ENGDOCS-1771 (#18613)

* ENGDOCS-1771

* fix build

* fix build

* fix build

* fix build

* fix build

* fix build

* fix build

* fix build

* fix build

* fix links

* links

* add cards

* final link fix

* review edits

content/admin/company/_index.md

@@ -19,12 +19,12 @@ grid:
 - title: Configure Single Sign-On
   description: Discover how to configure SSO for your entire company.
   icon: key
-  link: /admin/company/settings/sso/
+  link: /security/for-admins/single-sign-on/
 - title: Set up SCIM
   description: Set up SCIM to automatically provision and deprovision users in your
     company.
   icon: checklist
-  link: /admin/company/settings/scim/
+  link: /security/for-admins/scim/
 - title: Domain management
   description: Add and verify your domains.
   icon: domain_verification

content/admin/company/owners.md

@@ -6,7 +6,7 @@ title: Manage company owners
 
 {{< include "admin-early-access.md" >}}
 
-As a company owner, you can configure [Single Sign-on (SSO)](./settings/sso.md) and [System for Cross-domain Identity Management (SCIM)](./settings/scim.md) for all organizations under the company.
+As a company owner, you can configure [Single Sign-on (SSO)](../../security/for-admins/single-sign-on/_index.md) and [System for Cross-domain Identity Management (SCIM)](../../security/for-admins/scim.md) for all organizations under the company.
 
 ## Add a company owner
 

content/admin/company/settings/group-mapping.md

@@ -1,9 +0,0 @@
----
-description: Group mapping in Docker Admin
-keywords: Group Mapping, SCIM, Docker Admin
-title: Group Mapping
----
-
-{{< include "admin-early-access.md" >}}
-
-{{% admin-group-mapping product="admin" layer="company" %}}

content/admin/company/settings/scim.md

@@ -1,11 +0,0 @@
----
-description: System for Cross-domain Identity Management
-keywords: SCIM, SSO
-title: SCIM
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to manage SCIM for your company. To manage SCIM for an organization, see [SCIM for an organization](/admin/organization/security-settings/scim/).
-
-{{% admin-scim product="admin" layer="company" %}}

content/admin/company/settings/sso-configuration.md

@@ -1,15 +0,0 @@
----
-description: SSO configuration
-keywords: configure, sso, docker admin
-title: Configure Single Sign-On for a company
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to configure SSO for your company. To configure SSO for an organization, see [Configure SSO for an organization](/admin/organization/security-settings/sso-configuration/).
-
-## Step one: Add and verify your domain
-
-{{% admin-domains product="admin" layer="company" %}}
-
-{{% admin-sso-config product="admin" layer="company" %}}

content/admin/company/settings/sso-management.md

@@ -1,15 +0,0 @@
----
-description: Manage SSO
-keywords: manage, single sign-on, SSO, sign-on
-title: Manage Single Sign-On for a company
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to manage SSO for your company. To manage SSO for an organization, see [Manage SSO for an organization](/admin/organization/security-settings/sso-management/).
-
-## Manage organizations
-
-{{% admin-sso-management-orgs product="admin" %}}
-
-{{% admin-sso-management product="admin" layer="company" %}}

content/admin/company/settings/sso.md

@@ -1,9 +0,0 @@
----
-description: Overview of Single Sign-On for companies.
-keywords: Single Sign-On, SSO, sign-on
-title: Single Sign-On overview for companies
----
-
-{{< include "admin-early-access.md" >}}
-
-{{% admin-sso product="admin" layer="company" %}}

content/admin/organization/_index.md

@@ -24,8 +24,8 @@ grid:
   icon: settings_suggest
   link: /admin/organization/general-settings/
 - title: SSO & SCIM
-  description: 'Set up [Single Sign-On](/admin/organization/security-settings/sso/)
-    and [SCIM](/admin/organization/security-settings/scim/) for your organization.
+  description: 'Set up [Single Sign-On](/security/for-admins/single-sign-on/)
+    and [SCIM](/security/for-admins/scim/) for your organization.
 
     '
   icon: key

content/admin/organization/security-settings/group-mapping.md

@@ -1,9 +0,0 @@
----
-description: Group mapping in Docker Admin
-keywords: Group Mapping, SCIM, Docker Admin
-title: Group Mapping
----
-
-{{< include "admin-early-access.md" >}}
-
-{{% admin-group-mapping product="admin" layer="organization" %}}

content/admin/organization/security-settings/scim.md

@@ -1,11 +0,0 @@
----
-description: System for Cross-domain Identity Management
-keywords: SCIM, SSO
-title: SCIM
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to manage SCIM for your organization. To manage SCIM for a company, see [SCIM for a company](/admin/company/settings/scim/).
-
-{{% admin-scim product="admin" layer="organization" %}}

content/admin/organization/security-settings/sso-configuration.md

@@ -1,16 +0,0 @@
----
-description: SSO configuration
-keywords: configure, sso, docker admin
-title: Configure Single Sign-On for an organization
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to configure SSO for your organization. To configure SSO for a company, see [Configure SSO for a company](/admin/company/settings/sso-configuration/).
-
-## Step one: Add and verify your domain
-
-{{% admin-domains product="admin" layer="organization" %}}
-
-
-{{% admin-sso-config product="admin" layer="organization" %}}

content/admin/organization/security-settings/sso-faq.md

@@ -1,10 +0,0 @@
----
-description: Single Sign-on FAQs
-keywords: Docker, Docker Admin, SSO FAQs, single sign-on
-title: Single Sign-On FAQs
-toc_max: 2
----
-
-{{< include "admin-early-access.md" >}}
-
-{{< include "admin-sso-faq.md" >}}

content/admin/organization/security-settings/sso-management.md

@@ -1,12 +0,0 @@
----
-description: Manage SSO
-keywords: manage, single sign-on, SSO, sign-on
-title: Manage Single Sign-On for an organization
----
-
-{{< include "admin-early-access.md" >}}
-
-Follow the steps on this page to manage SSO for an organization. To manage SSO for a company, see [Manage SSO for a company](/admin/company/settings/sso-management/).
-
-
-{{% admin-sso-management product="admin" layer="organization" %}}

content/admin/organization/security-settings/sso.md

@@ -1,9 +0,0 @@
----
-description: Single Sign-On overview for organizations
-keywords: Single Sign-On, SSO, sign-on
-title: Single Sign-On overview for organizations
----
-
-{{< include "admin-early-access.md" >}}
-
-{{% admin-sso product="admin" layer="organization" %}}

content/desktop/release-notes.md

@@ -1642,7 +1642,7 @@ Installing Docker Desktop 4.5.0 from scratch has a bug which defaults Docker Des
 ### New
 
 - Easy, Secure sign in with Auth0 and Single Sign-on
-  - Single Sign-on: Users with a Docker Business subscription can now configure SSO to authenticate using their identity providers (IdPs) to access Docker. For more information, see [Single Sign-on](../single-sign-on/index.md).
+  - Single Sign-on: Users with a Docker Business subscription can now configure SSO to authenticate using their identity providers (IdPs) to access Docker. For more information, see [Single Sign-on](../security/for-admins/single-sign-on/index.md).
   - Signing in to Docker Desktop now takes you through the browser so that you get all the benefits of auto-filling from password managers.
 
