL.
 3. Try to log in as a user with a group and permission to access the API resource.
@@ -106,4 +107,4 @@ To request scopes for the user:
 4. You will be able to see the assigned permissions on the `allowedScopes` parameter of the authentication response.
 
 !!! note "If you are switching organizations"
-    If the user switches the organization to another organization, the scopes will be updated according to the roles assigned to the user in the switched organization.
+    If the user switches organization to another organization, the scopes will be updated according to the roles assigned to the user in the switched organization.

en/includes/guides/organization-management/email-domain-based-organization-discovery.md

@@ -26,7 +26,7 @@ and user Bob and Ben, with emails `[email protected]` and `[email protected]` should be
 
 ### Using the Console
 
-1. Login to the organization (root) from the {{ product_name }} Console. 
+1. Login to the organization (root) from the {{ product_name }} Console.
 2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Email Domain Discovery** under **Organization Settings**.
 3. Turn on the toggle to enable email domain based organization discovery.
 
@@ -69,18 +69,18 @@ You need to:
     ![Assign Email Domain]({{base_path}}/assets/img/guides/organization/manage-organizations/assign-email-domains.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 4. Select the organization you want to claim an email domain from the dropdown under **Organization Name**.
-5. Type the email domain you want to claim for the selected organization under **Email Domains** and press enter. Here you can add one or more email domains. 
+5. Type the email domain you want to claim for the selected organization under **Email Domains** and press enter. Here you can add one or more email domains.
 
     ![Assign Email Domain for Best Car Mart]({{base_path}}/assets/img/guides/organization/manage-organizations/assign-email-domains-bestcarmart.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 6. Click **Assign**.
 
 !!! note
     - If the organization has any email domain mapping:
-        During the onboarding process of a user to an organization, the user's username (which is an email) undergoes a check against the assigned email domains of that organization. 
+        During the onboarding process of a user to an organization, the user's username (which is an email) undergoes a check against the assigned email domains of that organization.
         If there's a match, the user is successfully onboarded to the organization. However, if there is no match, the user onboarding process will fail.
-    - While the organization (root) have enabled email domain based organization discovery, it is not compulsory to configure an email domain mapping for every organization in the hierarchy. 
-        If an organization doesn't have an email domain mapping, the user onboarded to that organization can have any email domain other than email domains of organizations in the hierarchy.
+    - While the organization (root) has enabled email domain based organization discovery, it is not compulsory to configure an email domain mapping for every organization in the hierarchy.
+        If an organization doesn't have an email domain mapping, the user onboarded to that organization can have any email domain other than the email domains of organizations in the hierarchy.
 
 ### Using the API
 
@@ -142,7 +142,7 @@ You need to:
         ]
     }'
     ```
-   
+
 ## Try it out
 
 1. Set up the `Guardio-Business-App` as a [B2B application]({{base_path}}/guides/organization-management/try-a-b2b-use-case/#set-up-the-applications).
@@ -154,8 +154,8 @@ You need to:
     - Email Domain: `bcmart.com`
 
 4. [Switch]({{base_path}}/guides/organization-management/manage-organizations/#switch-between-organizations) to the `Best Car Mart` organization on the {{ product_name }} Console.
- 
-5. Onboard a new user to `Best Car Mart` organization with following information. You can either set a password for the user or invite user to set the password.
+
+5. Onboard a new user to the `Best Car Mart` organization with the following information. You can either set a password for the user or invite the user to set the password.
     <table>
         <tr>
             <th>Username and Email</th>
@@ -176,11 +176,11 @@ You need to:
         </td>
         </tr>
     </table>
-   
+
 6. Try to log in to the `Guardio-Business-App` by selecting `Sign In With SSO`.
 
-7. Input the username (which is an email) of `Alice` in `Best Car Mart` organization.
-   
+7. Input the email address associated with the username for "Alice" within the "Best Car Mart" organization.
+
     ![Email input for SSO login]({{base_path}}/assets/img/guides/organization/manage-organizations/email-input-for-sso-login.png){: width="500" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 8. After resolving the organization from the email, Alice will be redirected to the authentication option of `Best Car Mart`.

en/includes/guides/organization-management/manage-b2b-administration.md

@@ -53,7 +53,7 @@ Explore the [organization APIs]({{base_path}}/apis/organization-apis/) of {{ pro
 
 ## Use Console as the administration portal of organizations
 
-You can use the {{ product_name }} Console as the administration portal of your B2B application. 
+You can use the {{ product_name }} Console as the administration portal of your B2B application.
 Each customer/partner organization can access their space in the {{ product_name }} Console by accessing the URL `https://<hostname>:<port>/t/<root organization name>/o/<organization id>/console`.
 
 ### How to copy the URL of the organization space in the {{ product_name }} Console
@@ -72,7 +72,7 @@ However, the following limitations apply when using the {{ product_name }} Conso
 
 1. The {{ product_name }} Console is a generic administration portal that is not tailored to the specific needs of your B2B application. You cannot customize the given feature set for different organizations.
 2. The branding configured in your B2B vendor organization or the overridden branding customizations of each customer/partner organization is not reflected in the {{ product_name }} Console portal.
-3. Even if the customer/partner organization change the login flow of the B2B business application, the organization level {{ product_name }} Console login flow will remain the same. 
+3. Even if the customer/partner organization change the login flow of the B2B business application, the organization level {{ product_name }} Console login flow will remain the same.
 If the organization level Console login flow needs to be customized, navigate to the **Login Flow** tab of **Console Settings** in the organization space and configure as required.
 4. The Console application is managed via roles defined specifically for the {{ product_name }} Console application. Therefore, the roles of the {{ product_name }} Console are not directly linked to the roles of your B2B application.
 As the B2B SaaS provider, you need to manage the roles of your B2B application separately.