Engdocs 1264 (#16904)

* ENGDOCS-1264 * updates * update callout color * changes post review
2023-03-20 11:01:28 +00:00 · 2023-03-20 11:01:28 +00:00 · 82dba9cc35
parent 350d7aa963
commit 82dba9cc35
3 changed files with 26 additions and 9 deletions
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -1856,6 +1856,8 @@ manuals:
         title: FAQs
  - path: /docker-hub/scim/
    title: SCIM
+  - path: /docker-hub/group-mapping/
+    title: Group mapping
  - path: /docker-hub/domain-audit/
    title: Domain audit
  - path: /docker-hub/image-access-management/
--- a/docker-hub/group-mapping.md
+++ b/docker-hub/group-mapping.md
@ -0,0 +1,24 @@
+---
+description: Group mapping in Docker Hub
+keywords: Group Mapping, SCIM, Docker Hub
+title: Group Mapping
+---
+
+With directory group-to-team provisioning from your IdP, user updates will automatically sync with your Docker organizations and teams. 
+
+To correctly assign your users to Docker teams, you must create groups in your IDP following the naming pattern `organization:team`. For example, if you want to manage provisioning for the team "developers” in Docker, and your organization name is “moby,” you must create a group in your IdP with the name “moby:developers”. 
+
+Once you enable group mappings in your connection, users assigned to that group in your IdP will automatically be added to the team “developers” in Docker.
+
+>**Tip**
+>
+>Use the same names for the Docker teams as your group names in the IdP to prevent further configuration. When you sync groups, a group is created if it doesn’t already exist.
+{: .tip}
+
+To take advantage of group mapping, make sure you have [enabled SCIM](scim.md) and then follow the instructions provided by your IdP:
+
+- [Okta](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-enable-group-push.htm){: target="_blank" rel="noopener" class="_" }
+- [Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes){: target="_blank" rel="noopener" class="_" }
+- [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" }
+
+Once complete, a user who signs in to Docker through SSO is automatically added to the organizations and teams mapped in the IdP.
--- a/docker-hub/scim.md
+++ b/docker-hub/scim.md
@ -4,7 +4,6 @@ keywords: SCIM, SSO
 title: SCIM
 direct_from: 
 - /docker-hub/company-scim/
- /docker-hub/group-mapping/
 ---

 This section is for administrators who want to enable System for Cross-domain Identity Management (SCIM) 2.0 for their business. It is available for Docker Business customers. 
@ -48,14 +47,6 @@ Follow the instructions provided by your IdP:
 - [Azure AD](https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/scim/aad#step-2-configure-the-enterprise-application){: target="_blank" rel="noopener" class="_" }
 - [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" }

-### Optional step 
-You also have the option to use group mapping within your IdP. To take advantage of group mapping, follow the instructions provided by your IdP:
- [Okta](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-about-group-push.htm){: target="_blank" rel="noopener" class="_" }
- [Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes){: target="_blank" rel="noopener" class="_" }
- [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" }
-
-Once complete, a user who signs in to Docker through SSO is automatically added to the organizations and teams mapped in the IdP.
-
 ## Disable SCIM

 If SCIM is disabled, any user provisioned through SCIM will remain in the organization. Future changes for your users will not sync from your IdP. User de-provisioning is only possible when manually removing the user from the organization.