Per Org Subdomain documentation

modules/ROOT/pages/embed-authentication.adoc

@@ -71,6 +71,11 @@ a| Do not use this method if you don’t want the SDK to redirect your entire ap
 * This authentication will fail if multifactor authentication (MFA) is enabled on your ThoughtSpot instance. Contact https://community.thoughtspot.com/customers/s/login/?ec=302&startURL=%2Fcustomers%2Fs%2Fcontactsupport[ThoughtSpot Support] for assistance.
 |=====
 
+[NOTE]
+====
+xref:orgs.adoc#per-org-subdomain[Per Org Subdomain] can be enabled to allow Orgs with different IdPs to be identified properly within the authentication flows triggered by the Visual Embed SDK.
+====
+
 == User accounts
 Many ThoughtSpot features are tied to individual user accounts with a valid email address. xref:just-in-time-provisioning.adoc[Just-In-Time Provisioning] and user management REST APIs make it easy to create and update user accounts as part of the SSO process.
 
@@ -218,7 +223,7 @@ The `init` method returns an event emitter, which you can use to listen to `Auth
 
 [source,TypeScript]
 ----
-authStatus = init(embedConfig); authStatus.on(AuthStatus.FAILURE, (reason) => {
+const authStatus = init(embedConfig); authStatus.on(AuthStatus.FAILURE, (reason) => {
 console.log('Authentication failed');
 });
 ----
@@ -267,7 +272,7 @@ import { logout } from "@thoughtspot/visual-embed-sdk";
 logout();
 ----
 
-The `logout` function returns a promise that resolves when the user is logged out of ThoughtSpot. When you call `logout`, the `autoLogin` attribute is set to `false` to prevent the SDK from automatically logging in the user again. If you do not want to disable `autoLogin`, set the `doNotDisableAutoLogin` parameter to `false`.
+The `logout` function returns a promise that resolves when the user is logged out of ThoughtSpot. When you call `logout`, the `autoLogin` attribute is set to `false` to prevent the SDK from automatically logging in the user again. If you do not want to disable `autoLogin`, set the `doNotDisableAutoLogin` parameter to `true`.
 
 You can also call `init` again with the `autoLogin` property set to `true` to re-login a user.
 

modules/ROOT/pages/orgs.adoc

@@ -4,7 +4,7 @@
 
 :page-title: Multi-tenancy and orgs
 :page-pageid: orgs
-:page-description: You can now configure your ThoughtSpot instance as a mult-tenant cluster with separate Org containers for your tenants.
+:page-description: You can now configure your ThoughtSpot instance as a multi-tenant cluster with separate Org containers for your tenants.
 
 If your deployment requires logical separation of departments within your organization, or if it involves supporting many distinct organizations from a single application instance, use the *Orgs* feature.
 
@@ -108,7 +108,7 @@ If a cluster administrator wants to perform a Create, Read, Update, or Delete (C
 If the per Org URL feature is enabled on your ThoughtSpot instance, you can access shared objects such as Liveboards and Answers from multiple Orgs in different browser tabs.
 For example, you can access a Liveboard from Org1 in one tab and open a shared object from Org2 in another browser tab.
 
-To enable this feature on your instance, contact link:https://community.thoughtspot.com/customers/s/contactsupport[ThoughSpot Support, window=_blank]. When this feature is enabled, the Org ID will be shown in the ThoughtSpot object URL as a query parameter, as shown in the following example:
+To enable this feature on your instance, contact link:https://community.thoughtspot.com/customers/s/contactsupport[ThoughtSpot Support, window=_blank]. When this feature is enabled, the Org ID will be shown in the ThoughtSpot object URL as a query parameter, as shown in the following example:
 
 `\https://{ThoughtSpot-Host}/orgId=0/pinboard/22946f4b-b4ce-4643-be50-66afcd5177`
 
@@ -134,7 +134,7 @@ A user belonging to multiple Orgs can share ThoughtSpot objects such as Liveboar
 Starting with ThoughtSpot Cloud 10.5.0.cl release, developers embedding ThoughtSpot in their application will be able to edit their custom link settings for their application users to allow seamless access to content from another different Org. For example, a user has
 access to Org1, Org2 and Org3. While the user is logged in to Org1, they can access a Liveboard shared by another user in Org3 without using the Org switcher.
 