 ### Upgrades

content/docker-hub/_index.md

@@ -43,7 +43,7 @@ GitHub and Bitbucket and push them to Docker Hub.
 * [Create and manage teams and organizations](orgs.md)
 * [Create a company](creating-companies.md)
 * [Enforce sign in](configure-sign-in.md)
-* Set up [SSO](../single-sign-on/index.md) and [SCIM](scim.md)
+* Set up [SSO](../security/for-admins/single-sign-on/index.md) and [SCIM](../security/for-admins/scim.md)
 * Use [Group mapping](group-mapping.md)
 * [Carry out domain audits](domain-audit.md)
 * [Use Image Access Management](image-access-management.md) to control developers' access to certain types of images

content/docker-hub/admin-overview.md

@@ -13,7 +13,7 @@ grid:
   description: Learn how to onboard users to your organization.
 - title: Enable Single Sign-On
   description: Understand and use Single Sign-On.
-  link: /single-sign-on/
+  link: /security/for-admins/single-sign-on/
   icon: key
 ---
 

content/docker-hub/api/latest.yaml

@@ -108,7 +108,7 @@ tags:
     x-displayName: SCIM
     description: |
       SCIM is a provisioning system that lets you manage users within your identity provider (IdP).
-      For more information, see [System for Cross-domain Identity management](https://docs.docker.com/docker-hub/scim/).
+      For more information, see [System for Cross-domain Identity management](https://docs.docker.com/security/for-admins/scim/).
 x-tagGroups:
   - name: General
     tags:

content/docker-hub/company-faqs.md

@@ -47,7 +47,7 @@ Contact your designated CSM team member or Docker Support with a list of the Doc
 
 ### How does a company owner manage SSO/SCIM settings from my new parent company?
 
-See your [SCIM](scim.md) and [SSO](../single-sign-on/configure/index.md) settings.
+See your [SCIM](scim.md) and [SSO](../security/for-admins/single-sign-on/configure/index.md) settings.
 
 ### How does a company owner enable group mapping in my IdP?
 

content/docker-hub/company-owner.md

@@ -4,7 +4,7 @@ keywords: company, owners
 title: Manage company owners
 ---
 
-As a company owner, you can configure [Single Sign-on (SSO)](../single-sign-on/configure/index.md) and [System for Cross-domain Identity Management (SCIM)](../docker-hub/scim.md) for all organizations under the company. This is only visible if your organization has a Docker Business subscription. If you want to upgrade your subscription to include the organization under the company, see [upgrade your subscription](../subscription/upgrade.md).
+As a company owner, you can configure [Single Sign-on (SSO)](../security/for-admins/single-sign-on/configure/index.md) and [System for Cross-domain Identity Management (SCIM)](../security/for-admins/scim.md) for all organizations under the company. This is only visible if your organization has a Docker Business subscription. If you want to upgrade your subscription to include the organization under the company, see [upgrade your subscription](../subscription/upgrade.md).
 
 ## Add a company owner
 

content/docker-hub/general-faqs.md

@@ -11,7 +11,7 @@ redirect:
 A Docker ID is a username for your Docker account that lets you access Docker products. All you need is an email address to create a Docker ID, or you can sign up with your Google or GitHub account. Your Docker ID must be between 4 and 30 characters long, and can only contain
 numbers and lowercase letters. You cannot use any special characters or spaces.
 
-For more information, see [Docker ID](../docker-id/index.md). If your admin enforces [Single sign-on (SSO)](../single-sign-on/index.md), a Docker ID is provisioned for new users.
+For more information, see [Docker ID](../docker-id/index.md). If your admin enforces [Single sign-on (SSO)](../security/for-admins/single-sign-on/index.md), a Docker ID is provisioned for new users.
 
 Developers may have multiple Docker IDs in order to separate their Docker IDs that are associated with an organization in Docker Business or Team, and their personal use Docker IDs.
 
@@ -65,7 +65,7 @@ The organization owner can also add additional owners to help them manage users,
 ### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org?
 
 Docker SSO allows only one IdP configuration per organization. For more
-information, see [Configure SSO](../single-sign-on/index.md) and [SSO FAQs](../single-sign-on/faqs.md).
+information, see [Configure SSO](../security/for-admins/single-sign-on/configure/_index.md) and [SSO FAQs](../faq/security/single-sign-on/faqs.md).
 
 ### What is a service account?
 

content/docker-hub/group-mapping.md

@@ -1,7 +0,0 @@
----
-description: Group mapping in Docker Hub
-keywords: Group Mapping, SCIM, Docker Hub
-title: Group Mapping
----
-
-{{% admin-group-mapping product="hub" %}}

content/docker-hub/manage-a-team.md

@@ -26,7 +26,7 @@ An organization owner is an administrator who is responsible to manage
 repositories and add team members to the organization. They have full access to
 private repositories, all teams, billing information, and org settings. An org
 owner can also specify [permissions](#permissions-reference) for each team in
-the organization. Only an org owner can enable [SSO](../single-sign-on/index.md)
+the organization. Only an org owner can enable [SSO](../security/for-admins/single-sign-on/index.md)
 for
 the organization. When SSO is enabled for your organization, the org owner can
 also manage users. Docker can auto-provision Docker IDs for new end-users or
@@ -53,7 +53,7 @@ To give a team access to a repository
 
     ![Team Repo Permissions](images/team-repo-permission.png)
 
-Organization owners can also assign members the editor role to grant partial administrative access. See [Roles and permissions](/docker-hub/roles-and-permissions/) for more about the editor role.
+Organization owners can also assign members the editor role to grant partial administrative access. See [Roles and permissions](/security/for-admins/roles-and-permissions/) for more about the editor role.
 
 ### Permissions reference
 

content/docker-hub/organization-faqs.md

@@ -21,7 +21,7 @@ select the owner role from the drop-down menu. See [Organization owner](manage-a
 
 ### How do I know how many active users are part of my organization?
 
-If your organization uses a Software Asset Management tool, you can use it to find out how many users have Docker Desktop installed. If your organization doesn't use this software, you can run an internal survey to find out who is using Docker Desktop. See [Identify your Docker users and their Docker accounts](../docker-hub/onboard.md#step-1-identify-your-docker-users-and-their-docker-accounts). With a Docker Business subscription, you can manage members in your identity provider and automatically provision them to your Docker organization with [SSO](../single-sign-on/_index.md) or [SCIM](../docker-hub/scim.md).
+If your organization uses a Software Asset Management tool, you can use it to find out how many users have Docker Desktop installed. If your organization doesn't use this software, you can run an internal survey to find out who is using Docker Desktop. See [Identify your Docker users and their Docker accounts](../docker-hub/onboard.md#step-1-identify-your-docker-users-and-their-docker-accounts). With a Docker Business subscription, you can manage members in your identity provider and automatically provision them to your Docker organization with [SSO](../security/for-admins/single-sign-on/_index.md) or [SCIM](../security/for-admins/scim.md).
 
 ### Do users first need to authenticate with Docker before an owner can add them to an organization?
 

content/docker-hub/scim.md

@@ -1,9 +0,0 @@
----
-description: System for Cross-domain Identity Management
-keywords: SCIM, SSO
-title: SCIM
-direct_from:
-- /docker-hub/company-scim/
----
-
-{{% admin-scim %}}

content/faq/security/single-sign-on/domain-faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Domains
+aliases:
+- /single-sign-on/domain-faqs/
 ---
 
 ### Can I add sub-domains?

content/faq/security/single-sign-on/enforcement-faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Enforcement
+aliases:
+- /single-sign-on/enforcement-faqs/
 ---
 
 ### We currently have a Docker Team subscription. How do we enable SSO?
@@ -18,7 +20,7 @@ Yes. You must verify a domain before using it with an SSO connection.
 
