Closed brionmario closed 6 months ago
Scenario 1: Super Tenant login - https://localhost:9443/console
OR https://localhost:9443/t/carbon.super/console
https://github.com/wso2/product-is/assets/1498339/4e2ffdd1-eb3e-40f8-84c7-ffdd6048f11c
Scenario 2: Tenant login - https://localhost:9443/t/<tenant-domain>/console
https://github.com/wso2/product-is/assets/1498339/a3f7e331-5dd6-423e-81e6-91f231512b11
Scenario 3: Admin of super tenant switching to an organization
https://github.com/wso2/product-is/assets/1498339/3e55bdfc-65a5-46d7-a33b-a8ebee19f3ce
Scenario 4: Admin of a tenant switching to an organization
https://github.com/wso2/product-is/assets/1498339/a86aa3e3-d57a-42c8-9a2e-5403ed30f74e
Scenario 5: Admin from an organization under super tenant login to that organization - https://localhost:9443/t/carbon.super/o/<org-id>/console
https://github.com/wso2/product-is/assets/1498339/bace6464-7fc6-4fe4-bf38-1cd8125ea1f6
Scenario 6: Admin from an organization under a tenant login to that organization - https://localhost:9443/t/<tenant-domain>/o/<org-id>/console
https://github.com/wso2/product-is/assets/1498339/ab9fe959-134e-40a5-a025-4cd166c7b3d0
IMPORTANT
These changes are available in the IS 7.0-beta4 release.
Released with IS 7.0-beta4.
Considering the 'Admin' of the customer organization the way he/she should see this UI is as an admin portal. For them they should able to see Users, SSO settings for the app(s), security enforcing MFA likewise. Even the capabilities are available this view does not give right experience. Given the time, effort and need we can discuss to compromise. Refer the admin portal of front egg.
How does 'console settings' here now works for the two personas; 1. Admin of the B2B service providing business, 2. Admin of the customer organization. For (1) it will be confusing. They are supposed to manage access for the console from the parent org level. Their intention is rather to give access for admins of customer orgs for this portal. Having console settings could easily confuse. For (2), they should be able to provide access for other users of the same org to access this specific portal or other apps, should be able to enforce MFA. I feel the word 'console' can be confusing. Should find the right balance here
Applying branding will that apply for this portal as well ? It should be if it's supposed to be consumed by admins of the customer org
Same support for My Account was added with PR: https://github.com/wso2/identity-apps/pull/5141
Is your suggestion related to an experience ? Please describe.
Currently, organization users can't log in to Console & My Account.
Describe the improvement
We need to do the following set of tasks to enable this:
https://localhost:9443/console
https://localhost:9443/myaccount
https://localhost:9443/authorize
fidp
andorgId
parameterscarbon.super
in the URL can be considered later to have the above URLshttps://localhost:9443/t/<TENANT_DOMAIN>/console
https://localhost:9443/t/<TENANT_DOMAIN>/myaccount
https://localhost:9443/t/<TENANT_DOMAIN>/authorize
fidp
andorgId
parametershttps://localhost:9443/o/<ORG_ID>/console
https://localhost:9443/o/<ORG_ID>/myaccount
carbon.super
in the URL can be considered later to have the above URLshttps://localhost:9443/authorize
fidp
andorgId
parametershttps://localhost:9443/t/<TENANT_DOMAIN>/o/<ORG_ID>/console
https://localhost:9443/t/<TENANT_DOMAIN>/o/<ORG_ID>/myaccount
https://localhost:9443/t/<TENANT_DOMAIN>/authorize
fidp
andorgId
parametersorg_id
value in browser memoryfidp
andorgId
user_org
value in id_token fororgId
parameter