manage companies

_data/toc.yaml

@@ -1802,12 +1802,33 @@ manuals:
       title: Business
     - path: /docker-hub/onboarding-faqs/
       title: FAQs
+  - sectiontitle: Set up your company
+    section:
+    - path: /docker-hub/creating-companies/
+      title: Manage a company
+    - path:  /docker-hub/company-owner/
+      title: Company owners
+    - path:  /docker-hub/domains/
+      title: Domains
+    - path:  /docker-hub/sso-connection/
+      title: SSO connection
+    - path:  /docker-hub/group-mapping/
+      title: Group mapping
+    - path:  /docker-hub/company-scim/
+      title: SCIM
+    - path:  /docker-hub/enforcing-sso/
+      title: Enforce SSO Login
+    - path: /docker-hub/company-faqs/
+      title: FAQs
   - path: /docker-hub/orgs/
-    title: Teams and organizations
+    title: Create your organization
+  - path: /docker-hub/manage-a-team/
+    title: Manage a team
   - path: /docker-hub/members/
     title: Manage members
   - path: /docker-hub/configure-sign-in/
     title: Enforce sign-in
+
   - sectiontitle: Single Sign-on
     section:
       -  path: /single-sign-on/

docker-hub/company-faqs.md

@@ -0,0 +1,70 @@
+---
+description: Company FAQs
+keywords: Docker, Docker Hub, SSO FAQs, single sign-on
+title: Frequently asked questions
+---
+
+### Q: As a Docker Business customer, what steps should I follow to create a company?
+
+Contact your designated CSM team member or Docker Support.
+
+### Q: Are existing subscriptions affected when a company is created and organizations are added to the company?
+
+Subscriptions and related billing details will continue to be managed at the organization level at this time.
+
+### Q: Some of my organizations don’t have a Docker Business subscription. Can I still use a parent company?
+
+Yes, but only organizations with a Docker Business subscription are placed under a company.
+
+### Q: What happens if one of my organizations downgrades from Docker Business, but I still need access as a company owner?
+
+To access and manage child organizations, the organization must have a Docker Business subscription. If the organization isn't a part of this subscription, the owner of the organization must manage the org from the company. 
+
+### Q: Does my organization need to prepare for downtime during the migration process?
+
+No, you can continue with business as usual.
+
+### Q: How many company owners can I add?
+
+A maximum of 10 company owners can be added to a single company account.
+
+### What permission does the company owner have in the associated/nested organizations?
+
+Company owners can navigate to the **Organization** page, view/edit organization members, change SSO/SCIM settings that may impact all users in each organization under the company. However, a company owner can't change any organization repositories. 
+
+### What features are supported at the company level? Will this change over time?
+
+Domain verification, Single Sign-on, and System for Cross-domain Identity Management (SCIM) are supported at the company level. The following aren't supported:
+
+- Image Access Management
+- Registry Access Management
+- User management
+- Billing
+
+### What's required to create a company name?
+
+A company name must be unique to that of it's child organization. If a child organization requires the same name as a company, we suggest modifying slightly. For example, **Docker Inc** (parent company), **Docker** (child organization).
+
+### How does a company owner add an organization to the company?
+
+Contact your designated CSM team member or Docker Support with a list of the Docker Business organizations you want to add to the new company.
+
+### How does a company owner manage SSO/SCIM settings from my new parent company?
+
+See Manage your [SCIM](../docker-hub/company-scim.md) and [SSO](../docker-hub/creating-companies.md#single-sign-on-connection) settings. 
+
+### How does a company owner enable group mapping in my IdP?
+
+See [group mapping](../docker-hub/group-mapping.md) for your IdP.
+
+### What's the definition of a company vs an organization?
+
+A company is a collection of organizations that's managed together. An organization is a collection of repositories and teams that's managed together. 
+
+### What are the different permissions for an organization owner?
+
+Organization owners can create, view, push, and pull repositories from their organization. As a company owner, you don’t have these privileges.
+
+### If an organization isn't part of a company, would SSO or SCIM settings change?
+
+No, the SSO or SCIM settings won't change for that organization. 