 ### Does Docker SSO support authenticating through the command line?
 
-Yes. When SSO is enforced, you can access the Docker CLI through Personal Access Tokens (PATs).  Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](../security/for-developers/access-tokens.md).
+Yes. When SSO is enforced, you can access the Docker CLI through Personal Access Tokens (PATs).  Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](../../../security/for-developers/access-tokens.md).
 
 ### How does SSO affect our automation systems and CI/CD pipelines?
 
@@ -60,5 +62,5 @@ No. They are different features that you can use separately or together.
 Enforcing SSO ensures that users sign in using their SSO credentials instead of their Docker ID. One of the benefits is that SSO enables you to better manage user credentials.
 
 Enforcing sign-in to Docker Desktop ensures that users always sign in to an
-account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../security/for-admins/configure-sign-in.md).
+account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/configure-sign-in.md).
 

content/faq/security/single-sign-on/faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: General
+aliases:
+- /single-sign-on/faqs/
 ---
 
 ### Is Docker SSO available for all paid subscriptions?
@@ -18,7 +20,7 @@ Docker supports Service Provider Initiated (SP-initiated) SSO flow. This means u
 
 ### Where can I find detailed instructions on how to configure Docker SSO?
 
-You first need to establish an SSO connection with your identity provider, and the company email domain needs to be verified prior to establishing an SSO connection for your users. For detailed step-by-step instructions on how to configure Docker SSO, see [Single Sign-on](index.md).
+You first need to establish an SSO connection with your identity provider, and the company email domain needs to be verified prior to establishing an SSO connection for your users. For detailed step-by-step instructions on how to configure Docker SSO, see [Single Sign-on](../../../security/for-admins/single-sign-on/configure/_index.md).
 
 ### Does Docker SSO support multi-factor authentication (MFA)?
 

content/faq/security/single-sign-on/idp-faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Identity providers
+aliases:
+- /single-sign-on/idp-faqs/
 ---
 
 ### Is it possible to use more than one IdP with Docker SSO?

content/faq/security/single-sign-on/saml-faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: SAML
+aliases:
+- /single-sign-on/saml-faqs/
 ---
 
 ### Does SAML authentication require additional attributes?

content/faq/security/single-sign-on/users-faqs.md

@@ -2,6 +2,8 @@
 description: Single Sign-on FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Manage users
+aliases: 
+- /single-sign-on/users-faqs/
 ---
 
 ### How do I manage users when using SSO?
@@ -32,7 +34,7 @@ If users attempt to sign in through the CLI, they must authenticate using a pers
 
 ### Is it possible to force users of Docker Desktop to authenticate, and/or authenticate using their company’s domain?
 
-Yes. Admins can force users to authenticate with Docker Desktop by provisioning a [`registry.json`](../security/for-admins/configure-sign-in.md) configuration file. The `registry.json` file will force users to authenticate as a user that's configured in the `allowedOrgs` list in the `registry.json` file.
+Yes. Admins can force users to authenticate with Docker Desktop by provisioning a [`registry.json`](../../../security/for-admins/configure-sign-in.md) configuration file. The `registry.json` file will force users to authenticate as a user that's configured in the `allowedOrgs` list in the `registry.json` file.
 
 Once SSO enforcement is set up on their Docker Business organization or company on Hub, when the user is forced to authenticate with Docker Desktop, the SSO enforcement will also force users to authenticate through SSO with their IdP (instead of authenticating using their username and password).
 
@@ -55,7 +57,7 @@ When SSO is enabled and enforced, your users just have to sign in using the emai
 
 ### Is Docker SSO fully synced with the IdP?
 
-Docker SSO provides Just-In-Time (JIT) provisioning by default. This provisioning only happens when a user signs in. If a user leaves the organization, administrators must sign in to Docker Hub and manually [remove the user](/docker-hub/members/#remove-a-member-or-invitee) from the organization. [SCIM](/docker-hub/scim/) is available to provide full synchronization with users and groups.
+Docker SSO provides Just-In-Time (JIT) provisioning by default. This provisioning only happens when a user signs in. If a user leaves the organization, administrators must sign in to Docker Hub and manually [remove the user](/docker-hub/members/#remove-a-member-or-invitee) from the organization. [SCIM](../../../security/for-admins/scim.md) is available to provide full synchronization with users and groups.
 
 Additionally, you can use the [Docker Hub API](/docker-hub/api/latest/) to complete this process.
 

content/security/_index.md

@@ -31,6 +31,18 @@ grid_admins:
   description: Explore how Docker Scout can help you create a more secure software supply chain.
   icon: query_stats
   link: /scout/
+- title: SSO
+  description: Learn how to configure SSO for your company or organization.
+  icon: key
+  link: /security/for-admins/single-sign-on/
+- title: SCIM
+  description: Set up SCIM to automatically provision and deprovision users.
+  icon: checklist
+  link: /security/for-admins/scim/
+- title: Roles and permissions
+  description: Assign roles to individuals giving them different permissions within an organization. 
+  icon: badge
+  link: /security/for-admins/roles-and-permissions/
 grid_developers: 
 - title: Set up two-factor authentication
   description: Add an extra layer of authentication to your Docker account.
@@ -61,6 +73,10 @@ grid_resources:
   description: Understand the steps you can take to improve the security of your container.
   icon: category
   link: /develop/security-best-practices/
+- title: Docker Scout
+  description: Explore how Docker Scout can help you create a more secure software supply chain.
+  icon: query_stats
+  link: /scout/
 ---
 
 Docker provides security guardrails for both administrators and developers. 

content/security/for-admins/configure-sign-in.md

@@ -37,7 +37,7 @@ following occurs:
 > Enforcing sign-in to Docker Desktop isn't the same as enforcing SSO. To ensure
 > that your users always sign in using their SSO credentials, you must also
 > enforce SSO. For more details, see [Single Sign-On
-> overview](../../single-sign-on/_index.md).
+> overview](single-sign-on/_index.md).
 
 
 ## Create a registry.json file to enforce sign-in

content/security/for-admins/group-mapping.md

@@ -1,20 +1,18 @@
-{{ $scim_link := "[Enable SCIM](/docker-hub/scim/)" }}
-{{ $mapping_link := "[user-level attributes](docker-hub/scim.md#set-up-role-mapping)"}}
-
-{{ if eq (.Get "product") "admin" }}
-{{ $scim_link = "[Enable SCIM](/admin/organization/security-settings/scim/)" }}
-{{ $mapping_link = "[user-level attributes](admin/organization/security-settings/scim.md#set-up-role-mapping)"}}
-{{ if eq (.Get "layer") "company" }}
-{{ $scim_link = "[Enable SCIM](/admin/company/settings/scim/)" }}
-{{ $mapping_link = "[user-level attributes](admin/company/settings/scim.md#set-up-role-mapping)"}}
-{{ end }}
-{{ end }}
+---
+description: Group mapping for administrators
+keywords: Group Mapping, SCIM, Docker Hub, Docker Admin, admin, security
+title: Group Mapping
+aliases:
+- /admin/company/settings/group-mapping/
+- /admin/organization/security-settings/group-mapping/
+- /docker-hub/group-mapping/
+---
 
 With directory group-to-team provisioning from your IdP, user updates will automatically sync with your Docker organizations and teams.
 
 > **Tip**
 >
-> Group mapping is ideal for adding a user to multiple organizations or multiple teams within one organization. If you don't need to set up multi-organization or multi-team assignment, you can use {{ $mapping_link }}.
+> Group mapping is ideal for adding a user to multiple organizations or multiple teams within one organization. If you don't need to set up multi-organization or multi-team assignment, you can use [user-level attributes](scim.md#set-up-role-mapping).
 { .tip }
 
 ## How group mapping works
@@ -37,7 +35,7 @@ After every successful SSO sign-in authentication, the JIT provisioner performs
 
    b) If the IdP didn't provide group mappings, it checks if the user is already a member of the organization, or if the SSO connection is for multiple organizations (only at company level) and if the user is a member of any of those organizations. If the user is not a member, it adds the user to the default team and organization configured in the SSO connection.
 
