diff --git a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png index 41785e44b4..9cdd4d2d58 100644 Binary files a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png and b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png differ diff --git a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png index 99f620d8ae..035950bddf 100644 Binary files a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png and b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png differ diff --git a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png index 2653519e83..9e7c20f74f 100644 Binary files a/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png and b/en/asgardeo/docs/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png differ diff --git a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml index 65b8e4a5f2..3fef97262e 100644 --- a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml +++ b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml @@ -197,22 +197,24 @@ components: properties: type: array items: - type: object - required: - - key - - value - properties: - key: - type: string - example: emailDomain.enable - value: - type: string - example: true + $ref: '#/components/schemas/Properties' example: - - key: emailDomain.enable - value: true - - key: emailDomainBasedSelfSignup.enable - value: false + - key: emailDomain.enable + value: true + - key: emailDomainBasedSelfSignup.enable + value: false + Properties: + required: + - key + - value + type: object + properties: + key: + type: string + example: emailDomain.enable + value: + type: string + example: true responses: BadRequest: description: Invalid input in the request. diff --git a/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png b/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png index 41785e44b4..93b7b0b10d 100644 Binary files a/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png and b/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/assign-email-domains.png differ diff --git a/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png b/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png index 99f620d8ae..7f73107eac 100644 Binary files a/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png and b/en/identity-server/next/docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png differ diff --git a/en/includes/guides/organization-management/email-domain-based-organization-discovery.md b/en/includes/guides/organization-management/email-domain-based-organization-discovery.md index 1dc2621c21..a2c687e82d 100644 --- a/en/includes/guides/organization-management/email-domain-based-organization-discovery.md +++ b/en/includes/guides/organization-management/email-domain-based-organization-discovery.md @@ -29,7 +29,30 @@ and user Bob and Ben, with emails `bob@gcmart.com` and `ben@glory.com` should be 1. Login to the organization (root) from the {{ product_name }} Console. 2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Organization Discovery** under **Organization Settings**. 3. Turn on the toggle to enable email domain based organization discovery. -4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in sub-organizations based on their email domain. + + !!! note + When this is enabled, following restrctions will apply to child organizations during federated authentication and user onboarding. + + - Users can self-register, and administrators can onboard users to child organizations, only if the users' email domains match the domains mapped to the corresponding child organization. + + {% if (product_name == "WSO2 Identity Server") %} + + - Federated authentication and Just-In-Time (JIT) provisioning for child organizations are restricted to email domains mapped to those child organizations. + + {% endif %} +{% if (product_name == "WSO2 Identity Server") %} + +4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in child organizations based on their email domain. + + !!! note + To use this capability, self-registration must be enabled in the child organizations. Currently, enabling self-registration for child organizations via the console is not supported. Instead, you need to add the following configuration to the `deployment.toml` file located in the `/repository/conf` directory to enable self-registration server-wide. + + ``` + [identity_mgt.user_self_registration] + allow_self_registration = true + ``` + +{% endif %} ![Enable email domain based organization discovery]({{base_path}}/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}