FAQ Tier 1 freshness (#18916)

* freshness updates * faq updates * fix typo * fix typos * implement feedback * small update
2023-12-14 10:18:59 -08:00 · 2023-12-14 10:18:59 -08:00 · 51a2aae597
parent d0f6c35e33
commit 51a2aae597
11 changed files with 103 additions and 113 deletions
--- a/content/docker-hub/company-faqs.md
+++ b/content/docker-hub/company-faqs.md
@ -1,10 +1,10 @@
 ---
 description: Company FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, company, administration, company management
 title: FAQs on companies
 ---
-### Are existing subscriptions affected when a company is created and organizations are added to the company?
+### Are existing subscriptions affected when you create a company and add organizations to it?
 You can manage subscriptions and related billing details at the organization level.
@ -39,21 +39,21 @@ You can manage domain verification, Single Sign-on, and System for Cross-domain
 To view and manage users across all the organizations under your company, you can [manage users at the company level](../admin/company/users.md) when you use Docker Admin.
-Domain audit is not supported for companies or organizations within a company.
+Domain audit isn't supported for companies or organizations within a company.
 ### What's required to create a company name?
-A company name must be unique to that of its child organization. If a child organization requires the same name as a company, we suggest modifying slightly. For example, **Docker Inc** (parent company), **Docker** (child organization).
+A company name must be unique to that of its child organization. If a child organization requires the same name as a company, you should modify it slightly. For example, **Docker Inc** (parent company), **Docker** (child organization).
 ### How does a company owner add an organization to the company?
 You can add organizations to a company in [Docker Admin](../admin/company/organizations.md/#add-organizations-to-a-company.md) or [Docker Hub](./new-company.md/#add-organizations-to-a-company.md).
-### How does a company owner manage SSO/SCIM settings from my new parent company?
+### How does a company owner manage SSO/SCIM settings from a company?
 See your [SCIM](scim.md) and [SSO](../security/for-admins/single-sign-on/configure/index.md) settings.
-### How does a company owner enable group mapping in my IdP?
+### How does a company owner enable group mapping in an IdP?
 See [SCIM](scim.md) and [Group mapping](../security/for-admins/group-mapping.md) for more information.
--- a/content/docker-hub/general-faqs.md
+++ b/content/docker-hub/general-faqs.md
@ -1,7 +1,7 @@
 ---
-title: General FAQs for Docker Hub
+title: General FAQs for Docker accounts
-description: Frequently asked administration questions
+description: Frequently asked Docker account and administration questions
-keywords: onboarding, docker, teams, orgs
+keywords: onboarding, docker, teams, orgs, user accounts, organization accounts
 redirect:
 - /docker-hub/onboarding-faqs/
 ---
@ -9,11 +9,11 @@ redirect:
 ### What is a Docker ID?
 A Docker ID is a username for your Docker account that lets you access Docker products. All you need is an email address to create a Docker ID, or you can sign up with your Google or GitHub account. Your Docker ID must be between 4 and 30 characters long, and can only contain
-numbers and lowercase letters. You cannot use any special characters or spaces.
+numbers and lowercase letters. You can't use any special characters or spaces.
-For more information, see [Docker ID](../docker-id/index.md). If your admin enforces [Single sign-on (SSO)](../security/for-admins/single-sign-on/index.md), a Docker ID is provisioned for new users.
+For more information, see [Docker ID](../docker-id/index.md). If your administrator enforces [Single sign-on (SSO)](../security/for-admins/single-sign-on/index.md), this provisions a Docker ID for new users.
-Developers may have multiple Docker IDs in order to separate their Docker IDs that are associated with an organization in Docker Business or Team, and their personal use Docker IDs.
+Developers may have multiple Docker IDs in order to separate their Docker IDs associated with an organization with a Docker Business or Team subscription, and their personal use Docker IDs.
 ### What if my Docker ID is taken?
@ -21,15 +21,11 @@ All Docker IDs are first-come, first-served except for companies that have a US
 ### What’s an organization?
-Docker users become members of an organization when they're associated with the organization by an organization owner. An organization owner is someone assigned the owner role. They
+An organization in Docker is a collection of teams and repositories that are managed together. Docker users become members of an organization once they're associated with that organization by an organization owner. An [organization owner](#who-is-an-organization-owner) is a user with administrative access to the organization. For more information on creating organizations, see [Create your organization](orgs.md).
 can create new teams and add members to an existing team using their Docker ID
 or email address and by selecting a team the user should be part of. An
 organization owner can also add additional organization owners to help them
 manage users, teams, and repositories in the organization. See [Create your organization](orgs.md).