docker-hub/company-owner.md

@@ -0,0 +1,41 @@
+---
+description: company owners
+keywords: company, owners
+title: Company owners
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+
+To navigate to the company page:
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"} to view your company and organizations.
+2. On the **Organizations** page, select your company to access the **Overview** tab. For example, the company listed below is **dockerinc** and the organization is **docker**.
+
+    ![org-page](images/org-page.png){: width="700px" }
+
+## Manage company owners
+
+As a company owner, you can configure [Single Sign-on (SSO)](../single-sign-on/configure/index.md) and [System for Cross-domain Identity Management (SCIM)](../docker-hub/scim.md) for all organizations under the company. This is only visible if your organization has a Docker Business subscription. If you want to upgrade your subscription to include the organization under the company, see [upgrade your subscription](../subscription/upgrade.md).
+
+The SSO configuration updates all domain mappings for your organizations to a single domain so you can manage multiple organizations using one domain for your company. Group management is also available if your IdP supports group assignment.
+
+### Add a company owner
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"}, navigate to the **Organizations** page, and select your company.
+2. In the **Overview** tab, select **Add owner** and enter their Docker ID or email address.
+3. Once you've selected **Add Owner**, you can view the user in the **Company Owners** table.
+
+    ![company-overview](images/company-overview.png){: width="700px" }
+
+    ![add-owner](images/add-owner.png){: width="700px" }
+
+### Remove a company owner
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"}, navigate to the **Organizations** page, and select your company.
+2. In the **Overview** tab, find the **Company Owner** you want to remove.
+3. Select the **Action** icon and remove the owner.
+
+    ![remove-owner](images/remove-owner.png){: width="700px" }

docker-hub/company-scim.md

@@ -0,0 +1,57 @@
+---
+description: company scim
+keywords: scim, company
+title: SCIM
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+SCIM is a provisioning system that lets you manage users within your identity provider (IdP). You can enable SCIM on organizations that are part of the Docker Business subscription.
+
+### Enable SCIM
+
+1. In the **Single Sign-On Connections**, select the **Actions** icon and **Setup SCIM**.
+
+    > **Note**
+    >
+    > Establishing the SSO connection lets you set up SCIM. However, this doesn’t enforce SSO. To continue, see [Enforcing SSO](../docker-hub/enforcing-sso.md).
+
+2. Copy the **SCIM Base URL** and **API Token** and paste the values into your IdP.
+
+    ![provision-scim](images/provision-scim.png){: width="700px" }
+
+3. Continue to configure SCIM for Okta, Azure AD, or Onelogin.
+
+### Enable SCIM group mapping
+
+#### Okta
+
+If users are signing in via SSO and SCIM, they’re also provisioned via SCIM.
+
+1. Navigate to Okta, select the **Provisioning** tab in the Docker application.
+2. In **Settings**, select **Integration**, and **Edit**.
+3. Enable **Push Groups**, and select **Save**.
+
+    > **Note**
+    >
+    > You can also enable **Import Groups** as an option if you want to import all Docker Hub teams into Okta groups.
+
+    ![okta-provisioning](images/okta-provisioning.png){: width="700px" }
+
+#### Azure AD 
+
+1. Navigate to Azure AD and select your Docker application.
+2. Select the **Provisioning** tab and **Edit provisioning**.
+3. In **Mappings**, select **Provision Azure Active Directory Groups**, and select **Yes** to enable your mapping.
+4. In the **Target Object Actions**, select **Create, **Update, and Delete***.
+5. In the **Attribute Mappings**, confirm that the **displayName**, **objectid**, and **members** are added.
+
+    ![azure-provisioning](images/azure-provisioning.png){: width="700px" }
+
+6. Select **Save** and continue with the on-screen instructions.
+
+    > **Note**
+    >
+    > You can view **Mappings** to see that provisioning is enabled.

