Merge pull request #5518 from himeshsiriwardana/org-inheritance

Made the inheritance doc flow consistent and highlighted some of the facts

Author: himeshsiriwardana

en/asgardeo/mkdocs.yml

@@ -455,7 +455,7 @@ nav:
         - Inheritance in organizations:
             - Inheritance in organizations: guides/organization-management/inheritance-in-organizations/index.md
             - UI branding inheritance: guides/organization-management/inheritance-in-organizations/ui-branding-inheritance.md
-            - Email and SMS template inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
+            - Email and SMS templates inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
         - Organization discovery:
             - Organization discovery: guides/organization-management/organization-discovery/index.md
             - Email domain based organization discovery: guides/organization-management/organization-discovery/email-domain-based-organization-discovery.md

en/identity-server/7.1.0/mkdocs.yml

@@ -725,7 +725,7 @@ nav:
           - Inheritance in organizations:
             - Inheritance in organizations: guides/organization-management/inheritance-in-organizations/index.md
             - UI branding inheritance: guides/organization-management/inheritance-in-organizations/ui-branding-inheritance.md
-            - Email and SMS template inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
+            - Email and SMS templates inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
           - Organization discovery:
             - Organization discovery: guides/organization-management/organization-discovery/index.md
             - Email domain based organization discovery: guides/organization-management/organization-discovery/email-domain-based-organization-discovery.md

en/identity-server/next/mkdocs.yml

@@ -714,10 +714,10 @@ nav:
           - API authorization for organizations: guides/organization-management/api-authorization-for-b2b.md
           - Inheritance in organizations:
             - Inheritance in organizations: guides/organization-management/inheritance-in-organizations/index.md
-            - Login & registration configuration inheritance: guides/organization-management/inheritance-in-organizations/login-registration-inheritance.md
+            - Login & registration settings inheritance: guides/organization-management/inheritance-in-organizations/login-registration-inheritance.md
             - UI branding inheritance: guides/organization-management/inheritance-in-organizations/ui-branding-inheritance.md
-            - Email and SMS template inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
-            - User attribute inheritance: guides/organization-management/inheritance-in-organizations/attribute-inheritance.md
+            - Email and SMS templates inheritance: guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md
+            - User attributes inheritance: guides/organization-management/inheritance-in-organizations/attribute-inheritance.md
             - OIDC scope inheritance: guides/organization-management/inheritance-in-organizations/oidc-scope-inheritance.md
           - Organization discovery:
             - Organization discovery: guides/organization-management/organization-discovery/index.md

en/includes/guides/organization-management/inheritance-in-organizations/attribute-inheritance.md

@@ -1,59 +1,91 @@
 # User attribute inheritance
 
-Child organizations inherit all user attributes defined in the root organization. This includes both default system attributes in {{ product_name }} and any custom attributes created in the root organization.
+In {{product_name}}, child organizations inherit user attributes, user store mappings, and dialects from the root organization, ensuring consistency across the organization hierarchy.
 
-## User attributes in the local attribute dialect
+## How it works
 
-Child organizations can only update the attribute configurations that relate to secondary user stores, since each organization defines its own secondary user stores and doesn't share them with others.
+This section explains the inheritance mechanism for attributes, user store mappings, and dialects across organizations.
 
-You can find these configurations in the **Attribute Mappings** tab of an attribute.
+### User attributes
 
-### Mapped attributes
+- Child organizations inherit both the system-defined and custom attributes from the root organization.
 
-{% if product_name == "Asgardeo" %}
+- Only the root organization can create custom attributes.
 
-You can edit mappings related to user stores ( **MY USER STORE** in this example) independently for each organization.
+Organization administrators can access inherited user attributes from the {{product_name}} Console under **User Attributes & Stores** > **User Attributes**.
 
-![Attribute mappings]({{base_path}}/assets/img/guides/organization/attributes/b2b-edit-attribute-mappings.png){: width="700" style="display: block; margin: 0;"}
+### User store mappings
 
-{% else %}
+Each user store in an organization maintains mappings for user attributes. Inheritance of user store mappings works in the following way.
 
