Add docs for B2B user sharing

[pavinduLakshan]

Purpose

$subject

Related PRs

Test environment

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines?
• Ran FindSecurityBugs plugin and verified report?
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?

Summary by CodeRabbit

• New Features

  • Console: added a "Shared Access" workflow to share user profiles with all or selected organizations and assign roles per shared org.

• Documentation

  • Reorganized user-management guide (moved "Filter users" earlier) and added a "Share user with organizations" walkthrough.
  • Minor editorial tweaks: heading adjustment, whitespace cleanup, and version-aware templating to surface console sharing where applicable.

• Chores

  • Added repository configuration for review and automation defaults.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Moved the "Filter users" section earlier in the manage-users guide, added a new "Share user with organizations" console workflow, demoted a label to ###, removed stray whitespace, made the shared include conditional on version via Jinja variables, and added a .coderabbit.yml repo config.

Changes

Cohort / File(s)	Summary
User management guide en/identity-server/next/docs/guides/users/manage-users.md	Relocated the "Filter users" section (with screenshot) earlier; added "Share user with organizations" console workflow describing Shared Access options (do not share / share with all / share with selected + per-org role assignment); changed "Using the API" label to ###; removed an extra blank line.
Shared include (organization management) en/includes/guides/organization-management/share-user-profiles.md	Updated item 3 to conditionally reference sharing "through the {{product_name}} Console" when product_name == "WSO2 Identity Server" and is_version > "7.2.0"; removed trailing whitespace and extra blank lines.
Versioned guide wrappers en/identity-server/7.1.0/docs/guides/organization-management/share-user-profiles.md, en/identity-server/7.2.0/docs/guides/organization-management/share-user-profiles.md, en/identity-server/next/docs/guides/organization-management/share-user-profiles.md	Inserted Jinja variables product_name and is_version before including the shared share-user-profiles content to enable conditional rendering based on product/version.
Repository config .coderabbit.yml	Added repository configuration (default language/tone, free-tier & early-access toggles, review workflow controls, sequence-diagram and code-review toggles, and labeling instructions for documentation areas).

Sequence Diagram(s)

sequenceDiagram
    participant Admin as Admin Console
    participant API as Identity Server API
    participant OrgDB as Organizations Store
    participant UserDB as User Store

    rect rgba(135,206,250,0.5)
    Admin->>API: Open user → Edit → Open "Shared Access"
    end

    rect rgba(144,238,144,0.5)
    Admin->>API: Choose "Do not share" / "Share with all" / "Share with selected"
    API->>OrgDB: Query organizations (if selecting orgs)
    API->>UserDB: Prepare role assignments for selected orgs
    end

    rect rgba(255,182,193,0.5)
    Admin->>API: Save
    API-->>Admin: Confirm update
    API->>OrgDB: Persist sharing metadata
    API->>UserDB: Persist role assignments
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through docs and nudged a view,

Filters fronted, sharing options new.
Pick orgs, set roles, then press Save tight—
A tidy change, then off to nibble light. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description uses a template with required sections but fails to complete the Purpose section (contains only '$subject' placeholder), provides no Related PRs, and leaves Test environment blank, making it largely incomplete.	Replace '$subject' placeholder with an actual purpose description; populate Related PRs and Test environment sections; ensure all security checklist items are reviewed and marked appropriately.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding documentation for B2B user sharing, which aligns with the changes across multiple documentation files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

en/identity-server/next/docs/guides/users/manage-users.md (3)

79-79: Address the reader as "you" instead of "an administrator."

The coding guidelines specify addressing the reader as "you." Line 79 uses "An administrator can share..." which distances the reader from the action.

✏️ Proposed revision

-An administrator can share a user with an organization (or multiple organizations) via the WSO2 Identity Server Console.
+You can share a user with one or more organizations via the WSO2 Identity Server Console.