docker-hub/creating-companies.md

@@ -0,0 +1,48 @@
+---
+description: manage companies
+keywords: company, multiple organizations, manage companies
+title: Manage a company
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+
+To simplify the management of Docker organizations and settings, Docker has introduced a new view that provides a single point of visibility across multiple organizations called a Company. A company can become a parent to nested child organizations. A company lets Docker Business subscribers manage their organizations and configure settings centrally. With the new company owner role, you can control access to the company and company settings. These settings can affect all the organizations nested under the company. You can assign up to ten unique users to a company owner role without occupying a purchased seat.
+
+Docker will work with your current Docker organization owners to create the company, associate your Docker Business organizations, and identify your company owner(s). Once created, users with a company owner role can navigate to a new page that displays the company name, organizations associated with the company, a list of company owners, and settings that include your Domain verification, Single Sign-on (SSO) connection to your identity provider, System for Cross-domain Identity Management (SCIM) setup.
+
+
+ ![company-process](images/company-process-diagram.png){: width="700px" }
+
+When a company owner makes adjustments to user management settings at the company level, this will affect all organizations associated with the company.
+
+The company owner can:
+
+- View all nested organizations.
+- Configure SSO and SCIM for all nested organizations, including SCIM Group mapping.
+- Enforce SSO log-in for all users in the company.
+- Verify a domain separately from the organization namespace.
+- Add and remove up to 10 company owners.
+- Company owners don't occupy a seat.
+
+A company owner role is only available if your organization has a Docker Business subscription. If you don't have a Docker Business subscription, you must first [upgrade your subscription](../subscription/upgrade.md).
+
+## Get started
+
+You’ll need to send the following information to your CSM Docker team member to set up your company:
+
+- The name of your company. For example, Docker uses the company name **dockerinc**.
+- The organizations that you want to associate with the new company.
+- The verified domains you want to move to the company level.
+- Confirm if you want to migrate one of your organization’s SSO and SCIM settings to the company. Migrating SSO settings will also migrate verified domains from the organization to the parent company.
+
+## Company overview and settings
+
+To navigate to the company page:
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"} to view your company and organizations.
+2. On the **Organizations** page, select your company to access the **Overview** tab. For example, the company listed below is **dockerinc** and the organization is **docker**.
+
+    ![org-page](images/org-page.png){: width="700px" }

docker-hub/domains.md

@@ -0,0 +1,50 @@
+---
+description: domains
+keywords: domains, company, multi-orgs
+title: Manage domains
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+## Add a domain
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"}, navigate to the **Organization** page and select your company.
+2. Select **Settings** to access the **Domain** and **SSO Connections**.
+
+    ![company-settings](images/company-settings.png){: width="700px" }
+
+3. Select **Add Domain** and continue with the on-screen instructions to add the **TXT Record Value** to your domain name system (DNS).
+
+    >**Note**
+    >
+    > Format your domains without protocol or www information, for example, yourcompany.com. This should include all email domains and subdomains users will use to access Docker. Public domains such as gmail.com, outlook.com, etc aren’t permitted. Also, the email domain should be set as the primary email.
+
+    ![add-domain](images/add-domain.png){: width="700px" }
+
+## Verify a domain
+
+You must wait up to 72 hours for the TXT Record verification. 
+
+
+1. Sign in to [Docker Hub](https://hub.docker.com/){: target="_blank" rel="noopener" class="_"} and navigate to the **Organization** page and select your company.
+2. Select **Settings** to access the **Domain** and **SSO Connections**.
+
+3. Select **Verify** next to the domain in the domain table. 
+
+    ![verify-domain](images/verify-domain.png){: width="700px" }
+
+## Delete a domain
+
+If a verified domain is already associated with an established [SSO connection](../docker-hub/sso-connection.md), you must remove the domain from the connection setting before you can delete the domain from the company.
+
+If the domain isn't associated with an existing connection, follow these steps:
+
+1. Navigate to the **Domain** section.
+2. Select the **Action** icon for the domain.
+3. Select **Delete** and **Delete Domain** to confirm.
+
+    >**Note**
+    >
+    >If you want to add this domain again, a new TXT record value is assigned. You must complete the verification steps with the new TXT record value.

docker-hub/enforcing-sso.md

@@ -0,0 +1,18 @@
+---
+description: enforcing sso
+keywords: sso, enforce
+title: Enforce SSO Login
+---
+
+Without SSO enforcement, users can continue to sign in using Docker username and password. If users login with your Domain email, they will authenticate through your identity provider instead. 
+
+You must test your SSO connection first if you’d like to enforce SSO log-in. All users must authenticate with an email address instead of their Docker ID if SSO is enforced
+
+
+1. In the **Single Sign-On Connections** table, select the Action icon and **Enforce Single Sign-on**.
+
+    > **Note**
+    >
+    > When you enforce SSO,  all members of your organization with a matching domain must authenticate through your IdP. 
+2. Continue with the on-screen instructions and verify that you’ve completed the tasks. 
+3. Select **Turn on enforcement** to complete. 

