Merge pull request #6020 from pavinduLakshan/add_b2b_user_sharing_docs

Add docs for B2B user sharing

Author: pavinduLakshan

.coderabbit.yml

@@ -0,0 +1,23 @@
+language: en-US
+tone_instructions: ""
+early_access: false
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: false
+  high_level_summary: false
+  sequence_diagrams: false
+  estimate_code_review_effort: false
+  auto_assign_reviewers: true
+  poem: false
+  labeling_instructions:
+    - label: "Team/Authentication & registration"
+      instructions: "Use for documentation related to custom authenticators, login flows, registration flows, application authentication settings, login UI, identity providers in login, MFA configuration and authentication steps."
+    - label: "Team/User & identity administration"
+      instructions: "Use for documentation related to user management, identity management, profile management, account settings, password management, user roles and permissions."
+    - label: "Team/API Access Mgt & Authorization"
+      instructions: "Use for documentation related to API authorization, OAuth/OIDC authorization issues, role management, permission management, consent management, scope management, access policies."
+    - label: "Team/B2B"
+      instructions: "Use for documentation related to sub-organization management, partner authentication, partner identity management, organization hierarchy."
+    - label: "Team/Identity Server Core"
+      instructions: "Use for documentation related to email provider configuration, SMS provider configuration, deployment configuration, server performance improvements, infrastructure issues, core backend services, tenant management, web application or API performance and maintenance."

en/identity-server/7.1.0/docs/guides/organization-management/share-user-profiles.md

@@ -1 +1,4 @@
+{% set product_name = "WSO2 Identity Server" %}
+{% set is_version = "7.1.0" %}
+
 {% include "../../../../../includes/guides/organization-management/share-user-profiles.md" %}

en/identity-server/7.2.0/docs/guides/organization-management/share-user-profiles.md

@@ -1 +1,4 @@
+{% set product_name = "WSO2 Identity Server" %}
+{% set is_version = "7.2.0" %}
+
 {% include "../../../../../includes/guides/organization-management/share-user-profiles.md" %}

en/identity-server/next/docs/assets/img/guides/users/share-user-with-all-organizations.png

@@ -1 +1,4 @@
+{% set product_name = "WSO2 Identity Server" %}
+{% set is_version = "7.3.0" %}
+
 {% include "../../../../../includes/guides/organization-management/share-user-profiles.md" %}

en/identity-server/next/docs/guides/organization-management/share-user-profiles.md

@@ -8,6 +8,24 @@ This guide walks you through how you can manage user accounts as an administrato
 
 To learn more about onboarding users, see [Onboard users]({{base_path}}/guides/users/onboard-users/).
 
+## Filter users
+
+Administrators can filter users based on their account status from the {{ product_name }} Console.
+
+To filter users by account status:
+
+1. On the {{ product_name }} Console, go to **User Management** > **Users**.
+2. Click the **Account Status** dropdown and select the relevant filter criteria:
+
+    - **Locked**: Filters users with locked accounts.
+    - **Disabled**: Filters users with deactivated accounts.
+    - **Pending password reset**: Filters users for whom the administrator has initiated a forced password reset, but the users haven't yet reset their passwords.
+    - **Pending initial password setup**: Filters users an administrator invited to set their own password during initial account creation but who haven't done so yet.
+    - **Pending email verification**: Filters users who haven't yet verified their primary email addresses.
+    - **Pending mobile verification**: Filters users who haven't yet verified their primary mobile numbers.
+
+        ![Filter users by account status]({{base_path}}/assets/img/guides/users/filter-users-by-account-status.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+
 ## Assign groups
 
 Groups are useful when you wish to assign a certain permission level to multiple users. A user can be a member of multiple groups in the organization. Learn how to [manage groups]({{base_path}}/guides/users/manage-groups/).
@@ -55,6 +73,30 @@ To update the user profile:
 