-You can edit the **PRIMARY** user store mappings shown below only in the root organization, which manages the primary user store shared across organizations.
+{% if product_name == "WSO2 Identity Server" %}
+- **Primary user store**
 
-However, you can edit mappings related to secondary user stores (**MY USER STORE** in this example) independently for each organization.
+    - Only the root organization can edit the user store mappings for the primary user store.
 
-![Attribute mappings]({{base_path}}/assets/img/guides/organization/attributes/b2b-edit-attribute-mappings.png){: width="700" style="display: block; margin: 0;"}
+    - Child organizations inherit primary user store mappings from the root organization.
 
-{% endif %}
+- **Secondary user stores**
+
+    - Child organizations can onboard their own secondary user stores.
+
+    - Child organizations have full control over user store mappings for secondary user stores, including:
+
+        - Editing mappings for user attributes inherited by the root organization.
+
+        - Whether to enable multi-valued user attributes (e.g. emailAddresses) for the secondary user stores. This option is only available for supported attributes.
+
+    Organization administrators can access user store mappings from the {{product_name}} Console by selecting an attribute from **User Attributes & Stores** > **User Attributes** and going to its **Attribute Mappings** tab.
+
+    The following diagram illustrates the attribute mapping section for the multi-valued `emailAddresses` attribute.
+
+    ![Attribute mappings]({{base_path}}/assets/img/guides/organization/attributes/b2b-edit-attribute-mappings.png){: width="700" style="display: block; margin: 0;"}
+
+    - Organizations can't edit the attribute mapping or disable it for the primary user store (**PRIMARY**).
 
-### Enabling attributes for a user store
+    - Child organizations can edit attribute mappings for secondary user stores (**MY USER STORE**).
 
-For certain multi-valued attributes, such as **Email Addresses**, organizations can configure whether the attribute should be enabled for a specific user store as seen in the above image. For secondary user stores, you can independently manage this setting within each organization.
 
-### Configuring other properties of attributes
+    {% else %}
 
-All other configurations are directly inherited from root organizations. Therefore, you must set them at the root organization level.
+    - Child organizations can onboard their own user stores.
 
-To learn how to configure user attributes in the root organization, see the following guides:
+    - They have full control over attribute mappings for these user stores, including:
 
-- [Manage attributes]({{base_path}}/guides/users/attributes/manage-attributes)
-- [Configure unique attributes]({{base_path}}/guides/users/attributes/configure-unique-attributes)
+        - Editing mappings for attributes inherited by the root organization.
 
-## User attributes in external attribute dialects
+        - Whether to enable multi-valued user attributes (e.g. emailAddresses) for the user stores. This option is only available for supported attributes.
 
-{% if product_name == "Asgardeo" %}
+    Organization administrators can access user store mappings from the {{product_name}} Console by selecting an attribute from **User Attributes & Stores** > **User Attributes** and going to its **Attribute Mappings** tab.
 
-Child organizations inherit external attribute dialects defined by the system in {{ product_name }} such as SCIM 2.0 and OpenID Connect (OIDC).
+    The following diagram illustrates the attribute mapping section for the multi-valued `emailAddresses` attribute.
 
-{% else %}
+    ![Attribute mappings]({{base_path}}/assets/img/guides/organization/attributes/  b2b-edit-attribute-mappings.png){: width="700" style="display: block; margin: 0;"}
 
-Child organizations inherit external attribute dialects defined by the system in {{ product_name }} such as SCIM 2.0, OpenID Connect (OIDC) and any other custom attribute dialects.
+    Child organizations can manage and disable attributes for user stores (**MY USER STORE**).
 
 {% endif %}
 
-However, child organizations can't create new attribute dialects or modify those inherited from the root.
+### Attribute dialects
+
+Attribute dialects define the naming and format of user attributes when exchanging data with external systems.
+
+- Child organizations inherit all external attribute dialects defined in the root organization, such as:
+
+    - SCIM 2.0
+
+    - OpenID Connect (OIDC)
+
+    {% if product_name == "WSO2 Identity Server" %}
+
+    - Any custom dialects created at the root organization level
+
+    {% endif %}
+
+- Attribute dialects are read-only for child organizations. They can't create new dialects or modify inherited ones.
+
+Organization administrators can view user attribute dialects from the {{product_name}} Console by going to **User Attributes & Stores** > **User Attributes** and selecting the relevant dialect under **Manage Attribute Mappings**.
 
