Address review comments.

wso2 · Dec 10, 2024 · 8d1e3e2 · 8d1e3e2
1 parent 5e9d7df
commit 8d1e3e2
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 16 deletions.
diff --git a/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png b/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png
diff --git a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml
@@ -197,22 +197,24 @@ components:
         properties:
           type: array
           items:
-            type: object
-            required:
-              - key
-              - value
-            properties:
-              key:
-                type: string
-                example: emailDomain.enable
-              value:
-                type: string
-                example: true
+            $ref: '#/components/schemas/Properties'
           example:
-            - key: emailDomain.enable
-              value: true
-            - key: emailDomainBasedSelfSignup.enable
-              value: false
+          - key: emailDomain.enable
+            value: true
+          - key: emailDomainBasedSelfSignup.enable
+            value: false
+    Properties:
+      required:
+        - key
+        - value
+      type: object
+      properties:
+        key:
+          type: string
+          example: emailDomain.enable
+        value:
+          type: string
+          example: true
   responses:
     BadRequest:
       description: Invalid input in the request.

diff --git a/...des/guides/organization-management/email-domain-based-organization-discovery.md b/...des/guides/organization-management/email-domain-based-organization-discovery.md
@@ -29,7 +29,22 @@ and user Bob and Ben, with emails `[email protected]` and `[email protected]` should be
 1. Login to the organization (root) from the {{ product_name }} Console.
 2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Organization Discovery** under **Organization Settings**.
 3. Turn on the toggle to enable email domain based organization discovery.
-4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in sub-organizations based on their email domain.
+
+    !!! note
+        When this is enabled, following restrctions will apply to child organizations during federated authentication and user onboarding.
+
+        - Users can self-register, and administrators can onboard users to child organizations, only if the users' email domains match the domains mapped to the corresponding child organization.
+
+        {% if (product_name == "WSO2 Identity Server") %}
+
+        - If the Identity Provider (IDP) includes a mapped email attribute, federated authentication and Just-In-Time (JIT) provisioning for child organizations are restricted to email domains mapped to those child organizations.
+
+        {% endif %}
+{% if (product_name == "WSO2 Identity Server") %}
+
+4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in child organizations based on their email domain.
+
+{% endif %}
 
     ![Enable email domain based organization discovery]({{base_path}}/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}