 ### What's an organization name or namespace?
-The organization name, sometimes referred to as the organization namespace or the org ID, is the unique identifier of a Docker organization. The organization name cannot be the same as an existing Docker ID.
+The organization name, sometimes referred to as the organization namespace or the org ID, is the unique identifier of a Docker organization. The organization name can't be the same as an existing Docker ID.
 ### What are roles?
@ -37,18 +33,18 @@ A role is a collection of permissions granted to members. Roles define access to
 ### What’s a team?
-A **Team** is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using Docker IDs or email address and by selecting a team the user should be part of. See [Create and manage a team](manage-a-team.md).
+A team is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using Docker IDs or email address and by selecting a team the user should be part of. See [Create and manage a team](manage-a-team.md).
 ### What's a company?
-A **Company** is a management layer that centralizes administration of multiple organizations. Administrators can add organizations with a Docker Business subscription to a company and configure settings for all organizations under the company. See [Set up your company](creating-companies.md).
+A company is a management layer that centralizes administration of multiple organizations. Administrators can add organizations with a Docker Business subscription to a company and configure settings for all organizations under the company. See [Set up your company](creating-companies.md).
 ### Who is an organization owner?
-An organization owner is an administrator who is responsible to manage
+An organization owner is an administrator who has permissions to manage
-repositories and add team members to the organization. They have full access to
+repositories, add members, and manage member roles. They have full access to
 private repositories, all teams, billing information, and organization settings.
-An organization owner can also specify [permissions](manage-a-team.md#configure-repository-permissions-for-a-team) for each team in the
+An organization owner can also specify [repository permissions](manage-a-team.md#configure-repository-permissions-for-a-team) for each team in the
 organization. Only an organization owner can enable SSO for the organization.
 When SSO is enabled for your organization, the organization owner can also
 manage users.
@ -65,7 +61,7 @@ information, see [Configure SSO](../security/for-admins/single-sign-on/configure
 ### What is a service account?
-A [service account](../docker-hub/service-accounts.md) is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and do not share Docker IDs with the members in the Team or Business plan. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process.
+A [service account](../docker-hub/service-accounts.md) is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and don't share Docker IDs with the members in the Team or Business plan. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process.
 ### Can I delete or deactivate a Docker account for another user?
--- a/content/docker-hub/organization-faqs.md
+++ b/content/docker-hub/organization-faqs.md
@ -1,12 +1,12 @@
 ---
-description: Company FAQs
+description: Organization FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, organizations, administration
 title: FAQs on organizations
 ---
 ### What if the Docker ID I want for my organization or company is taken?
-This depends on the state of the namespace, if trademark claims exist for the organization or company Docker ID, a manual flow for legal review is required.
+All Docker IDs are first-come, first-served except for companies that have a US Trademark on a username. If you have a trademark for your namespace, [Docker Support](https://hub.docker.com/support/contact/) can retrieve the Docker ID for you.
 ### What if I want to create more than 3 organizations?
@ -14,10 +14,7 @@ You can create multiple organizations or multiple teams under a single company.
 ### How do I add an organization owner?
-An existing owner can add additional team members as organization owners. All
+An existing owner can add additional team members as organization owners. You can invite a member and assign them the owner role in [Docker Hub](members.md#invite-members) or [Docker Admin](../admin/organization/members.md#invite-members).
 they need to do is select the organization from the
 [Organizations](https://hub.docker.com/orgs) page in Docker Hub, add the Docker ID/Email of the user, and then
 select the owner role from the drop-down menu. See [Organization owner](manage-a-team.md#organization-owner).
 ### How do I know how many active users are part of my organization?
@ -32,16 +29,16 @@ No. Organization owners can invite users through email and also choose a team fo
 Yes. You can [enforce sign-in](../security/for-admins/configure-sign-in.md) and some benefits are:
 - Administrators can enforce features like [Image Access Management](../security/for-admins/image-access-management.md) and [Registry Access Management](../security/for-admins/registry-access-management.md).
