Share applications with organizations¶
Applications in the root organization can be shared with child organizations. Once an application is shared with an organization, organization users may log in to the applications.
You may share the following applications with organizations.
-
Registered applications - Any application that you register in WSO2 Identity Server.
-
My Account portal - The self-service portal available for users of the root organization.
Share a registered application¶
Follow the steps below to share a registered application with organizations.
-
Login to the root organization on the WSO2 Identity Server Console.
-
Go to Applications and select the application that you want to share with organizations.
-
Go to its Shared Access tab and do one of the following:
-
Select Share with all organizations for the application to be shared with all existing organizations and new organizations you may create in the future.
-
Select Share with only selected organizations and select the relevant organizations.
-
-
Click Update to save the configurations.
-
Go to the Protocol tab of the application and under Allowed grant types, ensure the following grant types are selected.
- Client Credential
- Code
- Organization Switch
Note
The
Organization Switch
grant will only be visible after you have shared the application with one or more organizations. -
Click Update to save the changes.
Tip
Once you have shared the application with an organization, check if the following settings are in place for the application.
-
For registered applications, ensure the SSO authenticator is added to the login flow of the application. This adds the Sign in with SSO option to the application login screen so that organization users can log in using their credentials. Check its availability in the Login Flow tab of the application.
-
Ensure the application is available in the organization. To check this, switch to the organization and verify that the application is listed in the Applications section.
-
While in the organization, select the shared application and ensure the username and password authenticator is enabled in the login flow. The organization users can then use the Sign In with SSO option to log in using their credentials.
Share the My Account Portal¶
The My Account portal is the self-service portal provided by WSO2 Identity Server for users of an organization. Through the portal, organization users have access to services such as updating user information, registering biometrics for authentication and more.
The My Account portal is, by default, shared with your organizations and users may access the My Account portal through the following link:
https://localhost:9443/t/carbon.super/o/{organization-id}/myaccount
Note
Learn more about the My Account portal
If you wish to restrict access to the My Account portal to some or all organizations,
-
Login to the root organization on the WSO2 Identity Server Console.
-
Go to Applications and on the top of the page, select the Settings icon corresponding to My Account.
-
Go to its Shared Access tab and do one of the following:
-
Select Do not share with any organization to restrict any existing organizations or future organizations you may create from accessing the My Account portal.
-
Select Share with only selected organizations and select the organizations that you wish to grant access to the My Account portal.
-
-
Click Update to save the changes.