docker-hub/group-mapping.md

@@ -0,0 +1,53 @@
+---
+description: group mapping
+keywords: group, comapping
+title: Enable group mapping
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+## Okta SSO group mapping
+
+Use directory groups to team provisioning from your identity provider, and these updates will sync with your Docker organizations and teams.
+To correctly assign your users to Docker teams, you must create groups in your IDP following the naming pattern <organization>:<team>. For example, if you want to manage provisioning for the team “developers” in Docker, and your organization name is “moby,” you must create a group in your IDP with the name “moby:developers”. Once you enable group mappings in your connection, users assigned to that group in your IDP will automatically be added to the team “developers” in Docker.
+
+   > **Note**
+   >
+   > Use the same names for the Docker teams as your group names in the IdP to prevent further configuration. When you sync groups, a group is created if it doesn't already exist.
+
+1. In **Okta**, navigate to the directory and select **Group**.
+2. Select **Add Group**, and type the name of your organization and team.
+
+    > **Note**
+    >
+    > For example, **auacatenet:platform** (your organization:your team). This connects all of your teams in Docker to your groups in Okta.
+
+    ![okta-add-group](images/okta-add-group.png){: width="700px" }
+
+    ![add-group](images/add-group.png){: width="500px" }
+
+3. In your group, select **Assign people** to add your users to the group.
+
+    ![assign-people](images/assign-people.png){: width="700px" }
+
+4. Navigate to **Applications**, configure your application and select **General**.
+5. Select **Next** and update the value for **Group Attribute Statements** (optional) and filter for **Group Attribute Statements**. Note it's recommended to specify a filter, so the groups relevant to your Docker organization and teams are shared with the Docker app.
+
+    ![group-attribute-statement](images/group-attribute-statement.png){: width="700px" }
+
+6. Select **Next** and **Finish** to complete the configuration.
+
+    > **Note**
+    >
+    > Once completed, when your user signs in to Docker through SSO, the user is automatically added to the organizations and teams mapped in the group attributes.
+
+## Azure AD SSO group mapping
+
+1. Navigate to **Enterprise application**, and select your application.
+2. Select **Single-sign on** and **Attributes and Claims**.
+3. Select **Add a group claim** and select groups assigned to the application.
+4. In the **Source attribute**, select **Cloud-only group display name (Preview)** and **Save**. Note, you can filter the groups you want to share with the application as an option.
+
+    ![azure-group](images/azure-group.png){: width="700px" }

docker-hub/manage-a-team.md

@@ -0,0 +1,76 @@
+---
+description: Docker Hub Teams & Organizations
+keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker Hub, docs, documentation
+title: Teams and Organizations
+---
+
+## Create a team
+
+A **Team** is a group of Docker users that belong to an organization. An
+organization can have multiple teams. When you first create an organization,
+you’ll see that you have a team, the **owners** team, with a single member. An
+organization owner can then create new teams and add members to an existing team
+using their Docker ID or email address and by selecting a team the user should be part of.
+
+The org owner can add additional org owners to the owners team to help them
+manage users, teams, and repositories in the organization. See [Owners
+team](#the-owners-team) for details.
+
+To create a team:
+
+1. Go to **Organizations** in Docker Hub, and select your organization.
+2. Open the **Teams** tab and click **Create Team**.
+3. Fill out your team's information and click **Create**.
+
+### The owners team
+
+The **owners** team is a special team created by default during the org creation
+process. The owners team has full access to all repositories in the organization.
+
+An organization owner is an administrator who is responsible to manage
+repositories and add team members to the organization. They have full access to
+private repositories, all teams, billing information, and org settings. An org
+owner can also specify [permissions](../docker-hub/repos/configure/index.md#permissions-reference) for each team in
+the organization. Only an org owner can enable [SSO](../single-sign-on/index.md)
+for
+the organization. When SSO is enabled for your organization, the org owner can
+also manage users. Docker can auto-provision Docker IDs for new end-users or
+users who'd like to have a separate Docker ID for company use through SSO
+enforcement.
+
+The org owner can also add additional org owners to help them manage users, teams, and repositories in the organization.
+
+## Configure repository permissions
+
+Organization owners can configure repository permissions on a per-team basis.
+For example, you can specify that all teams within an organization have Read and
+Write access to repositories A and B, whereas only specific teams have Admin
+access. Note that org owners have full administrative access to all repositories within the organization.
+
+To give a team access to a repository
+
+1. Navigate to **Organizations** in Docker Hub, and select your organization.
+2. Click on the **Teams** tab and select the team that you'd like to configure  repository access to.
+3. Click on the **Permissions** tab and select a repository from the
+   **Repository** drop-down.
+4. Choose a permission from the **Permissions** drop-down list and click
+   **Add**.
+
+    ![Team Repo Permissions](images/team-repo-permission.png){:width="700px"}
+
+### View a team's permissions for all repositories
+
+To view a team's permissions across all repositories:
+
+1. Open **Organizations** > **_Your Organization_** > **Teams** > **_Team Name_**.
+2. Click on the **Permissions** tab, where you can view the repositories this team can access.
+
+## Videos
+
+You can also check out the following videos for information about creating Teams
+and Organizations in Docker Hub.
+
+- [Overview of organizations](https://www.youtube-nocookie.com/embed/G7lvSnAqed8){: target="_blank" rel="noopener" class="_"}
+- [Create an organization](https://www.youtube-nocookie.com/embed/b0TKcIqa9Po){: target="_blank" rel="noopener" class="_"}
+- [Working with Teams](https://www.youtube-nocookie.com/embed/MROKmtmWCVI){: target="_blank" rel="noopener" class="_"}
+- [Create Teams](https://www.youtube-nocookie.com/embed/78wbbBoasIc){: target="_blank" rel="noopener" class="_"}