-![JIT provisioning](/docker-hub/images/group-mapping.png)
+![JIT provisioning](../images/group-mapping.png)
 
 ## Use group mapping
 
@@ -59,7 +57,7 @@ The following lists the supported group mapping attributes:
 | id | Unique ID of the group in UUID format. This attribute is read-only. |
 | displayName | Name of the group following the group mapping format: `organization:team`. |
 | members | A list of users that are members of this group. |
-| members[x].value | Unique ID of the user that is a member of this group. Members are referenced by ID. |
+| members(x).value | Unique ID of the user that is a member of this group. Members are referenced by ID. |
 
 To take advantage of group mapping, follow the instructions provided by your IdP:
 
@@ -71,5 +69,5 @@ Once complete, a user who signs in to Docker through SSO is automatically added
 
 > **Tip**
 >
-> {{ $scim_link }} to take advantage of automatic user provisioning and de-provisioning. If you don't enable SCIM users are only automatically provisioned. You have to de-provision them manually.
-{ .tip }
+> [Enable SCIM](scim.md) to take advantage of automatic user provisioning and de-provisioning. If you don't enable SCIM users are only automatically provisioned. You have to de-provision them manually.
+{ .tip }

content/security/for-admins/roles-and-permissions.md

@@ -2,8 +2,10 @@
 description: >
   Use roles in your organization to control who has access to content,
   registry, and organization management permissions.
-keywords: members, teams, organization, company, roles, access
+keywords: members, teams, organization, company, roles, access, docker hub, docker admin, security 
 title: Roles and permissions
+aliases:
+- /docker-hub/roles-and-permissions/
 ---
 
 Organization and company owners can assign roles to individuals giving them different permissions in the organization. This section is for owners who want to learn about the defined roles and their permission scopes.
@@ -52,7 +54,7 @@ When you add members to a team, you can manage their repository permissions. For
 
 See the following diagram for an example of how permissions may work for a user. In this example, the first permission check is for the role: member or editor. Editors have administrative permissions for repositories across the namespace of the organization. Members may have administrative permissions for a repository if they're a member of a team that grants those permissions.
 
-![User repository permissions within an organization](./images/roles-and-permissions-member-editor-roles.png)
+![User repository permissions within an organization](../images/roles-and-permissions-member-editor-roles.png)
 
 ### Organization management permissions
 

content/security/for-admins/scim.md

@@ -0,0 +1,55 @@
+---
+description: System for Cross-domain Identity Management
+keywords: SCIM, SSO
+title: SCIM
+direct_from:
+- /docker-hub/company-scim/
+- /docker-hub/scim/
+- /admin/company/settings/scim/
+- /admin/organization/security-settings/scim/
+---
+
+This section is for administrators who want to enable System for Cross-domain Identity Management (SCIM) 2.0 for their business. It is available for Docker Business customers.
+
+SCIM provides automated user provisioning and de-provisioning for your Docker organization or company through your identity provider (IdP).  Once you enable SCIM in Docker and your IdP, any user assigned to the Docker application in the IdP is automatically provisioned in Docker and added to the organization or company.
+
+Similarly, if a user gets unassigned from the Docker application in the IdP, the user is removed from the organization or company in Docker. SCIM also synchronizes changes made to a user's attributes in the IdP, for instance the user’s first name and last name.
+
+The following provisioning features are supported:
+ - Creating new users
+ - Push user profile updates
+ - Remove users
+ - Deactivate users
+ - Re-activate users
+ - Group mapping
+
+The following table lists the supported attributes. Note that your attribute mappings must match for SSO to prevent duplicating your members.
+
+| Attribute    | Description
+|:---------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
+| userName             | User's primary email address. This is used as the unique identifier of the user. |
+| name.givenName | User’s first name |
+| name.familyName | User’s surname |
+| active | Indicates if a user is enabled or disabled. Can be set to false to de-provision the user. |
+
+For additional details about supported attributes and SCIM, see [Docker Hub API SCIM reference](/docker-hub/api/latest/#tag/scim).
+
+## Set up SCIM
+
+You must make sure you have [configured SSO](single-sign-on/configure/_index.md) before you enable SCIM. Enforcing SSO is not required.
+
+{{< tabs >}}
+{{< tab name="Docker Hub" >}}
+
+{{% admin-scim %}}
+
+{{< /tab >}}
+{{< tab name="Docker Admin" >}}
+
+{{< include "admin-early-access.md" >}}
+
+{{% admin-scim product="admin" %}}
+
+{{< /tab >}}
+{{< /tabs >}}
+

content/security/for-admins/single-sign-on/_index.md

@@ -1,16 +1,12 @@
-{{ $product_name := "Docker Hub" }}
-{{ $sso_config_link := "[configuring SSO](/single-sign-on/configure/)" }}
-{{ $role_mapping_link := "[Set up role mapping](docker-hub/scim.md#set-up-role-mapping)" }}
-
-{{ if eq (.Get "product") "admin" }}
-{{ $product_name = "Docker Admin" }}
-{{ $sso_config_link = "[configuring SSO](/admin/organization/security-settings/sso-configuration/)" }}
-{{ $role_mapping_link = "[Set up role mapping](admin/organization/security-settings/scim.md#set-up-role-mapping)" }}
-{{ if eq (.Get "layer") "company" }}
-{{ $sso_config_link = "[configuring SSO](/admin/company/settings/sso-configuration/)" }}
-{{ $role_mapping_link = "[Set up role mapping](admin/company/settings/scim.md#set-up-role-mapping)" }}
-{{ end }}
-{{ end }}
+---
+description: Overview of Single Sign-On
+keywords: Single Sign-On, SSO, sign-on, admin, docker hub, docker admin, security
+title: Single Sign-On overview
+aliases:
+- /single-sign-on/
+- /admin/company/settings/sso/
+- /admin/organization/security-settings/sso-management/
+---
 
 SSO allows users to authenticate using their identity providers (IdPs) to access Docker. SSO is available for a whole company, and all associated organizations, or an individual organization that has a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
 
@@ -20,13 +16,13 @@ When SSO is enabled, users are redirected to your IdP's authentication page to s
 
 The following diagram shows how SSO operates and is managed in Docker Hub and Docker Desktop. In addition, it provides information on how to authenticate between your IdP.
 
-![SSO architecture](/single-sign-on/images/SSO.png)
+![SSO architecture](images/SSO.png)
 
 ## How to set it up
 
 Before enabling SSO in Docker, administrators must first configure their IdP to work with Docker. Docker provides the Assertion Consumer Service (ACS) URL and the Entity ID. Administrators use this information to establish a connection between their IdP server and Docker Hub.
 
-After establishing the connection between the IdP server and Docker, administrators sign in to {{ $product_name }} and complete the SSO enablement process.
+After establishing the connection between the IdP server and Docker, administrators sign in to Docker Hub or Docker Admin and complete the SSO enablement process.
 
 When you enable SSO for your company, a first-time user can sign in to Docker Hub using their company's domain email address. They're then added to your company, assigned to an organization, and optionally assigned to a team.
 
@@ -42,7 +38,7 @@ When a user signs in using SSO, Docker obtains the following attributes from the
 
 If you use SAML for your SSO connection, Docker obtains these attributes from the SAML assertion message. Your IdP may use different naming for SAML attributes than those listed above. The following table lists the possible SAML attributes that can be present in order for your SSO connection to work. 
 
