diff --git a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png index 2653519e83..9e7c20f74f 100644 Binary files a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png and b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png differ diff --git a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml index 65b8e4a5f2..3fef97262e 100644 --- a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml +++ b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml @@ -197,22 +197,24 @@ components: properties: type: array items: - type: object - required: - - key - - value - properties: - key: - type: string - example: emailDomain.enable - value: - type: string - example: true + $ref: '#/components/schemas/Properties' example: - - key: emailDomain.enable - value: true - - key: emailDomainBasedSelfSignup.enable - value: false + - key: emailDomain.enable + value: true + - key: emailDomainBasedSelfSignup.enable + value: false + Properties: + required: + - key + - value + type: object + properties: + key: + type: string + example: emailDomain.enable + value: + type: string + example: true responses: BadRequest: description: Invalid input in the request. diff --git a/en/includes/guides/organization-management/email-domain-based-organization-discovery.md b/en/includes/guides/organization-management/email-domain-based-organization-discovery.md index 1dc2621c21..2d5799caf3 100644 --- a/en/includes/guides/organization-management/email-domain-based-organization-discovery.md +++ b/en/includes/guides/organization-management/email-domain-based-organization-discovery.md @@ -29,7 +29,22 @@ and user Bob and Ben, with emails `bob@gcmart.com` and `ben@glory.com` should be 1. Login to the organization (root) from the {{ product_name }} Console. 2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Organization Discovery** under **Organization Settings**. 3. Turn on the toggle to enable email domain based organization discovery. -4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in sub-organizations based on their email domain. + + !!! note + When this is enabled, following restrctions will apply to child organizations during federated authentication and user onboarding. + + - Users can self-register, and administrators can onboard users to child organizations, only if the users' email domains match the domains mapped to the corresponding child organization. + + {% if (product_name == "WSO2 Identity Server") %} + + - If the Identity Provider (IDP) includes a mapped email attribute, federated authentication and Just-In-Time (JIT) provisioning for child organizations are restricted to email domains mapped to those child organizations. + + {% endif %} +{% if (product_name == "WSO2 Identity Server") %} + +4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in child organizations based on their email domain. + +{% endif %} ![Enable email domain based organization discovery]({{base_path}}/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}