Address review comments.

en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml

@@ -197,22 +197,24 @@ components:
         properties:
           type: array
           items:
-            type: object
-            required:
-              - key
-              - value
-            properties:
-              key:
-                type: string
-                example: emailDomain.enable
-              value:
-                type: string
-                example: true
+            $ref: '#/components/schemas/Properties'
           example:
-            - key: emailDomain.enable
-              value: true
-            - key: emailDomainBasedSelfSignup.enable
-              value: false
+          - key: emailDomain.enable
+            value: true
+          - key: emailDomainBasedSelfSignup.enable
+            value: false
+    Properties:
+      required:
+        - key
+        - value
+      type: object
+      properties:
+        key:
+          type: string
+          example: emailDomain.enable
+        value:
+          type: string
+          example: true
   responses:
     BadRequest:
       description: Invalid input in the request.

en/includes/guides/organization-management/email-domain-based-organization-discovery.md

@@ -29,7 +29,30 @@ and user Bob and Ben, with emails `[email protected]` and `[email protected]` should be
 1. Login to the organization (root) from the {{ product_name }} Console.
 2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Organization Discovery** under **Organization Settings**.
 3. Turn on the toggle to enable email domain based organization discovery.
-4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in sub-organizations based on their email domain.
+
+    !!! note
+        When this is enabled, following restrctions will apply to child organizations during federated authentication and user onboarding.
+
+        - Users can self-register, and administrators can onboard users to child organizations, only if the users' email domains match the domains mapped to the corresponding child organization.
+
+        {% if (product_name == "WSO2 Identity Server") %}
+
+        - Federated authentication and Just-In-Time (JIT) provisioning for child organizations are restricted to email domains mapped to those child organizations.
+
+        {% endif %}
+{% if (product_name == "WSO2 Identity Server") %}
+
+4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in child organizations based on their email domain.
+
+    !!! note
+        To use this capability, self-registration must be enabled in the child organizations. Currently, enabling self-registration for child organizations via the console is not supported. Instead, you need to add the following configuration to the `deployment.toml` file located in the `<IS_HOME>/repository/conf` directory to enable self-registration server-wide.
+
+        ```
+        [identity_mgt.user_self_registration]
+        allow_self_registration = true
+        ```
+
+{% endif %}
 
     ![Enable email domain based organization discovery]({{base_path}}/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}