- - Administrators can ensure compliance by blocking Docker Desktop usage for users who do not sign in as members of the organization.
+ - Administrators can ensure compliance by blocking Docker Desktop usage for users who don't sign in as members of the organization.
-### If a user has their personal email associated with a user account in Docker Hub, do they have to convert to using the org’s domain before they can be invited to join an organization?
+### If a user has their personal email associated with a user account in Docker Hub, do they have to convert to using the organization's domain before they can be invited to join an organization?
 Yes. When SSO is enabled for your organization, each user must sign in with the company’s domain. However, the user can retain their personal credentials and create a new Docker ID associated with their organization's domain.
 ### Can I convert my personal user account (Docker ID) to an organization account?
 Yes. You can convert your user account to an organization account. Once you
-convert a user account into an organization, it is not possible to
+convert a user account into an organization, it's not possible to
 revert it to a personal user account. For prerequisites and instructions, see
 [Convert an account into an organization](convert-account.md).
@ -53,7 +50,7 @@ to contact the administrator due to lack of seats.
 ### How can I merge organizations in Docker Hub?
-Reach out to your Support contact if you need to consolidate organizations.
+Reach out to your Support contact if you need to merge organizations.
 ### Do organization invitees take up seats?
@ -69,16 +66,15 @@ Yes. Organization owners will take up a seat.
 User may refer to a Docker user with a Docker ID.
-An invitee is a user who has been invited to join an organization, but has not yet accepted their invitation.
+An invitee is a user that an administrator has invited to join an organization, but has not yet accepted their invitation.
 Seats is the number of planned members within an organization.
 Member may refer to a user that has received and accepted an invitation to join an organization. Member can also refer to a member of a team within an organization.
 ### If there are two organizations and a user belongs to both organizations, do they take up two seats?
-### If there are two organizations and a user belongs to both orgs, do they take up two seats?
+Yes. In a scenario where a user belongs to two organizations, they take up one seat in each organization.
 Yes. In a scenario where a user belongs to two orgs, they take up one seat in each organization.
 ### Is it possible to set permissions for repositories within an organization?
@ -86,7 +82,7 @@ Yes. You can configure repository access on a per-team basis. For example, you
 can specify that all teams within an organization have **Read and Write** access
 to repositories A and B, whereas only specific teams have **Admin** access. Org
 owners have full administrative access to all repositories within the
-organization. See [Configure repository permissions for a team](manage-a-team.md#configure-repository-permissions-for-a-team).
+organization. See [Configure repository permissions for a team](manage-a-team.md#configure-repository-permissions-for-a-team). Administrators can also assign members the editor role, which grants administrative permissions for repositories across the namespace of the organization. See [Roles and permissions](../security/for-admins/roles-and-permissions.md).
 ### Does my organization need to use Docker's registry?
--- a/content/faq/security/general.md
+++ b/content/faq/security/general.md
@ -22,15 +22,15 @@ Docker Hub’s global setting for system lockout is after 10 failed sign in atte
 ### Do you support physical MFA with YubiKeys? 
-This would be configured through SSO using your IDP. Check with your IDP.
+You can configure this through SSO using your IdP. Check with your IdP if they support physical MFA.
 ### How are sessions managed and do they expire?
-Sessions are managed through the IdP if configured.  
+If configured, the IdP manages sessions.
-Docker Desktop sessions expire after 30 days, or after 7 days of inactivity. For Docker Hub, sessions are managed through the IdP if configured. If you use application-level sign-in, users are signed out due to inactivity after 14 days and must sign in again after 30 days.
+Docker Desktop sessions expire after 30 days, or after 7 days of inactivity. For Docker Hub, the IdP manages sessions, if configured. If you use application-level sign-in, users are signed out due to inactivity after 14 days and must sign in again after 30 days.
-### How does Docker attribute downloads to us and what data is used to classify/verify the user is part of our organization? 
+### How does Docker attribute downloads to us and what data is used to classify or verify the user is part of our organization? 
 Docker Desktop downloads are linked to a specific organization by the user's email containing the customer's domain. Additionally, we use IP addresses to correlate users with organizations.