-To learn how to configure external user attributes in the root organization, see the following guides:
+## Configure user attributes at the root organization
 
-- [Manage SCIM 2.0 attribute mappings]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings)
-- [Manage OpenID Connect attribute mappings]({{base_path}}/guides/users/attributes/manage-oidc-attribute-mappings)
+Root organization administrators can create user attributes, user store mappings and dialects at the root organization. Follow the [Manage attributes and mappings]({{base_path}}//users/attributes/) guide to learn more.

en/includes/guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance.md

@@ -1,8 +1,20 @@
 # Email and SMS template inheritance
 
-You can customize email and sms templates to fit the branding needs of each organization. If you don't customize a template for an organization, it will inherit the design from the closest ancestor organization with a customized template. If no ancestor has customized the particular template, the default template will apply.
+In {{product_name}}, child organizations inherit email and SMS templates from the organizational hierarchy. Child organizations can make their own adjustments to these inherited templates.
 
-## Customize templates
+Organization administrators can access email and SMS templates from the {{product_name}} Console under **Branding** > **Email Templates** and **Branding** > **SMS Templates** respectively.
+
+## How it works
+
+Inheritance for email and SMS templates works as follows.
+
+- Child organizations inherit email and SMS templates from the nearest ancestor with custom templates. If no ancestor has customized templates, the default templates apply.
+
+- Organizations can customize their own email and SMS templates, overriding the inherited templates. These overridden templates then pass down to the organization’s descendants.
+
+- Organizations can also revert their email and SMS templates, restoring the inherited values.
+
+## Customize email and SMS templates
 
 To learn how to customize email and SMS templates, refer to the following guides:
 

en/includes/guides/organization-management/inheritance-in-organizations/index.md

@@ -1,20 +1,19 @@
 # Inheritance in organizations
 
-In a B2B scenario, a primary organization offers services to other businesses, which function as **child organizations**.
+Parent organizations sit higher in the hierarchy and often define common behaviors for their child organizations. At the same time, child organizations need to maintain their own unique identity and configurations.
 
-Parent organizations often need to define common behaviors for their child organizations. However, child organizations also require their own unique identity and configurations.
+{{product_name}} allows child organizations to **inherit** and **override** configurations from their parent organizations. This model simplifies administration by letting parent organizations set baseline configurations. It also gives child organizations the flexibility to customize their settings.
 
-{{product_name}} allows child organizations to **inherit** and **override** configurations from their parent organization. This model simplifies administration by letting parent organizations set baseline configurations. It also gives child organizations the flexibility to customize their settings.
-
-The following guides explain how inheritance works for different features:
+The following guides explain how inheritance works for each of these features:
 
 {% if product_name != "Asgardeo" and (product_name == "WSO2 Identity Server" and is_version != "7.0.0" and is_version != "7.1.0") %}
 
-- **[Login & registration configuration inheritance]({{base_path}}/guides/organization-management/inheritance-in-organizations/login-registration-inheritance/)**: Learn how login and registration configurations can be inherited and customized.
+- **[Configurations for login & registration]({{base_path}}/guides/organization-management/inheritance-in-organizations/login-registration-inheritance/)**: Learn how child organizations can inherit or override configurations related to login and registration.
+
 - **[User attribute inheritance]({{base_path}}/guides/organization-management/inheritance-in-organizations/attribute-inheritance/)**: Learn how to manage user attribute configurations in organizations.
 - **[OIDC scope inheritance]({{base_path}}/guides/organization-management/inheritance-in-organizations/oidc-scope-inheritance/)**: Learn how organizations inherit OpenID Connect (OIDC) scopes.
 
 {% endif %}
 
-- **[UI branding inheritance]({{base_path}}/guides/organization-management/inheritance-in-organizations/ui-branding-inheritance/)**: Discover how organizations can inherit or define their own look and feel.
-- **[Email and SMS template inheritance]({{base_path}}/guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance/)**: See how Email and SMS templates can be managed in an organizational hierarchy.
+- **[UI branding]({{base_path}}/guides/organization-management/inheritance-in-organizations/ui-branding-inheritance/)**: Discover how organizations can inherit or define their own look and feel.
+- **[Email and SMS template]({{base_path}}/guides/organization-management/inheritance-in-organizations/email-sms-templates-inheritance/)**: Learn how customizations to Email and SMS templates propagate in an organization hierarchy.

