diff --git a/_data/toc.yaml b/_data/toc.yaml index 4d82797dd8..d5b3401aa6 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1856,6 +1856,8 @@ manuals: title: FAQs - path: /docker-hub/scim/ title: SCIM + - path: /docker-hub/group-mapping/ + title: Group mapping - path: /docker-hub/domain-audit/ title: Domain audit - path: /docker-hub/image-access-management/ diff --git a/docker-hub/group-mapping.md b/docker-hub/group-mapping.md new file mode 100644 index 0000000000..72b994917f --- /dev/null +++ b/docker-hub/group-mapping.md @@ -0,0 +1,24 @@ +--- +description: Group mapping in Docker Hub +keywords: Group Mapping, SCIM, Docker Hub +title: Group Mapping +--- + +With directory group-to-team provisioning from your IdP, user updates will automatically sync with your Docker organizations and teams. + +To correctly assign your users to Docker teams, you must create groups in your IDP following the naming pattern `organization:team`. For example, if you want to manage provisioning for the team "developers” in Docker, and your organization name is “moby,” you must create a group in your IdP with the name “moby:developers”. + +Once you enable group mappings in your connection, users assigned to that group in your IdP will automatically be added to the team “developers” in Docker. + +>**Tip** +> +>Use the same names for the Docker teams as your group names in the IdP to prevent further configuration. When you sync groups, a group is created if it doesn’t already exist. +{: .tip} + +To take advantage of group mapping, make sure you have [enabled SCIM](scim.md) and then follow the instructions provided by your IdP: + +- [Okta](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-enable-group-push.htm){: target="_blank" rel="noopener" class="_" } +- [Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes){: target="_blank" rel="noopener" class="_" } +- [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" } + +Once complete, a user who signs in to Docker through SSO is automatically added to the organizations and teams mapped in the IdP. \ No newline at end of file diff --git a/docker-hub/scim.md b/docker-hub/scim.md index c133763d45..860a089618 100644 --- a/docker-hub/scim.md +++ b/docker-hub/scim.md @@ -4,7 +4,6 @@ keywords: SCIM, SSO title: SCIM direct_from: - /docker-hub/company-scim/ -- /docker-hub/group-mapping/ --- This section is for administrators who want to enable System for Cross-domain Identity Management (SCIM) 2.0 for their business. It is available for Docker Business customers. @@ -48,14 +47,6 @@ Follow the instructions provided by your IdP: - [Azure AD](https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/scim/aad#step-2-configure-the-enterprise-application){: target="_blank" rel="noopener" class="_" } - [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" } -### Optional step -You also have the option to use group mapping within your IdP. To take advantage of group mapping, follow the instructions provided by your IdP: -- [Okta](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-about-group-push.htm){: target="_blank" rel="noopener" class="_" } -- [Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes){: target="_blank" rel="noopener" class="_" } -- [OneLogin](https://developers.onelogin.com/scim/create-app){: target="_blank" rel="noopener" class="_" } - -Once complete, a user who signs in to Docker through SSO is automatically added to the organizations and teams mapped in the IdP. - ## Disable SCIM If SCIM is disabled, any user provisioned through SCIM will remain in the organization. Future changes for your users will not sync from your IdP. User de-provisioning is only possible when manually removing the user from the organization.