@ -38,7 +38,7 @@ Docker Desktop downloads are linked to a specific organization by the user's ema
 We attribute users and their IP addresses to domains using 3rd party data enrichment software, where our provider analyzes activity from public and private data sources related to that specific IP address, then uses that activity to identify the domain and map it to the IP address.
-Some users (very few in comparison) actually authenticate by signing in to Docker Desktop and joining their domain's Docker org, which allows us to map them with a much higher degree of accuracy and report on direct feature usage for you. We highly encourage you to get your users authenticated so we can provide you with the most accurate data.
+Some users authenticate by signing in to Docker Desktop and joining their domain's Docker organization, which allows us to map them with a much higher degree of accuracy and report on direct feature usage for you. We highly encourage you to get your users authenticated so we can provide you with the most accurate data.
 ### How does Docker distinguish between employee users and contractor users? 
@ -50,7 +50,7 @@ Docker provides various types of audit logs and log retention varies. For exampl
 ### Can I export a list of all users with their assigned roles and privileges and if so, in what format?
-Using the [Export Members](../../docker-hub/members.md) feature, customers can export to CSV a list of their users with role and team information. 
+Using the [Export Members](../../docker-hub/members.md) feature, you can export to CSV a list of your organization's users with role and team information. 
 ### How does Docker Desktop handle and store authentication information?
@ -58,31 +58,29 @@ Docker Desktop utilizes the host operating system's secure key management for ha
 ### How does Docker Hub secure passwords in storage and in transit? 
-This is applicable only when Docker Hub's application-level password is used vs SSO/SAML. When SSO is used, Docker Hub does not store passwords. Application-level passwords are hashed in storage (SHA-256) and encrypted in transit (TLS).
+This is applicable only when using Docker Hub's application-level password versus SSO/SAML. When using SSO, Docker Hub doesn't store passwords. Application-level passwords are hashed in storage (SHA-256) and encrypted in transit (TLS).
 ### How do we de-provision access to CLI users who use personal access tokens instead of our IdP? We use SSO but not SCIM. 
-If SCIM is not enabled, you have to manually remove PAT users from the organization in our system. When SCIM is used this is automated.
+If SCIM isn't enabled, you have to manually remove PAT users from the organization in our system. Using SCIM automates this.
 ### What metadata is collected from container images that Scout analyzes?
-For information about the metadata stored by Docker Scout, [Data handling](../../scout/data-handling.md).
+For information about the metadata stored by Docker Scout, see [Data handling](../../scout/data-handling.md).
-### To which portions of the host filesystem do containers have read and write access? Can containers running as root gain access to admin owned files or directories on the host? 
+### To which portions of the host filesystem do containers have read and write access? Can containers running as root gain access to admin-owned files or directories on the host? 
 File sharing (bind mount from the host filesystem) uses a user-space crafted file server (running in `com.docker.backend` as the user running Docker Desktop), so containers can’t gain any access that the user on the host doesn’t already have.
 ### How are Extensions within the Marketplace vetting for security prior to placement? 
-Security vetting for extensions is on our roadmap however this vetting is not currently done. 
+Security vetting for extensions is on our roadmap however this vetting isn't currently done. 
-At present in the marketplace, there are two types of extensions - reviewed and self-published. Reviewed extensions are used and reviewed against a set of criteria, and if they pass they are included in the marketplace with a **Reviewed** label. Self-published extensions are automatically placed in the marketplace with a **Not reviewed** label. 
+At present in the marketplace, there are two types of extensions: reviewed and self-published. Reviewed extensions are used and reviewed against a set of criteria, and if they pass, they're included in the marketplace with a **Reviewed** label. Self-published extensions are automatically placed in the marketplace with a **Not reviewed** label. 
-Note that even if an extension is reviewed, it is only reviewed on the first publish. Any updates afterwards are not reviewed. Extensions are not covered as part of Docker’s Third-Party Risk Management Program.
+Note that even if an extension is reviewed, it's only reviewed on the first publish. Any updates afterwards aren't reviewed. Extensions aren't covered as part of Docker’s Third-Party Risk Management Program.
 ### Can I disable private repos in my organization via a setting to make sure nobody is pushing images into Docker Hub? 
-Currently this is not possible. 
+No. With [Registry Access Management](../../security/for-admins/registry-access-management.md) (RAM), administrators can ensure that their developers using Docker Desktop only access allowed registries. This is done through the Registry Access Management dashboard on Docker Hub. 