-You can also configure attributes to override default values, such as default team or organization. See {{ $role_mapping_link }}.
+You can also configure attributes to override default values, such as default team or organization. See [role mapping](../scim.md#set-up-role-mapping).
 
 | SSO attribute | SAML assertion message attributes |
 | ---------------- | ------------------------- |
@@ -55,7 +51,7 @@ You can also configure attributes to override default values, such as default te
 
 > **Important**
 >
-> If none of the email address attributes listed in the previous table are found, SSO will return an error.
+> If none of the email address attributes listed in the previous table are found, SSO returns an error.
 { .important}
 
 ## Prerequisites
@@ -69,5 +65,5 @@ In addition, you should add all email addresses to your IdP.
 
 ## What's next?
 
-- Start {{ $sso_config_link }}
-- Explore the [FAQs](/single-sign-on/faqs/)
+- Start [configuring SSO](configure/_index.md)
+- Explore the [FAQs](../../../faq/security/single-sign-on/faqs.md)

content/security/for-admins/single-sign-on/configure/_index.md

@@ -0,0 +1,59 @@
+---
+description: Learn how to configure Single Sign-On for your organization or company.
+keywords: configure, sso, docker hub, hub, docker admin, admin, security 
+title: Configure Single Sign-On
+aliases:
+- /docker-hub/domains/
+- /docker-hub/sso-connection/
+- /docker-hub/enforcing-sso/
+- /single-sign-on/configure/
+- /admin/company/settings/sso-configuration/
+- /admin/organization/security-settings/sso-configuration/
+---
+
+Follow the steps on this page to configure SSO for your organization or company.
+
+## Step one: Add and verify your domain
+
+{{< tabs >}}
+{{< tab name="Docker Hub" >}}
+
+{{% admin-domains product="hub" %}}
+
+{{< /tab >}}
+{{< tab name="Docker Admin" >}}
+
+{{< include "admin-early-access.md" >}}
+
+{{% admin-domains product="admin" %}}
+
+{{< /tab >}}
+{{< /tabs >}}
+
+## Step two: Create an SSO connection
+
+{{< tabs >}}
+{{< tab name="Docker Hub" >}}
+
+{{% admin-sso-config product="hub" %}}
+
+{{< /tab >}}
+{{< tab name="Docker Admin" >}}
+
+{{% admin-sso-config product="admin" %}}
+
+{{< /tab >}}
+{{< /tabs >}}
+
+## More resources
+
+The following video provides an overview of configuring SSO with SAML in Entra ID (formerly Azure AD).
+
+<iframe title="Configure SSO with SAML in Entra ID overview" class="border-0 w-full aspect-video mb-8" allow="fullscreen" src="https://www.loom.com/embed/0a30409381f340cfb01790adbd9aa9b3?sid=7e4e10a7-7f53-437d-b593-8a4886775632"></iframe>
+
+## What's next?
+
+- [Set up SCIM](../../scim.md)
+- [Enable Group mapping](../../group-mapping.md)
+- [Manage your SSO connections](../manage/_index.md)
+

content/security/for-admins/single-sign-on/manage/_index.md

@@ -0,0 +1,52 @@
+---
+description: Learn how to manage Single Sign-On for your organization or company.
+keywords: manage, single sign-on, SSO, sign-on, docker hub, docker admin, admin, security
+title: Manage Single Sign-On
+aliases:
+- /admin/company/settings/sso-management/
+- /single-sign-on/manage/
+---
+
+## Manage organizations
+
+> **Note**
+>
+> You must have a [company](/docker-hub/creating-companies/) to manage more than one organization.
+
+{{< tabs >}}
+{{< tab name="Docker Hub" >}}
+
+{{% admin-sso-management-orgs product="hub" %}}
+
+{{< /tab >}}
+{{< tab name="Docker Admin" >}}
+
+{{< include "admin-early-access.md" >}}
+
+{{% admin-sso-management-orgs product="admin" %}}
+
+{{< /tab >}}
+{{< /tabs >}}
+
+## Manage domains
+
+{{< tabs >}}
+{{< tab name="Docker Hub" >}}
+
+{{% admin-sso-management product="hub" %}}
+
+{{< /tab >}}
+{{< tab name="Docker Admin" >}}
+
+{{< include "admin-early-access.md" >}}
+
+{{% admin-sso-management product="admin" %}}
+
+{{< /tab >}}
+{{< /tabs >}}
+
+ ## What's next?
+
+- [Set up SCIM](../../scim.md)
+- [Enable Group mapping](../../group-mapping.md)
+

content/single-sign-on/_index.md

@@ -1,7 +0,0 @@
----
-description: Overview of Single Sign-On
-keywords: Single Sign-On, SSO, sign-on
-title: Single Sign-On overview
----
-
-{{% admin-sso product="hub" %}}

content/single-sign-on/configure/_index.md

@@ -1,17 +0,0 @@
----
-description: Learn how to configure Single Sign-On for your organization or company.
-keywords: configure, sso, docker hub, hub
-title: Configure Single Sign-On
-aliases:
-- /docker-hub/domains/
-- /docker-hub/sso-connection/
-- /docker-hub/enforcing-sso/
----
-
-Follow the steps on this page to configure SSO for your organization or company.
-
-## Step one: Add and verify your domain
-
-{{% admin-domains product="hub" %}}
-
-{{% admin-sso-config product="hub" %}}

content/single-sign-on/manage/_index.md

@@ -1,15 +0,0 @@
----
-description: Learn how to manage Single Sign-On for your organization or company.
-keywords: manage, single sign-on, SSO, sign-on
-title: Manage Single Sign-On
----
-
-## Manage organizations
-
-> **Note**
->
-> You must have a [company](/docker-hub/creating-companies/) to manage more than one organization.
-
-{{% admin-sso-management-orgs product="hub" %}}
-
-{{% admin-sso-management product="hub" %}}

content/subscription/details.md

@@ -44,7 +44,7 @@ Docker Team includes:
 - Unlimited [Vulnerability Scanning](../docker-hub/vulnerability-scanning.md)
 - 5000 image [pulls per day](../docker-hub/download-rate-limit.md) for each team member
 
-There are also advanced collaboration and management tools, including organization and team management with [Role Based Access Control (RBAC)](../docker-hub/roles-and-permissions.md), [audit logs](../docker-hub/audit-log.md), and more.
+There are also advanced collaboration and management tools, including organization and team management with [Role Based Access Control (RBAC)](../security/for-admins/roles-and-permissions.md), [audit logs](../docker-hub/audit-log.md), and more.
 
 For a list of features available in each tier, see [Docker Pricing](https://www.docker.com/pricing/).
 
@@ -58,8 +58,8 @@ Docker Business includes:
 - [Image Access Management](../security/for-admins/image-access-management.md) which lets admins control what content developers can access
 - [Registry Access Management](../security/for-admins/registry-access-management.md) which lets admins control what registries developers can access
 - [Company layer](../docker-hub/creating-companies.md) to manage multiple organizations and settings
-- [Single Sign-On](../single-sign-on/index.md)
-- [System for Cross-domain Identity Management](../docker-hub/scim.md) and more.
+- [Single Sign-On](../security/for-admins/single-sign-on/index.md)
+- [System for Cross-domain Identity Management](../security/for-admins/scim.md) and more.
 
