thoughtspot · bryanthowell-ts · Jan 26, 2026 · Jan 26, 2026 · Jan 26, 2026
diff --git a/modules/ROOT/pages/embed-authentication.adoc b/modules/ROOT/pages/embed-authentication.adoc
@@ -71,6 +71,11 @@ a| Do not use this method if you don’t want the SDK to redirect your entire ap
 * This authentication will fail if multifactor authentication (MFA) is enabled on your ThoughtSpot instance. Contact https://community.thoughtspot.com/customers/s/login/?ec=302&startURL=%2Fcustomers%2Fs%2Fcontactsupport[ThoughtSpot Support] for assistance.
 |=====
 
+[NOTE]
+====
+xref:orgs.adoc#per-org-subdomain[Per Org Subdomain] can be enabled to allow Orgs with different IdPs to be identified properly within the authentication flows triggered by the Visual Embed SDK.
+====
+
 == User accounts
 Many ThoughtSpot features are tied to individual user accounts with a valid email address. xref:just-in-time-provisioning.adoc[Just-In-Time Provisioning] and user management REST APIs make it easy to create and update user accounts as part of the SSO process.
 

diff --git a/modules/ROOT/pages/mcp-integration.adoc b/modules/ROOT/pages/mcp-integration.adoc
@@ -72,6 +72,10 @@ To secure communication between the MCP client and the ThoughtSpot instance, adm
 * Client connection configuration: +
 MCP Server integration also requires configuration on the client side, typically via a config file, to include the MCP Server addresses, credentials, and other details.
 
+[NOTE]
+====
+xref:orgs.adoc#per-org-subdomain[Per Org Subdomain] can be enabled to allow Orgs with different IdPs to be identified properly within the authentication flows. Once enabled, use the appropriate URL with the Org subdomain within the MCP Server configuration to ensure all interactions happen within the context of the desired ThoughtSpot Org.
+====
 
 === How it works
 

diff --git a/modules/ROOT/pages/orgs.adoc b/modules/ROOT/pages/orgs.adoc
@@ -154,6 +154,23 @@ The Org ID will be passed in the URL depending on the placement of `{ts-query-pa
 * The `overrideOrgId` parameter may not work properly with trusted authentication (`AuthType.TrustedAuthToken`) or cookieless authentication (`AuthType.TrustedAuthTokenCookieless`), if `tokenAuthPerOrg` is already enabled on your ThoughtSpot instance.
 ====
 
+==== Per Org Subdomain
+
+[earlyAccess eaBackground]#Early Access#
+
+"Per Org Subdomain" can be requested to be enabled via a support ticket. Once this feature is turned on, every Org will automatically have a subdomain generated on the pattern: 
+
+  <org name>.<cluster name>.thoughtspot.cloud 
+
+Per Org Subdomain is used for identifying a specific Org to a login process for users who belongs to multiple Orgs on the same instance, bypassing the Org selection UI. In particular, OIDC flows for MCP Server or instances with multiple IdPs per Org can be benefit from using Per Org Subdomain.
+
+Going to the the specific subdomain for an Org will trigger a redirect to the Org's configured IdP auto-redirect to IdP is configured for the cluster. Auto-redirect to SSO IdP is a separate cluster level config that must be requested via ticket to ThoughtSpot support.
+
+[NOTE]
+====
+When using Per Org Subdomain, all org names need to be DNS friendly; otherwise, ThoughtSpot will throw errors. You should review your Org names prior to the request and make sure they don't have spaces or other strange characters.
+====
+
 == Feature availability on a multi-tenant instance
 
 On an Orgs-enabled cluster, certain UI and API operations are allowed only at the cluster level. The following table lists the features and configuration operations allowed at the cluster or individual Org level.