docker-hub/orgs.md

@@ -1,7 +1,7 @@
 ---
 description: Docker Hub Teams & Organizations
 keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker Hub, docs, documentation
-title: Teams and Organizations
+title: Create your organization
 redirect_from:
 - /docker-cloud/orgs/
 ---
@@ -112,75 +112,3 @@ configure your organization.
 - **Billing**: Displays information about your existing
 [Docker subscription (plan)](../subscription/index.md) and your billing history.
 You can also access your invoices from this tab.
-
-
-## Create a team
-
-A **Team** is a group of Docker users that belong to an organization. An
-organization can have multiple teams. When you first create an organization,
-you’ll see that you have a team, the **owners** team, with a single member. An
-organization owner can then create new teams and add members to an existing team
-using their Docker ID or email address and by selecting a team the user should be part of.
-
-The org owner can add additional org owners to the owners team to help them
-manage users, teams, and repositories in the organization. See [Owners
-team](#the-owners-team) for details.
-
-To create a team:
-
-1. Go to **Organizations** in Docker Hub, and select your organization.
-2. Open the **Teams** tab and click **Create Team**.
-3. Fill out your team's information and click **Create**.
-
-### The owners team
-
-The **owners** team is a special team created by default during the org creation
-process. The owners team has full access to all repositories in the organization.
-
-An organization owner is an administrator who is responsible to manage
-repositories and add team members to the organization. They have full access to
-private repositories, all teams, billing information, and org settings. An org
-owner can also specify [permissions](../docker-hub/repos/configure/index.md#permissions-reference) for each team in
-the organization. Only an org owner can enable [SSO](../single-sign-on/index.md)
-for
-the organization. When SSO is enabled for your organization, the org owner can
-also manage users. Docker can auto-provision Docker IDs for new end-users or
-users who'd like to have a separate Docker ID for company use through SSO
-enforcement.
-
-The org owner can also add additional org owners to help them manage users, teams, and repositories in the organization.
-
-## Configure repository permissions
-
-Organization owners can configure repository permissions on a per-team basis.
-For example, you can specify that all teams within an organization have Read and
-Write access to repositories A and B, whereas only specific teams have Admin
-access. Note that org owners have full administrative access to all repositories within the organization.
-
-To give a team access to a repository
-
-1. Navigate to **Organizations** in Docker Hub, and select your organization.
-2. Click on the **Teams** tab and select the team that you'd like to configure  repository access to.
-3. Click on the **Permissions** tab and select a repository from the
-   **Repository** drop-down.
-4. Choose a permission from the **Permissions** drop-down list and click
-   **Add**.
-
-    ![Team Repo Permissions](images/team-repo-permission.png){:width="700px"}
-
-### View a team's permissions for all repositories
-
-To view a team's permissions across all repositories:
-
-1. Open **Organizations** > **_Your Organization_** > **Teams** > **_Team Name_**.
-2. Click on the **Permissions** tab, where you can view the repositories this team can access.
-
-## Videos
-
-You can also check out the following videos for information about creating Teams
-and Organizations in Docker Hub.
-
-- [Overview of organizations](https://www.youtube-nocookie.com/embed/G7lvSnAqed8){: target="_blank" rel="noopener" class="_"}
-- [Create an organization](https://www.youtube-nocookie.com/embed/b0TKcIqa9Po){: target="_blank" rel="noopener" class="_"}
-- [Working with Teams](https://www.youtube-nocookie.com/embed/MROKmtmWCVI){: target="_blank" rel="noopener" class="_"}
-- [Create Teams](https://www.youtube-nocookie.com/embed/78wbbBoasIc){: target="_blank" rel="noopener" class="_"}