 With [Registry Access Management](../../security/for-admins/registry-access-management.md) (RAM), administrators can ensure that their developers using Docker Desktop only access registries that are allowed. This is done through the Registry Access Management dashboard on Docker Hub. 
--- a/content/faq/security/single-sign-on/domain-faqs.md
+++ b/content/faq/security/single-sign-on/domain-faqs.md
@ -1,6 +1,6 @@
 ---
-description: Single Sign-on FAQs
+description: Single Sign-on domain FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, domains, domain verification
 title: Domains
 aliases:
 - /single-sign-on/domain-faqs/
@ -8,19 +8,19 @@ aliases:
 ### Can I add sub-domains?
-Yes, you can add sub-domains to your SSO , however all email addresses should also be on that domain. Verify that your DNS provider supports multiple txt fields for the same domain.
+Yes, you can add sub-domains to your SSO, however all email addresses should also be on that domain. Verify that your DNS provider supports multiple TXT records for the same domain.
-### Can the DNS provider configure it once for one-time verification and remove it later OR will it be needed permanently?
+### Can the DNS provider configure it once for one-time verification and remove it later or will it be needed permanently?
-They can do it one time to add it to a connection. If they ever change IdPs and have to set up SSO again, they will need to verify again.
+You can do it one time to add it to a connection. If your organization ever changes IdPs and has to set up SSO again, your DNS provider will need to verify again.
 ### Is adding domain required to configure SSO? What domains should I be adding? And how do I add it?
-Adding and verifying a domain is required to enable and enforce SSO. Select **Add Domain** and specify the email domains that's allowed to authenticate through your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
+Adding and verifying a domain is required to enable and enforce SSO. Select **Add Domain** and specify the email domains that are allowed to authenticate through your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
-### If users are using their personal email, do they have to convert to using the Org’s domain before they can be invited to join an Org? Is this just a quick change in their Hub account?
+### If users are using their personal email, do they have to convert to using the organization's domain before they can be invited to join an organization? Is this just a quick change in their Hub account?
-No, they don't. Though they can add multiple emails to a Docker ID if they choose to. However, that email can only be used once across Docker. The other thing to note is that (as of January 2022) SSO will not work for multi domains as an MVP and it will not work for personal emails either.
+No, they don't. Though they can add multiple emails to a Docker ID if they choose to. However, they can only use that email address once across Docker. The other thing to note is that (as of January 2022) SSO doesn't work for multi domains as an MVP and it doesn't work for personal emails either.
 ### Since Docker ID is tracked from SAML, at what point is the login required to be tracked from SAML? Runtime or install time?
--- a/content/faq/security/single-sign-on/enforcement-faqs.md
+++ b/content/faq/security/single-sign-on/enforcement-faqs.md
@ -1,6 +1,6 @@
 ---
-description: Single Sign-on FAQs
+description: Single Sign-on enforcement FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, enforce SSO, SSO enforcement
 title: Enforcement
 aliases:
 - /single-sign-on/enforcement-faqs/
@ -8,7 +8,7 @@ aliases:
 ### We currently have a Docker Team subscription. How do we enable SSO?
-SSO is available with a Docker Business subscription. To enable SSO, you must first upgrade your subscription to a Docker Business subscription. To learn how to upgrade your existing account, see [Upgrade your subscription](https://www.docker.com/pricing).
+SSO is available with a Docker Business subscription. To enable SSO, you must first upgrade your subscription to a Docker Business subscription. To learn how to upgrade your existing account, see [Upgrade your subscription](../../../subscription/upgrade.md).
 ### How do service accounts work with SSO?
@ -26,7 +26,7 @@ Yes. When SSO is enforced, you can access the Docker CLI through Personal Access
 Before enforcing SSO, you must create PATs for automation systems and CI/CD pipelines and use the tokens instead of a password.
-### I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO through Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account?
+### I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they buy Docker Business licenses, they will implement and enforce SSO through Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account?
 If they already have their organization email on their account, then it will be migrated to SSO.
@ -34,13 +34,13 @@ If they already have their organization email on their account, then it will be
 SSO enforcement will apply to any domain email user, and automatically add that user to the Docker Hub org that enables enforcement. The admin could remove users from the org manually, but those users wouldn't be able to authenticate if SSO is enforced.