As per coding guidelines: "Address the reader as 'you'"; also, "Use 'multiple' only when it adds clarity about behavior, constraints, or guarantees" (the plural form "organizations" already conveys plurality).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/guides/users/manage-users.md` at line 79,
Replace the impersonal sentence "An administrator can share a user with an
organization (or multiple organizations) via the WSO2 Identity Server Console."
with a direct address using "you", e.g. "You can share a user with an
organization or organizations via the WSO2 Identity Server Console." — remove
the parenthetical "or multiple" per the guideline and keep the rest of the
sentence intact.

---

20-26: Consider reducing repetitive sentence structure.

The bullet points at lines 20-25 all begin with "Filters users," which reduces readability. Consider varying the structure or omitting the redundant phrase.

✏️ Proposed revision for variety

     - **Locked**: Filters users with locked accounts.
-    - **Disabled**: Filters users with deactivated accounts.
-    - **Pending password reset**: Filters users for whom the administrator has initiated a forced password reset, but the users haven't yet reset their passwords.
-    - **Pending initial password setup**: Filters users an administrator invited to set their own password during initial account creation but who haven't done so yet.
-    - **Pending email verification**: Filters users who haven't yet verified their primary email addresses.
-    - **Pending mobile verification**: Filters users who haven't yet verified their primary mobile numbers.
+    - **Disabled**: Shows users with deactivated accounts.
+    - **Pending password reset**: Shows users for whom the administrator has initiated a forced password reset, but the users haven't yet reset their passwords.
+    - **Pending initial password setup**: Shows users an administrator invited to set their own password during initial account creation but who haven't done so yet.
+    - **Pending email verification**: Shows users who haven't yet verified their primary email addresses.
+    - **Pending mobile verification**: Shows users who haven't yet verified their primary mobile numbers.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/guides/users/manage-users.md` around lines 20 -
26, The six bullet descriptions repeat the phrase "Filters users," making them
verbose; update the bullets in the manage-users.md section so each starts with
the status term (e.g., "Locked:", "Disabled:") followed by a concise, varied
description without the redundant "Filters users" prefix — for example "Locked:
accounts that are locked," "Disabled: deactivated accounts," "Pending password
reset: administratively initiated reset not yet completed," "Pending initial
password setup: invited users who haven't set a password," "Pending email
verification: primary email not yet verified," and "Pending mobile verification:
primary mobile not yet verified."

---

13-13: Consider addressing the reader as "you."

Line 13 uses "Administrators can filter..." which could be more direct. The coding guidelines specify addressing the reader as "you."

✏️ Proposed revision

-Administrators can filter users based on their account status from the {{ product_name }} Console.
+You can filter users based on their account status from the {{ product_name }} Console.

As per coding guidelines: "Address the reader as 'you'."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/guides/users/manage-users.md` at line 13,
Replace the third-person sentence "Administrators can filter users based on
their account status from the {{ product_name }} Console." with a second-person
phrasing that addresses the reader (for example, "You can filter users based on
their account status from the {{ product_name }} Console.") and update any
similar occurrences of "Administrators can..." in manage-users.md to use "You"
for consistency with the coding guidelines.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@en/identity-server/next/docs/guides/users/manage-users.md`:
- Line 79: Replace the impersonal sentence "An administrator can share a user
with an organization (or multiple organizations) via the WSO2 Identity Server
Console." with a direct address using "you", e.g. "You can share a user with an
organization or organizations via the WSO2 Identity Server Console." — remove
the parenthetical "or multiple" per the guideline and keep the rest of the
sentence intact.
- Around line 20-26: The six bullet descriptions repeat the phrase "Filters
users," making them verbose; update the bullets in the manage-users.md section
so each starts with the status term (e.g., "Locked:", "Disabled:") followed by a
concise, varied description without the redundant "Filters users" prefix — for
example "Locked: accounts that are locked," "Disabled: deactivated accounts,"
"Pending password reset: administratively initiated reset not yet completed,"
"Pending initial password setup: invited users who haven't set a password,"
"Pending email verification: primary email not yet verified," and "Pending
mobile verification: primary mobile not yet verified."
- Line 13: Replace the third-person sentence "Administrators can filter users
based on their account status from the {{ product_name }} Console." with a
second-person phrasing that addresses the reader (for example, "You can filter
users based on their account status from the {{ product_name }} Console.") and
update any similar occurrences of "Administrators can..." in manage-users.md to
use "You" for consistency with the coding guidelines.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 72539a58-d480-4da9-a45c-4557b24435a7