 For a list of features available in each tier, see [Docker Pricing](https://www.docker.com/pricing/).
 

content/support.md

@@ -103,4 +103,4 @@ You can also see if an answer already exists in the following FAQs:
 - [Docker Desktop for Linux](../desktop/faqs/linuxfaqs.md)
 - [Docker Desktop for Mac](../desktop/faqs/macfaqs.md)
 - [Docker Desktop for Windows](../desktop/faqs/windowsfaqs.md)
-- [Single Sign-on](../single-sign-on/faqs.md)
+- [Single Sign-on](faq/security/single-sign-on/faqs.md)

data/toc.yaml

@@ -2010,18 +2010,6 @@ Manuals:
       title: Manage users
     - path: /admin/company/owners/
       title: Manage company owners
-    - sectiontitle: SSO & SCIM
-      section:
-      - path: /admin/company/settings/sso/
-        title: Single Sign-On overview
-      - path: /admin/company/settings/sso-configuration/
-        title: Configure Single Sign-On
-      - path: /admin/company/settings/sso-management/
-        title: Manage Single Sign-On
-      - path: /admin/company/settings/scim/
-        title: SCIM
-      - path: /admin/company/settings/group-mapping/
-        title: Group mapping
 
   - sectiontitle: Organization administration
     section:
@@ -2035,18 +2023,6 @@ Manuals:
       title: Activity logs
     - path: /admin/organization/general-settings/
       title: General settings
-    - sectiontitle: SSO & SCIM
-      section:
-      - path: /admin/organization/security-settings/sso/
-        title: Single Sign-On overview
-      - path: /admin/organization/security-settings/sso-configuration/
-        title: Configure Single Sign-On
-      - path: /admin/organization/security-settings/sso-management/
-        title: Manage Single Sign-On
-      - path: /admin/organization/security-settings/scim/
-        title: SCIM
-      - path: /admin/organization/security-settings/group-mapping/
-        title: Group mapping
 
 - sectiontitle: Administration 
   section:
@@ -2070,20 +2046,6 @@ Manuals:
     title: Create and manage a team
   - path: /docker-hub/members/
     title: Manage members
-  - path: /docker-hub/roles-and-permissions/
-    title: Roles and permissions
-  - sectiontitle: Single Sign-on
-    section:
-      -  path: /single-sign-on/
-         title: Overview
-      -  path: /single-sign-on/configure/
-         title: Configure
-      -  path: /single-sign-on/manage/
-         title: Manage
-  - path: /docker-hub/scim/
-    title: SCIM
-  - path: /docker-hub/group-mapping/
-    title: Group mapping
   - path: /docker-hub/audit-log/
     title: Audit logs
   - path: /docker-hub/deactivate-account/
@@ -2095,8 +2057,22 @@ Manuals:
     title: Overview
   - sectiontitle: For admins
     section:
+    - sectiontitle: Single Sign-on
+      section:
+      -  path: /security/for-admins/single-sign-on/
+         title: Overview
+      -  path: /security/for-admins/single-sign-on/configure/
+         title: Configure
+      -  path: /security/for-admins/single-sign-on/manage/
+         title: Manage
+    - path: /security/for-admins/scim/
+      title: SCIM
+    - path: /security/for-admins/group-mapping/
+      title: Group mapping
     - path: /security/for-admins/configure-sign-in/
       title: Enforce sign in
+    - path: /security/for-admins/roles-and-permissions/
+      title: Roles and permissions
     - path: /security/for-admins/domain-audit/
       title: Domain audit
     - path: /security/for-admins/image-access-management/
@@ -2202,20 +2178,6 @@ FAQ:
       title: Organization
     - path: /docker-hub/company-faqs/
       title: Company
-    - sectiontitle: Single Sign-On
-      section:
-      - path: /single-sign-on/faqs/
-        title: General
-      - path: /single-sign-on/saml-faqs/
-        title: SAML
-      - path: /single-sign-on/idp-faqs/
-        title: Identity providers
-      - path: /single-sign-on/domain-faqs/
-        title: Domains
-      - path: /single-sign-on/enforcement-faqs/
-        title: Enforcement
-      - path: /single-sign-on/users-faqs/
-        title: Manage users
   - path: /subscription/faq/
     title: Subscription
   - sectiontitle: Security
@@ -2224,3 +2186,17 @@ FAQ:
       title: General
     - path: /faq/security/eci-faq/
       title: Enhanced Container Isolation
+    - sectiontitle: Single Sign-On
+      section:
+      - path: /faq/security/single-sign-on/faqs/
+        title: General
+      - path: /faq/security/single-sign-on/saml-faqs/
+        title: SAML
+      - path: /faq/security/single-sign-on/idp-faqs/
+        title: Identity providers
+      - path: /faq/security/single-sign-on/domain-faqs/
+        title: Domains
+      - path: /faq/security/single-sign-on/enforcement-faqs/
+        title: Enforcement
+      - path: /faq/security/single-sign-on/users-faqs/
+        title: Manage users

layouts/shortcodes/admin-domain-audit.md

@@ -1,14 +1,14 @@
 {{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
 {{ $domain_navigation := "Select **Organizations**, your organization, **Settings**, and then **Security**." }}
-{{ $sso_link := "[SSO](/single-sign-on/)" }}
-{{ $scim_link := "[SCIM](/docker-hub/scim/)" }}
+{{ $sso_link := "[SSO](/security/for-admins/single-sign-on/)" }}
+{{ $scim_link := "[SCIM](/security/for-admins/scim/)" }}
 {{ $invite_link := "[Invite members](/docker-hub/members/)" }}
 
 {{ if eq (.Get "product") "admin" }}
   {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
   {{ $domain_navigation = "Select your organization in the left navigation drop-down menu, and then select **Domain management**." }}
-  {{ $sso_link = "[SSO](/admin/organization/security-settings/sso/)" }}
-  {{ $scim_link = "[SCIM](/admin/organization/security-settings/scim/)" }}
+  {{ $sso_link = "[SSO](/security/for-admins/single-sign-on/)" }}
+  {{ $scim_link = "[SCIM](/security/for-admins/scim/)" }}
   {{ $invite_link = "[Invite members](/admin/organization/members/)" }}
 {{ end }}
 

layouts/shortcodes/admin-domains.html

@@ -6,10 +6,7 @@
 
 {{ if eq (.Get "product") "admin" }}
   {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
-  {{ $domain_navigation = "Select your organization in the left navigation drop-down menu, and then select **Domain management**." }}
-  {{ if eq (.Get "layer") "company" }}
-    {{ $domain_navigation = "Select your company in the left navigation drop-down menu, and then select **Domain management**." }}
-  {{ end }}
+  {{ $domain_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **Domain management**." }}
 {{ end }}
 
 

layouts/shortcodes/admin-org-onboarding.md

@@ -1,11 +1,11 @@
-{{ $sso_link := "[Configure SSO](/single-sign-on/)" }}
-{{ $scim_link := "[Configure SCIM](/docker-hub/scim/)" }}
+{{ $sso_link := "[Configure SSO](/security/for-admins/single-sign-on/)" }}
+{{ $scim_link := "[Configure SCIM](/security/for-admins/scim/)" }}
 {{ $members_link := "[Invite members](/docker-hub/members/)" }}
 {{ $audit_link := "[Audit your domains](/docker-hub/domain-audit/)" }}
 
