Add docs on shared user sso

[Yasasr1]

Purpose

$subject

Related issue

• Allow shared user direct logins to child organizations product-is#27371

[coderabbitai]

📝 Walkthrough

Walkthrough

A new subsection, "Single sign-on across organizations," is added to the shared-user direct login guide. It describes cross-organization SSO behavior for shared users and lists two configuration prerequisites: enabling enhanced organization login and placing the Shared User Identifier authenticator as the first step in each sub-organization's login flow.

Changes

Shared User Direct Login Documentation

Layer / File(s)	Summary
Cross-org SSO behavior and prerequisites en/includes/guides/organization-management/shared-user-direct-login.md	Adds a subsection describing how shared users skip re-authentication when an active session was created with the exact authenticator required by the target organization, and notes that enhanced organization login must be enabled and Shared User Identifier must be the first login flow step in each sub-organization.

Suggested labels

Team/B2B, Team/Authentication & registration

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is largely incomplete, missing most required template sections including test environment and security checks. Only Purpose section is partially filled with a placeholder and screenshot.	Complete the description by filling in Test environment and Security checks sections as required by the template. Replace the '$subject' placeholder with a proper description.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding documentation on shared user SSO functionality, which aligns with the file modifications and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

en/includes/guides/organization-management/shared-user-direct-login.md (2)

31-31: ⚡ Quick win

Clarify the phrasing "wishes to single sign-on into."

The phrase "wishes to single sign-on into" is awkward; "into" is redundant after the phrasal verb "single sign-on." Consider using "wishes to access using single sign-on" or "wishes to single sign-on to" for better clarity.

✏️ Proposed alternatives

-Each sub-organization the user wishes to single sign-on into must have the **Shared User Identifier** authenticator added as the first step of the login flow, as described in [Add the shared user identifier to the login flow](`#add-the-shared-user-identifier-to-the-login-flow`).
+Each sub-organization the user wishes to access using single sign-on must have the **Shared User Identifier** authenticator added as the first step of the login flow, as described in [Add the shared user identifier to the login flow](`#add-the-shared-user-identifier-to-the-login-flow`).

Or alternatively:

-Each sub-organization the user wishes to single sign-on into must have the **Shared User Identifier** authenticator added as the first step of the login flow, as described in [Add the shared user identifier to the login flow](`#add-the-shared-user-identifier-to-the-login-flow`).
+Each sub-organization the user wishes to single sign-on to must have the **Shared User Identifier** authenticator added as the first step of the login flow, as described in [Add the shared user identifier to the login flow](`#add-the-shared-user-identifier-to-the-login-flow`).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@en/includes/guides/organization-management/shared-user-direct-login.md` at
line 31, The phrase "wishes to single sign-on into" contains redundant wording
since "into" is unnecessary after the phrasal verb "single sign-on." Replace
this phrase with either "wishes to access using single sign-on" or "wishes to
single sign-on to" to improve clarity and remove the grammatical awkwardness.
Choose whichever alternative reads more naturally in the context of the full
sentence about sub-organization configuration requirements.

Source: Coding guidelines

---

23-23: ⚡ Quick win

Use formal "log in to" phrasing to align with repository terminology conventions.

Line 23 uses "logs into" which is conversational. Per the established repository convention, use "log in" as the verb in formal documentation. The phrasing should be "Once a user logs in to an organization, they can seamlessly access other shared organizations..."

✏️ Proposed fix

-Once a user logs into an organization, they can seamlessly access other shared organizations without re-authenticating. {{ product_name }} achieves this by reusing the active session and extending Single Sign-On (SSO) across all organizations the user is shared to.
+Once a user logs in to an organization, they can seamlessly access other shared organizations without re-authenticating. {{ product_name }} achieves this by reusing the active session and extending Single Sign-On (SSO) across all organizations the user is shared to.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@en/includes/guides/organization-management/shared-user-direct-login.md` at
line 23, On line 23 of the shared-user-direct-login.md file, change the phrase
"Once a user logs into an organization" to "Once a user logs in to an
organization" to align with the repository's formal documentation terminology
conventions, replacing the conversational "logs into" with the formal "logs in
to" phrasing.

Source: Learnings

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@en/includes/guides/organization-management/shared-user-direct-login.md`:
- Line 31: The phrase "wishes to single sign-on into" contains redundant wording
since "into" is unnecessary after the phrasal verb "single sign-on." Replace
this phrase with either "wishes to access using single sign-on" or "wishes to
single sign-on to" to improve clarity and remove the grammatical awkwardness.
Choose whichever alternative reads more naturally in the context of the full
sentence about sub-organization configuration requirements.
- Line 23: On line 23 of the shared-user-direct-login.md file, change the phrase
"Once a user logs into an organization" to "Once a user logs in to an
organization" to align with the repository's formal documentation terminology
conventions, replacing the conversational "logs into" with the formal "logs in
to" phrasing.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 87b73062-7165-4707-a5a4-4ae76d880bd3

📥 Commits

Reviewing files that changed from the base of the PR and between 88ec91c and 6d6624f.

📒 Files selected for processing (1)

• en/includes/guides/organization-management/shared-user-direct-login.md