-### Can I enable SSO and hold off on the domain verification and enforcement options?
+### Can I enable SSO and hold off on the enforcement option?
-Yes, they can choose to not enforce, and users have the option to use either Docker ID (standard email/password) or email address (SSO) at the sign-in screen.
+Yes, you can choose to not enforce, and users have the option to use either Docker ID (standard email/password) or email address (SSO) at the sign-in screen.
-### SSO is enforced, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login through userid and password. Why is this happening?
+### SSO is enforced, but one of our users is connected to several organizations (and several email addresses) and is able to bypass SSO and sign in through username and password. Why is this happening?
-They can bypass SSO if the email they're using to sign in doesn't match the organization email being used when SSO is enforced.
+Users can bypass SSO if the email they're using to sign in doesn't match the organization email that's used for SSO enforcement.
 ### Is there a way to test this functionality in a test tenant with Okta before going to production?
@ -48,8 +48,8 @@ Yes, you can create a test organization. Companies can set up a new 5 seat Busin
 ### Once we enable SSO for Docker Desktop, what's the impact to the flow for Build systems that use service accounts?
-If SSO is enabled, there is no impact for now. We'll continue to support either username/password or personal access token sign-in.
+If you enable SSO, there is no impact for now. We'll continue to support either username/password or personal access token sign-in.
-However, if you **enforce** SSO:
+However, if you enforce SSO:
 * Service Account domain email addresses must be unaliased and enabled in their IdP
 * Username/password and personal access token will still work (but only if they exist, which they won't for new accounts)
--- a/content/faq/security/single-sign-on/faqs.md
+++ b/content/faq/security/single-sign-on/faqs.md
@ -1,7 +1,7 @@
 ---
 description: Single Sign-on FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, administration, security
-title: General
+title: General FAQs on SSO
 aliases:
 - /single-sign-on/faqs/
 ---
@ -12,9 +12,9 @@ Docker Single Sign-on (SSO) is only available with the Docker Business subscript
 ### How does Docker SSO work?
-Docker Single Sign-on (SSO) allows users to authenticate using their identity providers (IdPs) to access Docker. Docker supports Entra ID (formerly Azure AD) and any SAML 2.0 identity providers. When you enable SSO, users are redirected to your provider’s authentication page to authenticate using their email and password.
+Docker Single Sign-on (SSO) lets users to authenticate using their identity providers (IdPs) to access Docker. Docker supports Entra ID (formerly Azure AD) and any SAML 2.0 identity providers. When you enable SSO, this redirects users to your provider’s authentication page to authenticate using their email and password.
-### What SSO flows are supported by Docker?
+### What SSO flows does Docker support?
 Docker supports Service Provider Initiated (SP-initiated) SSO flow. This means users must sign in to Docker Hub or Docker Desktop to initiate the SSO authentication process.
@ -28,8 +28,8 @@ When an organization uses SSO, MFA is determined on the IdP level, not on the Do
 ### Do I need a specific version of Docker Desktop for SSO?
-Yes, all users in your organization must upgrade to Docker Desktop version 4.4.2 or later. Users on older versions of Docker Desktop will not be able to sign in after SSO is enforced, if the company domain email is used to sign in or as the primary email associated with an existing Docker account. Your users with existing accounts can't sign in with their username and password.
+Yes, all users in your organization must upgrade to Docker Desktop version 4.4.2 or later. Users on older versions of Docker Desktop won't be able to sign in after SSO is enforced if the company domain email is used to sign in or as the primary email associated with an existing Docker account. Your users with existing accounts can't sign in with their username and password.
 ### Can I retain my Docker ID when using SSO?
-For a personal Docker ID, a user is the account owner, it’s associated with access to the user's repositories, images, assets. An end user can choose to have a company domain email on the Docker account, when enforcing SSO, the account is connected to the organization account. When enforcing SSO for an organization(s) or company, any user logging in without an existing account using verified company domain email will automatically have an account provisioned, and a new Docker ID created.
+For a personal Docker ID, a user is the account owner. A Docker ID is associated with access to the user's repositories, images, assets. An end user can choose to have a company domain email on the Docker account. When enforcing SSO, the account is connected to the organization account. When enforcing SSO for an organization(s) or company, any user logging in without an existing account using verified company domain email will automatically have an account provisioned, and a new Docker ID created.