 {{ if eq (.Get "product") "admin" }}
-  {{ $sso_link = "[Configure SSO](/admin/organization/security-settings/sso/)" }}
-  {{ $scim_link = "[Configure SCIM](/admin/organization/security-settings/scim/)" }}
+  {{ $sso_link = "[Configure SSO](/security/for-admins/single-sign-on/)" }}
+  {{ $scim_link = "[Configure SCIM](/security/for-admins/scim/)" }}
   {{ $members_link = "[Invite members](/admin/organization/members/)" }}
   {{ $audit_link = "[Audit your domains](/admin/organization/security-settings/domains/)" }}
 {{ end }}

layouts/shortcodes/admin-scim.html

@@ -1,50 +1,12 @@
 {{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
-{{ $sso_link := "[configured SSO](/single-sign-on/configure/)" }}
 {{ $sso_navigation := `Navigate to the SSO settings page for your organization or company.
    - Organization: Select **Organizations**, your organization, **Settings**, and then **Security**.
    - Company: Select **Organizations**, your company, and then **Settings**.` }}
-{{ $group_link := "[Group mapping](/docker-hub/group-mapping)"}}
 
 {{ if eq (.Get "product") "admin" }}
 {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
-{{ $sso_link = "[configured SSO](/admin/organization/security-settings/sso-configuration/)" }}
-{{ $sso_navigation = "Select your organization in the left navigation drop-down menu, and then select **SSO & SCIM.**" }}
-{{ $group_link = "[Group mapping](/admin/organization/security-settings/group-mapping/)"}}
-{{ if eq (.Get "layer") "company" }}
-{{ $sso_link = "[configured SSO](/admin/company/settings/sso-configuration/)" }}
-{{ $sso_navigation = "Select your company in the left navigation drop-down menu, and then select **SSO & SCIM.**" }}
-{{ $group_link = "[Group mapping](/admin/company/settings/group-mapping)"}}
+{{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO & SCIM.**" }}
 {{ end }}
-{{ end }}
-
-This section is for administrators who want to enable System for Cross-domain Identity Management (SCIM) 2.0 for their business. It is available for Docker Business customers.
-
-SCIM provides automated user provisioning and de-provisioning for your Docker organization or company through your identity provider (IdP).  Once you enable SCIM in Docker and your IdP, any user assigned to the Docker application in the IdP is automatically provisioned in Docker and added to the organization or company.
-
-Similarly, if a user gets unassigned from the Docker application in the IdP, the user is removed from the organization or company in Docker. SCIM also synchronizes changes made to a user's attributes in the IdP, for instance the user’s first name and last name.
-
-The following provisioning features are supported:
- - Creating new users
- - Push user profile updates
- - Remove users
- - Deactivate users
- - Re-activate users
- - Group mapping
-
-The following table lists the supported attributes. Note that your attribute mappings must match for SSO to prevent duplicating your members.
-
-| Attribute    | Description
-|:---------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
-| userName             | User's primary email address. This is used as the unique identifier of the user. |
-| name.givenName | User’s first name |
-| name.familyName | User’s surname |
-| active | Indicates if a user is enabled or disabled. Can be set to false to de-provision the user. |
-
-For additional details about supported attributes and SCIM, see [Docker Hub API SCIM reference](/docker-hub/api/latest/#tag/scim).
-
-## Set up SCIM
-
-You must make sure you have {{ $sso_link }} before you enable SCIM. Enforcing SSO is not required.
 
 ### Step one: Enable SCIM in Docker
 
@@ -63,7 +25,7 @@ Follow the instructions provided by your IdP:
 
 ## Set up role mapping
 
-You can assign [roles](/docker-hub/roles-and-permissions/) to members in your organization in the IdP. To set up a role, you can use optional user-level attributes for the person you want to assign a role. In addition to roles, you can set an organization and team to override the default provisioning values set by the SSO connection.
+You can assign [roles](/security/for-admins/roles-and-permissions/) to members in your organization in the IdP. To set up a role, you can use optional user-level attributes for the person you want to assign a role. In addition to roles, you can set an organization and team to override the default provisioning values set by the SSO connection.
 
 > **Note**
 >
@@ -73,9 +35,9 @@ The following table lists the supported optional user-level attributes.
 
 | Attribute | Possible values    | Considerations |
 | --------- | ------------------ | -------------- |
-| `dockerRole` | `member`, `editor`, or `owner`. For a list of permissions for each role, see [Roles and permissions](/docker-hub/roles-and-permissions/). | If you don't assign a role in the IdP, the value of the `dockerRole` attribute defaults to `member`. When you set the attribute, this overrides the default value. |
+| `dockerRole` | `member`, `editor`, or `owner`. For a list of permissions for each role, see [Roles and permissions](/security/for-admins/roles-and-permissions/). | If you don't assign a role in the IdP, the value of the `dockerRole` attribute defaults to `member`. When you set the attribute, this overrides the default value. |
 | `dockerOrg` | `organizationName`. For example, an organization named "moby" would be `moby`. | Setting this attribute overrides the default organization configured by the SSO connection. Also, this won't add the user to the default team. If this attribute isn't set, the user is provisioned to the default organization and the default team. If set and `dockerTeam` is also set, this provisions the user to the team within that org. |
-| `dockerTeam` | `teamName`. For example, a team named "developers" would be `developers`. | Setting this attribute provisions the user to the default org and to the specified team, instead of the SSO connection's default team. This also creates the team if it doesn't exist. You can still use group mapping to provision users to teams in multiple orgs. See {{ $group_link }}. |
+| `dockerTeam` | `teamName`. For example, a team named "developers" would be `developers`. | Setting this attribute provisions the user to the default org and to the specified team, instead of the SSO connection's default team. This also creates the team if it doesn't exist. You can still use group mapping to provision users to teams in multiple orgs. See [Group mapping](/security/for-admins/group-mapping/). |
 
 After you set the role in the IdP, you need to sync to push the changes to Docker.
 

layouts/shortcodes/admin-sso-config.md

@@ -2,39 +2,11 @@
 {{ $sso_navigation := `Navigate to the SSO settings page for your organization or company.
    - Organization: Select **Organizations**, your organization, **Settings**, and then **Security**.
    - Company: Select **Organizations**, your company, and then **Settings**.` }}
-{{ $domain_navigation := `Navigate to the domain settings page for your organization or company.
-   - Organization: Select **Organizations**, your organization, **Settings**, and then **Security**.
-   - Company: Select **Organizations**, your company, and then **Settings**.` }}
-{{ $member_navigation := "Select **Organizations, your organization, and then **Members**." }}
-{{ $invite_button := "**Invite members**" }}
-{{ $remove_button := "**Remove member**" }}
-{{ $scim_link := "[Set up SCIM](/docker-hub/scim/)" }}
-{{ $mapping_link := "[Enable Group mapping](/docker-hub/group-mapping/)" }}
-{{ $sso_mgmt_link := "[Manage your SSO connections](/single-sign-on/manage/)" }}
 
 {{ if eq (.Get "product") "admin" }}
   {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
-  {{ $invite_button = "**Invite**" }}
-  {{ $remove_button = "**Remove member**" }}
-  {{ $sso_navigation = "Select your organization in the left navigation drop-down menu, and then select **SSO & SCIM.**" }}
-  {{ $member_navigation = "Select your organization in the left navigation drop-down menu, and then select **Members**." }}
-  {{ $domain_navigation = "Select your organization in the left navigation drop-down menu, and then select **Domain management**." }}
-  {{ $remove_button = "**Remove member**" }}
-  {{ $scim_link = "[Set up SCIM](/admin/organization/security-settings/scim/)" }}
-  {{ $mapping_link = "[Enable Group mapping](/admin/organization/security-settings/group-mapping/)" }}
-  {{ $sso_mgmt_link = "[Manage your SSO connections](/admin/organization/security-settings/sso-management/)" }}
-{{ if eq (.Get "layer") "company" }}
-  {{ $sso_navigation = "Select your company in the left navigation drop-down menu, and then select **SSO & SCIM**." }}
-  {{ $domain_navigation = "Select your company in the left navigation drop-down menu, and then select **Domain management**." }}
-  {{ $member_navigation = "Select your organization in the left navigation drop-down menu, and then select **Users**." }}
-  {{ $remove_button = "**Remove user**" }}
-  {{ $scim_link = "[Set up SCIM](/admin/company/settings/scim/)" }}
-  {{ $mapping_link = "[Enable Group mapping](/admin/company/settings/group-mapping/)" }}
-  {{ $sso_mgmt_link = "[Manage your SSO connections](/admin/company/settings/sso-management/)" }}
+  {{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO & SCIM.**" }}
 {{ end }}
-{{ end }}
-
-## Step two: Create an SSO connection
 
