From 6c3cc9396c089a4ab5969847d2620c561a962653 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Thu, 13 Feb 2025 09:04:07 -0500 Subject: [PATCH] security: update manage members and SSO users FAQs (#22021) ## Description - During Kapa triage, I noticed two uncertain answers: one regarding SCIM enablement impact on existing licensed users and one about deleting a user with SSO enabled - These updates address both to improve future Kapa convos and sources - Update to `members.md` that adds a callout about removing members from an org, clarifying that SSO w/ SCIM enabled is a little different (must be done in IdP) - Update to `user-faqs.md` that adds a new FAQ clarifying the impact of enabling SCIM for existing licensed users ## Related issues or tickets - https://docker.atlassian.net/browse/ENGDOCS-2404 - https://docker.atlassian.net/browse/ENGDOCS-2403 ## Reviews - [ ] Technical review - [ ] Editorial review --- content/manuals/admin/organization/members.md | 4 ++++ content/manuals/security/faqs/single-sign-on/users-faqs.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index 8b589eac39..822c4f195f 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -141,6 +141,10 @@ To add a member to a team with the Admin Console: ### Remove a member from a team +> [!NOTE] +> +> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim.md) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker. + Organization owners can remove a member from a team in Docker Hub or Admin Console. Removing the member from the team will revoke their access to the permitted resources. {{< tabs >}} diff --git a/content/manuals/security/faqs/single-sign-on/users-faqs.md b/content/manuals/security/faqs/single-sign-on/users-faqs.md index 64a9c62ec4..5488e1fa44 100644 --- a/content/manuals/security/faqs/single-sign-on/users-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/users-faqs.md @@ -100,3 +100,7 @@ No, we don't differentiate the two in product. ### Is user information visible in Docker Hub? All Docker accounts have a public profile associated with their namespace. If you don't want user information (for example, full name) to be visible, you can remove those attributes from your SSO and SCIM mappings. Alternatively, you can use a different identifier to replace a user's full name. + +### What happens to existing licensed users when SCIM is enabled? + +Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but after enabling SCIM, you will manage them in your identity provider (IdP). If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. \ No newline at end of file