en/includes/guides/organization-management/inheritance-in-organizations/login-registration-inheritance.md

@@ -1,27 +1,22 @@
-# Login and registration configuration inheritance
+# Login and registration settings inheritance
 
-In {{product_name}}, login and registration settings are managed at the organization level. Child organizations inherit these configurations from their parent, while still allowing for organization-specific customizations.
+In {{product_name}}, child organizations inherit configurations related to login and registration from the organizational hierarchy. Child organizations can make their own customizations to these inherited settings.
+
+Organization administrators can access login and registration settings in the {{product_name}} Console under **Login & Registration**.
 
 ## How it works
 
-The inheritance for login and registration configurations is as follows:
+Inheritance for login and registration configurations works as follows:
+
+- Child organizations inherit settings from the nearest ancestor with a custom configuration. If no ancestor has customized settings, the default value applies.
 
-- Configuration settings are inherited hierarchically. An organization receives its settings from the nearest ancestor with a custom configuration. If no ancestor has a custom setting, the default value is applied.
-- Any organization can override an inherited value. This new setting will then be inherited by all of its descendant organizations. An override can be reverted at any time to restore the inherited configuration.
+- Organizations can customize their own settings, overriding the inherited values. These overridden settings then pass down to the organization’s descendants.
 
-!!! note
-    Child organizations can't override `Idle Session Timeout` and `Remember Me Period` configurations related to session management. 
+- Organizations can also revert their customizations, restoring the inherited values.
 
-## Configure login and registration flows
+!!! note "Important"
+    Child organizations can't override `Idle Session Timeout` and `Remember Me Period` configurations related to session management.
 
-To learn how to configure login and registration flows, see the following guides:
+## Configure login and registration settings
 
-- [Admin initiated password reset]({{base_path}}/guides/account-configurations/account-recovery/admin-initiated-password-reset)
-- [Password recovery]({{base_path}}/guides/account-configurations/account-recovery/password-recovery)
-- [Username recovery]({{base_path}}/guides/account-configurations/account-recovery/username-recovery)
-- [Bot detection]({{base_path}}/guides/account-configurations/login-security/bot-detection)
-- [Login attempts security]({{base_path}}/guides/account-configurations/login-security/login-attempts)
-- [Password validation]({{base_path}}/guides/account-configurations/login-security/password-validation)
-- [Session management]({{base_path}}/guides/account-configurations/login-security/session-management)
-- [Account disabling]({{base_path}}/guides/account-configurations/account-disabling)
-- [Notification settings]({{base_path}}/guides/account-configurations/notification-settings)
+To learn how to configure login and registration settings for an organization, see the [Account configurations]({{base_path}}/guides/account-configurations/) guides.

en/includes/guides/organization-management/inheritance-in-organizations/oidc-scope-inheritance.md

@@ -1,11 +1,17 @@
-# OpenID Connect scope inheritance
+# OpenID Connect scopes inheritance
 
-OpenID Connect (OIDC) scopes defined in root organizations are inherited by child organizations, including both system default OIDC scopes in {{ product_name }} and any custom OIDC scopes created in the root organization.
+In {{product_name}}, child organizations inherit OpenID Connect scopes from the root organization, ensuring consistency across the organization hierarchy.
 
-Child organizations, however, can't create new OIDC scopes or modify those inherited from the root.
+## How it works
 
-## Configure OIDC scopes
+Inheritance for OIDC scopes works as follows.
 
-To learn how to configure OIDC scopes in the root organization, see the following guide:
+- Child organizations inherit both the system-defined and custom OIDC scopes from the root organization.
 
-- [Manage OIDC Scopes]({{base_path}}/guides/users/attributes/manage-scopes)
+- Only the root organization can create or modify custom OIDC scopes.
+
+Organization administrators can view inherited OIDC scopes from the {{product_name}} Console by going to **User Attributes & Stores** > **User Attributes** > **OpenID Connect** and selecting **Scopes**.
+
+## Configure OIDC scopes at the root organization
+
+Administrators can create and modify OIDC scopes at the root organization. Follow the [Manage OIDC Scopes]({{base_path}}/guides/users/attributes/manage-scopes) guide to learn more.