--- a/content/faq/security/single-sign-on/idp-faqs.md
+++ b/content/faq/security/single-sign-on/idp-faqs.md
@ -1,6 +1,6 @@
 ---
-description: Single Sign-on FAQs
+description: Single Sign-on IdP FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, IdP
 title: Identity providers
 aliases:
 - /single-sign-on/idp-faqs/
@ -14,7 +14,7 @@ No. You can only configure Docker SSO to work with a single IdP. A domain can on
 Yes. You must delete your existing IdP configuration in Docker Hub and follow the instructions to Configure SSO using your IdP. If you had already turned on enforcement, you should turn off enforcement before updating the provider SSO connection.
-### What information do I need from my identity providers to configure SSO?
+### What information do I need from my identity provider to configure SSO?
 To enable SSO in Docker, you need the following from your IdP:
@ -24,7 +24,7 @@ To enable SSO in Docker, you need the following from your IdP:
 ### What happens if my existing certificate expires?
-If your existing certificate has expired, you may need to contact your identity provider to retrieve a new x509 certificate. The new certificate must be updated in the SSO configuration settings page on Docker Hub.
+If your existing certificate has expired, you may need to contact your identity provider to retrieve a new x509 certificate. Then, you need to update the certificate in the SSO configuration settings page on Docker Hub.
 ### What happens if my IdP goes down when SSO is enabled?
@ -32,23 +32,23 @@ It's not possible to access Docker Hub when your IdP is down. However, you can a
 ### What happens when I turn off SSO for my organization(s) or company?
-When you turn off SSO, authentication through your Identity Provider isn't required to access Docker. Users may continue to sign in through Single Sign-On as well as Docker ID and password.
+When you turn off SSO, authentication through your Identity Provider isn't required to access Docker. Users may continue to sign in through Single Sign-on as well as Docker ID and password.
 ### How do I handle accounts using Docker Hub as a secondary registry? Do I need a bot account?
 You can add a bot account to your IDP and create an access token for it to replace the other credentials.
 ### Does Docker plan to release SAML just in time provisioning?
 The SSO implementation is already "just in time". Admins don't have to create users’ accounts on Hub, they can just enable it on the IdP and have the users sign in through their domain email on Hub.
 ### Will there be IdP initiated logins? Does Docker plan to support SSO logins outside of Hub and Desktop?
 We currently do not have any plans to enable IdP initiated logins.
 ### Build agents - For customers using SSO, do they need to create a bot account to fill a seat within the dockerorg?
-Yes, bot accounts needs a seat, similar to a regular end user, having a non-aliased domain email enabled in the IdP and using a seat in Hub.
+Yes, bot accounts need a seat, similar to a regular end user, having a non-aliased domain email enabled in the IdP and using a seat in Hub.
 ### Does Docker plan to release SAML Just-In-Time (JIT) provisioning?
 The SSO implementation is already Just-In-Time. Administrators don't have to create user's accounts on Hub, they can just enable it on the IdP and have the users sign in through their domain email on Hub.
 ### Will there be IdP-initiated logins?
 We currently don't have any plans to enable IdP-initiated logins.
 ### Is it possible to connect Docker Hub directly with a Microsoft Entra (formerly Azure AD) group?
--- a/content/faq/security/single-sign-on/saml-faqs.md
+++ b/content/faq/security/single-sign-on/saml-faqs.md
@ -1,6 +1,6 @@
 ---
-description: Single Sign-on FAQs
+description: Single Sign-on SAML FAQs
-keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on, SAML
 title: SAML
 aliases:
 - /single-sign-on/saml-faqs/
--- a/content/faq/security/single-sign-on/users-faqs.md
+++ b/content/faq/security/single-sign-on/users-faqs.md
@ -1,5 +1,5 @@
 ---
-description: Single Sign-on FAQs
+description: Single Sign-on user management FAQs
 keywords: Docker, Docker Hub, SSO FAQs, single sign-on
 title: Manage users
 aliases:
@ -8,13 +8,13 @@ aliases:
 ### How do I manage users when using SSO?
-Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
+You can manage users through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
 ### Do I need to manually add users to my organization?
 No, you don’t need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address.