-This feature is turned off by default. To enable this feature on your instance, contact link:https://community.thoughtspot.com/customers/s/contactsupport[ThoughSpot Support, window=_blank]. When this feature is enabled, the Org ID will be passed as an additional query parameter in the `{ts-query-param}` in the URL.
+This feature is turned off by default. To enable this feature on your instance, contact link:https://community.thoughtspot.com/customers/s/contactsupport[ThoughtSpot Support, window=_blank]. When this feature is enabled, the Org ID will be passed as an additional query parameter in the `{ts-query-param}` in the URL.
 For example, if you have set the custom link as:
 
 `\https://www.mysite.com/liveboard/{object-id}?{ts-query-params}`
@@ -154,6 +154,28 @@ The Org ID will be passed in the URL depending on the placement of `{ts-query-pa
 * The `overrideOrgId` parameter may not work properly with trusted authentication (`AuthType.TrustedAuthToken`) or cookieless authentication (`AuthType.TrustedAuthTokenCookieless`), if `tokenAuthPerOrg` is already enabled on your ThoughtSpot instance.
 ====
 
+==== Per Org Subdomain
+
+[earlyAccess eaBackground]#Early Access#
+
+"Per Org Subdomain" can be requested to be enabled via a support ticket. Once this feature is turned on, every Org that exists at the time will have a subdomain generated on the pattern: 
+
+  <org name>.<cluster name>.thoughtspot.cloud 
+
+[NOTE]
+====
+New Orgs generated after the initial request currently require a new request to have the subdomain generated.
+====
+
+Per Org Subdomain is used for identifying a specific Org to a login process for users who belong to multiple Orgs on the same instance, bypassing the Org selection UI. In particular, OIDC flows for MCP Server or instances with multiple IdPs per Org can benefit from using Per Org Subdomain.
+
+Auto-redirect to SSO IdP is a separate cluster level config that must be requested via ticket to ThoughtSpot support.
+
+[NOTE]
+====
+Prior to requesting Per Org Subdomain, all org names need to be DNS-friendly; otherwise, ThoughtSpot will return errors. You should review your Org names prior to the request and make sure they don't have spaces or other strange characters. The subdomains are case-sensitive and will match the Org names' case at the time of the request.
+====
+
 == Feature availability on a multi-tenant instance
 
 On an Orgs-enabled cluster, certain UI and API operations are allowed only at the cluster level. The following table lists the features and configuration operations allowed at the cluster or individual Org level.
@@ -234,10 +256,10 @@ a|[tag greenBackground tick]#✓#
 == Authentication considerations for embedded apps
 
 ////
-The Visual Embed SDK supports leveraging your IdP or OpenID provider setup to authenticate the embedded app users. To determine the authentication method that best suits your deployment, refer to the recommendations listed on the xref:embed-authentication.adoc[Authentication].
+The Visual Embed SDK supports leveraging your IdP or OpenID provider setup to authenticate the embedded app users. To determine the authentication method that best suits your deployment, refer to the recommendations listed on the xref:embed-authentication.adoc[Embed authentication].
 ////
 
-On a multi-tenant cluster with Orgs, ThoughtSpot supports local, SAML, and trusted authentication methods. If you are using Visual Embed SDK to embed ThoughtSpot in your app, use `AuthType.Basic` for local authentication, `AuthType.TrustedAuthToken` for trusted authentication, and `AuthType.EmbeddedSSO` or `AuthType.SAMLRedirect` for SAML SSO authentication. For more information, see xref:embed-authentication.adoc[Authentication].
+On a multi-tenant cluster with Orgs, ThoughtSpot supports local, SAML, and trusted authentication methods. If you are using Visual Embed SDK to embed ThoughtSpot in your app, use `AuthType.Basic` for local authentication, `AuthType.TrustedAuthToken` for trusted authentication, and `AuthType.EmbeddedSSO` or `AuthType.SAMLRedirect` for SAML SSO authentication. For more information, see xref:embed-authentication.adoc[Embed authentication].
 
 === Trusted authentication