📥 Commits

Reviewing files that changed from the base of the PR and between 18c7640 and 8f84c2d.

⛔ Files ignored due to path filters (1)

• en/identity-server/next/docs/assets/img/guides/users/share-user-with-all-organizations.png is excluded by !**/*.png

📒 Files selected for processing (2)

• en/identity-server/next/docs/guides/users/manage-users.md
• en/includes/guides/organization-management/share-user-profiles.md

[coderabbitai]

🧹 Nitpick comments (3)

en/includes/guides/organization-management/share-user-profiles.md (1)

13-13: Polish the sentence for smoother flow

The new conditional option is correct, but the phrase “or using the” reads awkwardly. Consider “or by using the” (or reordering the clause) to keep the procedure text natural and concise.

As per coding guidelines, "Use plain language and short sentences" and "Use precise nouns and strong verbs."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/guides/organization-management/share-user-profiles.md` at line
13, The sentence reads awkwardly where the conditional clause inserts a choice;
update the wording to improve flow by replacing "or {% endif %} using the" with
"or {% endif %} by using the" (or alternatively reorder to "or by using the
[User Sharing API]..." so the clause reads: "An admin can share users of an
organization with other organizations lower in the hierarchy {% if is_version >
"7.2.0" %}[through the {{product_name}}
Console]({{base_path}}/guides/users/manage-users/#share-user-with-organizations)
or by using the [User Sharing
API]({{base_path}}/apis/organization-user-share-rest-api)." Ensure the template
variables ({{product_name}}, {{base_path}}) and the conditional {% if is_version
> "7.2.0" %} remain intact.

en/identity-server/next/docs/guides/users/manage-users.md (2)

78-78: Remove redundant "multiple" qualifier.

The phrase "(or multiple organizations)" is unnecessary because "organizations" (plural) already conveys that the user can be shared with one or more organizations. As per coding guidelines, use "multiple" only when it adds clarity about specific behavior, constraints, or guarantees.

Proposed simplification

-An administrator can share a user with an organization (or multiple organizations) via the WSO2 Identity Server Console.
+An administrator can share a user with organizations via the WSO2 Identity Server Console.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/guides/users/manage-users.md` at line 78,
Summary: The sentence in manage-users.md redundantly uses "(or multiple
organizations)"; remove the parenthetical so the plural "organizations" covers
one or more. Fix: edit the sentence "An administrator can share a user with an
organization (or multiple organizations) via the WSO2 Identity Server Console."
in the manage-users.md content and replace it with "An administrator can share a
user with an organization via the WSO2 Identity Server Console." but better: "An
administrator can share a user with organizations via the WSO2 Identity Server
Console." Ensure no other occurrences of the same redundant parenthetical remain
in the file.

---

82-98: Use consistent product name template and consider more active voice.

Product name consistency:
Line 82 uses "WSO2 Identity Server Console" while the file consistently uses {{ product_name }} Console elsewhere (lines 13, 17, 277, 302). Using the template variable improves maintainability.

Active voice:
Lines 92 and 96 use passive constructions ("user is shared", "should be assigned") that could be more direct and user-focused. As per coding guidelines, prefer active voice when the actor is known.

Proposed improvements

-1. On the WSO2 Identity Server Console, go to **User Management** > **Users**.
+1. On the {{ product_name }} Console, go to **User Management** > **Users**.