 4. Click **Update** to save.
 
+## Share user with organizations
+
+An administrator can share a user with an organization (or multiple organizations) via the WSO2 Identity Server Console.
+
+To share a user with organizations:
+
+1. On the WSO2 Identity Server Console, go to **User Management** > **Users**.
+
+2. Find the user's account in the user list and click **Edit**.
+
+3. Navigate to the **Shared Access** tab.
+
+4. Select the appropriate sharing option.
+
+    - **Do not share user with any organization** - user will not be shared with any organizations.
+
+    - **Share user with all organizations** - user is shared with all current and future organizations. When the user is shared, administrators can also configure which roles should be assigned to the user in the shared organizations.
+
+       ![Share user with all organizations]({{base_path}}/assets/img/guides/users/share-user-with-all-organizations.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+
+    - **Share user with selected organizations** - user is shared with a specific set of existing organizations, but they are not shared with the future children organizations. Administrators can configure which roles should be assigned to the user in the shared organizations.
+
+5. Once selected and configured, click **Save**.
+
 ## Resend invitation links and codes
 
 Administrators can resend expired invitation links or verification codes to users. This applies when users need to:
@@ -142,7 +184,6 @@ Specify the **recovery scenario** in the `properties` parameter of the API reque
     - Provide the username without the user store domain prefix
     - Specify the relevant user store domain name in the `realm` parameter
 
-
     ---
     **Response**
     ```
@@ -195,7 +236,7 @@ To reset the password:
 
 3. Click **Reset Password**.
 
-**Using the API**
+### Using the API
 
 You can also use WSO2 Identity Server's [SCIM API]({{base_path}}/apis/scim2-users-rest-apis/#tag/Users-Endpoint/operation/patchUser) to initiate the admin initiated password recovery flow.
 
@@ -319,21 +360,3 @@ To delete a user account:
 
 3. Select the checkbox to confirm your action.
 4. Click **Confirm**.
-
-## Filter users
-
-Administrators can filter users based on their account status from the {{ product_name }} Console.
-
-To filter users by account status:
-
-1. On the {{ product_name }} Console, go to **User Management** > **Users**.
-2. Click the **Account Status** dropdown and select the relevant filter criteria:
-
-    - **Locked**: Filters users with locked accounts.
-    - **Disabled**: Filters users with deactivated accounts.
-    - **Pending password reset**: Filters users for whom the administrator has initiated a forced password reset, but the users haven't yet reset their passwords.
-    - **Pending initial password setup**: Filters users an administrator invited to set their own password during initial account creation but who haven't done so yet.
-    - **Pending email verification**: Filters users who haven't yet verified their primary email addresses.
-    - **Pending mobile verification**: Filters users who haven't yet verified their primary mobile numbers.
-
-        ![Filter users by account status]({{base_path}}/assets/img/guides/users/filter-users-by-account-status.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}

en/identity-server/next/docs/guides/users/manage-users.md

@@ -10,7 +10,7 @@ There are three ways how user profiles are shared between organizations:
 
 2. An organization admin can invite users from the immediate parent organization to join the organization. Once the user accepts the invitation, the user profile is automatically shared with the child organization. Learn more about [inviting existing users from the parent organization]({{base_path}}/guides/organization-management/onboard-users/#invite-existing-users-from-the-parent-organization).
 
-3. An admin can share users of an organization with other organizations lower in the hierarchy using the [User Sharing API]({{base_path}}/apis/organization-user-share-rest-api).
+3. An admin can share users of an organization with other organizations lower in the hierarchy {% if product_name == "WSO2 Identity Server" and is_version > "7.2.0" %}[through the {{product_name}} Console]({{base_path}}/guides/users/manage-users/#share-user-with-organizations) or {% endif %} using the [User Sharing API]({{base_path}}/apis/organization-user-share-rest-api).
 
 ## Customize user attributes in shared user profiles
 
@@ -31,7 +31,7 @@ If your organization has a user whose profile is managed by another organization
             <tr>
                 <td>From Shared Profile</td>
                 <td>The organization can customize the user attribute value.</td>
-            </tr>   
+            </tr>
             <tr>
                 <td>From First Found in Hierarchy</td>
                 <td>The user attribute inherits the value from the nearest organization in the hierarchy that has assigned a non-null value to it.</td>
@@ -40,5 +40,3 @@ If your organization has a user whose profile is managed by another organization
     </table>
 
 Learn more about attribute configurations in [configure attributes]({{base_path}}/guides/users/attributes/manage-attributes/#configure-attributes).
-
-