-When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
+When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
 ### Can users in my organization use different email addresses to authenticate through SSO?
@ -26,9 +26,9 @@ Users with a public domain email address will be added as guests.
 Admins, organization owners, and company owners can approve users by configuring their permissions through their IdP. If the user account is configured in the IdP, the user will be automatically added to the organization in Docker Hub as long as there’s an available seat.
-### How will users be made aware that they're being made a part of a Docker organzation?
+### How will users be made aware that they're being made a part of a Docker organization?
-When SSO is enabled, users will be prompted to authenticate through SSO the next time they try to sign in to Docker Hub or Docker Desktop. The system will see the end-user has a domain email associated with the docker ID they're trying to authenticate with, and prompts them to sign in with SSO email and credentials instead.
+When SSO is enabled, users will be prompted to authenticate through SSO the next time they try to sign in to Docker Hub or Docker Desktop. The system will see the end-user has a domain email associated with the Docker ID they're trying to authenticate with, and prompts them to sign in with SSO email and credentials instead.
 If users attempt to sign in through the CLI, they must authenticate using a personal access token (PAT).
@ -44,12 +44,12 @@ Users may still be able to authenticate as a "guest" account using a non-domain
 Yes, you can convert existing users to an SSO account. To convert users from a non-SSO account:
-* Ensure your users have a company domain email address and they have an account in your IdP
+- Ensure your users have a company domain email address and they have an account in your IdP.
-* Verify that all users have Docker Desktop version 4.4.2 or later installed on their machines
+- Verify that all users have Docker Desktop version 4.4.2 or later installed on their machines.
-* Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI
+- Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI.
-* Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
+- Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
-For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](index.md).
+For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/configure-sign-in.md).
 ### What impact can users expect once we start onboarding them to SSO accounts?
@ -61,17 +61,17 @@ Docker SSO provides Just-In-Time (JIT) provisioning by default. This provisionin
 Additionally, you can use the [Docker Hub API](/docker-hub/api/latest/) to complete this process.
-### What's the best way to provision the Docker Subscription without SSO?
+### What's the best way to provision the Docker subscription without SSO?
 Company or organization owners can invite users through Docker Hub UI, by email address (for any user) or by Docker ID (assuming the user has created a user account on Hub already).
 ### If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link through email?
-Yes, if the user is added through email address to an org, they will receive an email invite. If invited through Docker ID as an existing user instead, they'll be added to the organization automatically. A new invite flow will occur in the near future that will require an email invite (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider).
+Yes, if you add the user via email address to an org, they will receive an email invite. If invited through Docker ID as an existing user instead, they'll be added to the organization automatically. A new invite flow will occur in the near future that will require an email invite (so the user can choose to opt out). If the org later sets up SSO for their domain, the user will automatically be added to the domain SSO org the next time they sign and SSO authentication is required.
-### Can someone join an organization without an invitation? Is it possible to put specific users to an organization with existing email accounts?
+### Can someone join an organization without an invitation? Is it possible to add specific users to an organization with existing email accounts?
-Not without SSO. Joining requires an invite from a member of the Owners group. When SSO is enforced, then the domains verified through SSO will allow users to automatically join the organization the next time they sign in as a user that has a domain email assigned.
+Not without SSO. Joining requires an invite from an organization owner. When SSO is enforced, then the domains verified through SSO will let users automatically join the organization the next time they sign in as a user that has a domain email assigned.
 ### When we send an invitation to the user, will the existing account be consolidated and retained?
--- a/content/subscription/faq.md
+++ b/content/subscription/faq.md
@ -1,5 +1,5 @@
 ---
-description: Subscription FAQs
+description: FAQs on Docker subscriptions
 keywords: Docker, Docker Hub, subscription FAQs, subscription, platform
 title: Subscription FAQs
 ---
@ -22,7 +22,7 @@ No. All monthly and annual subscriptions are automatically renewed at the end of
 ### What happens if I pay for an annual subscription and add more seats later?
-When you add seats to your plan in the middle of your billing cycle, a prorated amount is charged for the additional seats.
+When you add seats to your plan in the middle of your billing cycle, you're charged a prorated amount for the additional seats.
 ### What happens to my collaborators when I move to a Personal subscription?