     - **Do not share user with any organization** - user will not be shared with any organizations.

-    - **Share user with all organizations** - user is shared with all current and future organizations. When the user is shared, administrators can also configure which roles should be assigned to the user in the shared organizations.
+    - **Share user with all organizations** - shares the user with all current and future organizations. You can also assign roles to the user in the shared organizations.

        ![Share user with all organizations]({{base_path}}/assets/img/guides/users/share-user-with-all-organizations.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}

-    - **Share user with selected organizations** - user is shared with a specific set of existing organizations, but they are not shared with the future organizations. Administrators can configure which roles should be assigned to the user in the shared organizations.
+    - **Share user with selected organizations** - shares the user with specific existing organizations only (not future organizations). You can assign roles to the user in the shared organizations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/guides/users/manage-users.md` around lines 82 -
98, Replace the hard-coded product name "WSO2 Identity Server Console" with the
template variable "{{ product_name }} Console" for consistency, and rewrite the
passive-voice lines in the "Shared Access" bullet descriptions to active voice
(update the three bullets: "Do not share user with any organization", "Share
user with all organizations", and "Share user with selected organizations") so
they read clearly (e.g., "Do not share the user with any organization", "Share
the user with all current and future organizations; administrators can also
configure which roles administrators assign to the user in shared
organizations", "Share the user with selected existing organizations;
administrators can configure which roles they assign in those organizations").
Ensure the "Shared Access" tab and option labels remain unchanged except for
product name and voice edits.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@en/identity-server/next/docs/guides/users/manage-users.md`:
- Line 78: Summary: The sentence in manage-users.md redundantly uses "(or
multiple organizations)"; remove the parenthetical so the plural "organizations"
covers one or more. Fix: edit the sentence "An administrator can share a user
with an organization (or multiple organizations) via the WSO2 Identity Server
Console." in the manage-users.md content and replace it with "An administrator
can share a user with an organization via the WSO2 Identity Server Console." but
better: "An administrator can share a user with organizations via the WSO2
Identity Server Console." Ensure no other occurrences of the same redundant
parenthetical remain in the file.
- Around line 82-98: Replace the hard-coded product name "WSO2 Identity Server
Console" with the template variable "{{ product_name }} Console" for
consistency, and rewrite the passive-voice lines in the "Shared Access" bullet
descriptions to active voice (update the three bullets: "Do not share user with
any organization", "Share user with all organizations", and "Share user with
selected organizations") so they read clearly (e.g., "Do not share the user with
any organization", "Share the user with all current and future organizations;
administrators can also configure which roles administrators assign to the user
in shared organizations", "Share the user with selected existing organizations;
administrators can configure which roles they assign in those organizations").
Ensure the "Shared Access" tab and option labels remain unchanged except for
product name and voice edits.

In `@en/includes/guides/organization-management/share-user-profiles.md`:
- Line 13: The sentence reads awkwardly where the conditional clause inserts a
choice; update the wording to improve flow by replacing "or {% endif %} using
the" with "or {% endif %} by using the" (or alternatively reorder to "or by
using the [User Sharing API]..." so the clause reads: "An admin can share users
of an organization with other organizations lower in the hierarchy {% if
is_version > "7.2.0" %}[through the {{product_name}}
Console]({{base_path}}/guides/users/manage-users/#share-user-with-organizations)
or by using the [User Sharing
API]({{base_path}}/apis/organization-user-share-rest-api)." Ensure the template
variables ({{product_name}}, {{base_path}}) and the conditional {% if is_version
> "7.2.0" %} remain intact.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7fadc510-b568-4264-bc4c-fb7790dda341

📥 Commits

Reviewing files that changed from the base of the PR and between a95bab7 and bb30e02.

📒 Files selected for processing (2)

• en/identity-server/next/docs/guides/users/manage-users.md
• en/includes/guides/organization-management/share-user-profiles.md