docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: caveats for admin-settings.json (#22441) 

## Description
- admin-settings.json required sign in & business subscription, or the
file will not apply settings
- updated prereqs to be clearer, added a known limitations section for
air-gapped containers or regulated environments that can't authenticate

## Related issues or tickets
- [ENGDOCS-2563](https://docker.atlassian.net/browse/ENGDOCS-2563)

## Reviews
- [ ] Product review
- [ ] Editorial review

[ENGDOCS-2563]:
https://docker.atlassian.net/browse/ENGDOCS-2563?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

---------

Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>
This commit is contained in:
Sarah Sanders 2025-04-21 09:06:29 -04:00 committed by GitHub
parent 9fbb16838e
commit 23589f14d2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
View File

@ -17,7 +17,23 @@ Settings Management is designed specifically for organizations who dont give
## Prerequisites ## Prerequisites
You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Settings Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in. You must [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop users authenticate with your organization.
Settings management requires a Docker Business subscription. Docker Desktop verifies the user's authentication and licensing before applying any settings from the `admin-settings.json` file. The settings file will not take effect unless both authentication and license checks pass. These checks ensure that only licensed users receive managed settings.
> [!IMPORTANT]
>
> If a user is not signed in, or their Docker ID does not belong to an organization with a Docker Business subscription, Docker Desktop ignores the `admin-settings.json` file.
## Known limitations
The `admin-settings.json` file requires users to authenticate with Docker Hub and be a member
of an organization with a Docker Business subscription. This means the file does not work in:
- Air-grapped or offline environments where Docker Desktop can't authenticate with Docker Hub.
- Restricted environments where SSO and cloud-based authentication are not permitted.
## Step one: Create the `admin-settings.json` file and save it in the correct location ## Step one: Create the `admin-settings.json` file and save it in the correct location

4
hugo_stats.json
View File

@ -13,6 +13,7 @@
"-v", "-v",
"-z-10", "-z-10",
".NET", ".NET",
"AWS-Route-53",
"Admin-Console", "Admin-Console",
"After", "After",
"Angular", "Angular",
@ -53,6 +54,8 @@
"Git-Bash-CLI", "Git-Bash-CLI",
"GitLab", "GitLab",
"Go", "Go",
"GoDaddy",
"Google-Cloud-DNS",
"HTTP", "HTTP",
"Heredocs", "Heredocs",
"Hyper-V-backend-x86_64", "Hyper-V-backend-x86_64",
@ -82,6 +85,7 @@
"Okta", "Okta",
"Okta-SAML", "Okta-SAML",
"Old-Dockerfile", "Old-Dockerfile",
"Other-providers",
"PHP", "PHP",
"PowerShell", "PowerShell",
"PowerShell-CLI", "PowerShell-CLI",