wso2 · Yasasr1 · Dec 9, 2024 · Dec 10, 2024 · AnuradhaSK · Dec 17, 2024
diff --git a/...cs/assets/img/guides/organization/manage-organizations/assign-email-domains.png b/...cs/assets/img/guides/organization/manage-organizations/assign-email-domains.png
diff --git a/...docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png b/...docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png
diff --git a/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png b/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png
diff --git a/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml b/en/identity-server/next/docs/apis/restapis/organization-discovery-config-mgt.yaml
@@ -91,6 +91,55 @@ paths:
                 ]
             }'
       x-codegen-request-body-name: body
+    put:
+      tags:
+        - Discovery
+      summary: Update organization discovery configuration.
+      description: |
+        This API provides the capability to update discovery configuration of the primary organization. <br>
+
+        <b>Scope(Permission) required:</b> `internal_organization_config_update`
+      operationId: updateDiscoveryConfig
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Config'
+      responses:
+        '200':
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Config'
+        '400':
+          $ref: '#/components/responses/BadRequest'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '403':
+          $ref: '#/components/responses/Forbidden'
+        '500':
+          $ref: '#/components/responses/ServerError'
+      x-codeSamples:
+        - lang: Curl
+          source: |
+            curl --location  --request PUT 'https://localhost:9443/api/server/v1/organization-configs/discovery' \
+            -H 'Content-Type: application/json' \
+            -H 'Accept: application/json' \
+            -H 'Authorization: Basic YWRtaW46YWRtaW4=' \
+            -d '{
+                "properties": [
+                    {
+                        "key": "emailDomain.enable",
+                        "value": true
+                    },
+                    {
+                        "key": "emailDomainBasedSelfSignup.enable",
+                        "value": false
+                    }
+                ]
+            }'
+      x-codegen-request-body-name: body
     delete:
       tags:
         - Discovery
@@ -149,6 +198,11 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/Properties'
+          example:
+          - key: emailDomain.enable
+            value: true
+          - key: emailDomainBasedSelfSignup.enable
+            value: false
     Properties:
       required:
         - key
@@ -161,7 +215,6 @@ components:
         value:
           type: string
           example: true
-
   responses:
     BadRequest:
       description: Invalid input in the request.

diff --git a/...cs/assets/img/guides/organization/manage-organizations/assign-email-domains.png b/...cs/assets/img/guides/organization/manage-organizations/assign-email-domains.png
diff --git a/...docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png b/...docs/assets/img/guides/organization/manage-organizations/edit-email-domains.png
diff --git a/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png b/...ation/manage-organizations/enable-email-domain-based-organization-discovery.png
diff --git a/...des/guides/organization-management/email-domain-based-organization-discovery.md b/...des/guides/organization-management/email-domain-based-organization-discovery.md
@@ -27,9 +27,33 @@ and user Bob and Ben, with emails `[email protected]` and `[email protected]` should be
 ### Using the Console
 
 1. Login to the organization (root) from the {{ product_name }} Console.
-2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Email Domain Discovery** under **Organization Settings**.
+2. On the {{ product_name }} Console, go to **Login & Registration**, and click **Organization Discovery** under **Organization Settings**.
 3. Turn on the toggle to enable email domain based organization discovery.
 
+    !!! note
+        When this is enabled, following restrctions will apply to child organizations during federated authentication and user onboarding.
+
+        - Users can self-register, and administrators can onboard users to child organizations, only if the users' email domains match the domains mapped to the corresponding child organization.
+
+        {% if (product_name == "WSO2 Identity Server") %}
+
+        - Federated authentication and Just-In-Time (JIT) provisioning for child organizations are restricted to email domains mapped to those child organizations.
+
+        {% endif %}
+{% if (product_name == "WSO2 Identity Server") %}
+
+4. Select the **Email domain discovery for self-registration** checkbox if you want to allow users to discover and self-register in child organizations based on their email domain.
+
+    !!! note
+        To use this capability, self-registration must be enabled in the child organizations. Currently, enabling self-registration for child organizations via the console is not supported. Instead, you need to add the following configuration to the `deployment.toml` file located in the `<IS_HOME>/repository/conf` directory to enable self-registration server-wide.
+
+        ```
+        [identity_mgt.user_self_registration]
+        allow_self_registration = true
+        ```
+
+{% endif %}
+
     ![Enable email domain based organization discovery]({{base_path}}/assets/img/guides/organization/manage-organizations/enable-email-domain-based-organization-discovery.png){: width="700" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 ### Using the API