 > **Important**
 >
@@ -92,7 +64,7 @@ After you’ve completed the SSO configuration process in Docker, you can test t
 > - [Entra ID (formerly Azure AD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users)
 { .important}
 
-The SSO connection is now created. You can continue to set up SCIM without enforcing SSO log-in. For more information about setting up SCIM, see {{ $scim_link }}.
+The SSO connection is now created. You can continue to set up SCIM without enforcing SSO log-in. For more information about setting up SCIM, see [Set up SCIM](/security/for-admins/scim/).
 
 ## Optional step four: Enforce SSO
 
@@ -112,14 +84,3 @@ Your users must now sign in to Docker with SSO.
 > If SSO isn't enforced, users can choose to sign in with either their Docker ID or SSO.
 { .important}
 
-## More resources
-
-The following video provides an overview of configuring SSO with SAML in Entra ID (formerly Azure AD).
-
-<iframe title="Configure SSO with SAML in Entra ID overview" class="border-0 w-full aspect-video mb-8" allow="fullscreen" src="https://www.loom.com/embed/0a30409381f340cfb01790adbd9aa9b3?sid=7e4e10a7-7f53-437d-b593-8a4886775632"></iframe>
-
-## What's next?
-
-- {{ $sso_mgmt_link }}
-- {{ $scim_link }}
-- {{ $mapping_link }}

layouts/shortcodes/admin-sso-management.md

@@ -5,27 +5,16 @@
 {{ $member_navigation := "Select **Organizations**, your organization, and then **Members**." }}
 {{ $invite_button := "**Invite members**" }}
 {{ $remove_button := "**Remove member**" }}
-{{ $scim_link := "[Set up SCIM](/docker-hub/scim/)" }}
-{{ $mapping_link := "[Enable Group mapping](/docker-hub/group-mapping/)" }}
 
 {{ if eq (.Get "product") "admin" }}
   {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
   {{ $invite_button = "**Invite**" }}
-  {{ $sso_navigation = "Select your organization in the left navigation drop-down menu, and then select **SSO & SCIM**." }}
-  {{ $member_navigation = "Select your organization in the left navigation drop-down menu, and then select **Members**." }}
-  {{ $remove_button = "**Remove member**" }}
-  {{ $scim_link = "[Set up SCIM](/admin/organization/security-settings/scim/)" }}
-  {{ $mapping_link = "[Enable Group mapping](/admin/organization/security-settings/group-mapping/)" }}
-{{ if eq (.Get "layer") "company" }}
-  {{ $sso_navigation = "Select your company in the left navigation drop-down menu, and then select **SSO & SCIM**." }}
-  {{ $member_navigation = "Select your organization in the left navigation drop-down menu, and then select **Users**." }}
-  {{ $remove_button = "**Remove user**" }}
-  {{ $scim_link = "[Set up SCIM](/admin/company/settings/scim/)" }}
-  {{ $mapping_link = "[Enable Group mapping](/admin/company/settings/group-mapping/)" }}
+  {{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO & SCIM**." }}
+  {{ $member_navigation := `Navigate to the user management page for your organization or company. 
+    - Organization: Select your organization in the left navigation drop-down menu, and then select **Members**.
+    - Company: Select your company in the left navigation drop-down menu, and then select **Users**.` }}
+  {{ $remove_button = "**Remove member**, if you're an organization, or **Remove user**, is you're a company" }}
 {{ end }}
-{{ end }}
-
-## Manage domains
 
 ### Remove a domain from an SSO connection
 
@@ -93,8 +82,3 @@ To remove a user:
 2. {{ $member_navigation }}
 3. Select the action icon next to a user’s name, and then select {{ $remove_button }}.
 4. Follow the on-screen instructions to remove the user.
-
-## What's next?
-
-- {{ $scim_link }}
-- {{ $mapping_link }}

layouts/shortcodes/admin-users.html

@@ -4,7 +4,7 @@
 {{ $remove_button := "**Remove member**" }}
 {{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
 {{ $update_role := "Select the role you want to assign, then select **Save**." }}
-{{ $role_mapping_link := "[SCIM for role mapping](docker-hub/scim.md#set-up-role-mapping)" }}
+{{ $role_mapping_link := "[SCIM for role mapping](/security/for-admins/scim/)" }}
 {{ $export_fields := `The CSV file for an organization contains the following fields:
 * **Name**: The user's name.
 * **Username**: The user's Docker ID.
@@ -21,7 +21,7 @@
 {{ $member_navigation := "Select your organization in the left navigation drop-down menu, and then select *Members**." }}
 {{ $remove_button = "**Remove member**" }}
 {{ $product_link = "[Docker Admin](https://admin.docker.com)" }}
-{{ $role_mapping_link = "[SCIM for role mapping](admin/organization/security-settings/scim.md#set-up-role-mapping)" }}
+{{ $role_mapping_link = "[SCIM for role mapping](/security/for-admins/scim/)" }}
 {{ if eq (.Get "layer") "company" }}
 {{ $export_fields = `The CSV file for a company contains the following fields:
 * **Name**: The user's name.
@@ -33,7 +33,7 @@
 {{ $member_navigation = "Select your company in the left navigation drop-down menu, and then select **Users**." }}
 {{ $remove_button = "**Remove user**" }}
 {{ $update_role = "Select their organization, select the role you want to assign, and then select **Save**." }}
-{{ $role_mapping_link = "[SCIM for role mapping](admin/company/settings/scim.md#set-up-role-mapping)"}}
+{{ $role_mapping_link = "[SCIM for role mapping](/security/for-admins/scim/)"}}
 {{ end }}
 {{ end }}
 
@@ -59,7 +59,7 @@ of members to your organization via CSV file, see the next section.
    > **Note**
    >
    > When you invite members, you assign them a role.
-   > See [Roles and permissions](/docker-hub/roles-and-permissions/)
+   > See [Roles and permissions](/security/for-admins/roles-and-permissions/)
    > for details about the access permissions for each role.
 
    Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept
@@ -123,7 +123,7 @@ To invite multiple members to an organization via a CSV file containing email ad
    > **Note**
    >
    > When you invite members, you assign them a role.
-   > See [Roles and permissions](/docker-hub/roles-and-permissions/)
+   > See [Roles and permissions](/security/for-admins/roles-and-permissions/)
    > for details about the access permissions for each role.
 
 Pending invitations appear in the table. The invitees receive an email with a link to Docker Hub where they can accept
@@ -149,7 +149,7 @@ To remove a member from an organization:
 
 ## Update a member role
 
-Organization owners can manage [roles](/docker-hub/roles-and-permissions/)
+Organization owners can manage [roles](/security/for-admins/roles-and-permissions/)
 within an organization. If an organization is part of a company,
 the company owner can also manage that organization's roles. If you have SSO enabled, you can use {{ $role_mapping_link }}.