docker-hub/sso-connection.md

@@ -0,0 +1,108 @@
+---
+description: sso connection
+keywords: sso, connection
+title: Single Sign-on connection
+---
+
+> **Note**
+>
+> The following features are only available to [Early Access](../release-lifecycle.md/#early-access-ea) participants.
+
+## Create a connection
+
+1. Once your domain is verified, continue to **Single Sign-on Connections** and select **Create Connections**, and create a name for the connection. 
+
+    > **Note**
+    >
+    > You have to verify at least one domain before creating the connections.
+
+    ![create-connection](images/create-connection.png){: width="700px" }
+
+2. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
+3. Copy the following fields and add them to your IdP:
+
+   - SAML: **Entity ID**, **ACS URL**
+   - Azure AD (OIDC): **Redirect URL**
+
+   ![idp-create-connection](images/idp-create-connection.png){: width="700px" }
+
+4. From your IdP, copy and paste the following values into the Docker **Settings** fields:
+
+    - SAML: **SAML Sign-on URL**, **x509 Certificate**
+    - Azure AD (OIDC): **Client ID**, **Client Secret**, **Azure AD Domain**
+
+    ![idp-sso-connection](images/idp-sso-connection.png){: width="700px" }
+
+5. Select the Docker organization and verified domains you want to apply the connection.
+
+    ![verified-domains](images/verified-domains.png){: width="700px" }
+
+6. Select the organization and team you want to provision your users.
+
+    > **Note**
+    >
+    > This is the default organization if you have more than one organization in your SSO connection. Users are added to the specified organization and team.
+7. Review your summary and select **Create Connection**.
+
+**SSO connection is now created**. You can continue to set up SSO Group Mapping and SCIM without enforcing SSO log-in.
+
+## Connect a domain
+
+1. In the **Single Sign-on Connections** section, select the **Action** icon and **Edit**.
+2. Select **Next** to navigate to the section where connected domains are listed.
+3. In the **Domain** drop-down, select the domain you want to add to the connection.
+
+    ![verified-domains](images/verified-domains.png){: width="700px" }
+
+4. Select **Next** to confirm or change the connected organizations.
+5. Select **Next** to confirm or change the default organization and team provisioning selections.
+
+    ![default-connection](images/default-connection.png){: width="700px" }
+
+6. Review the connection summary and select **Create Connection**.
+
+## Connect an organization
+
+You must have a company to connect an organization.
+
+1. In the **Single Sign-on Connections** section, select the **Action** icon and **Edit**.
+2. Select **Next** to navigate to the section where connected organizations are listed.
+3. In the **Organizations** drop-down, select the organization to add to the connection.
+
+    ![org-connection](images/org-connection.png){: width="700px" }
+
+4. Select **Next** to confirm or change the default organization and team provisioning.
+5. Review the **Connection Summary** and select **Save**.
+
+    ![review-connection](images/review-connection.png){: width="700px" }
+
+## Delete a connection
+
+1. In the **Single Sign-On Connections**, select the **Action** icon.
+2. Select **Delete** and **Delete Connection**.
+3. Continue with the on-screen instructions.
+
+## Edit a connection
+
+1. In the **Single Sign-On Connections**, select the **Action** icon.
+2. Select **Edit Connection** to edit you connection.
+3. Continue with the on-screen instructions.
+
+ ![edit-connection](images/edit-connection.png){: width="700px" }
+
+## Remove a domain
+
+1. In the **Single Sign-On Connection**, select the **Action** icon and **Edit**.
+2. Select **Next** to navigate to the section where the connected domains are listed.
+3. In the **Domain** drop-down, select the **Remove** icon next to the domain that you want to remove.
+4. Select **Next** to confirm or change the connected organizations.
+5. Select **Next** to confirm or change the default organization and team provisioning selections.
+6. Review the **Connection Summary** and select **Save**.
+
+## Remove an organization
+
+1. In the **Single Sign-on Connection** section, select the **Action** icon and **Edit**.
+2. Select **Next** to navigate to the section where connected organizations are listed.
+3. In the **Organizations** drop-down, select **Remove** to remove the connection.
+4. Select **Next** to confirm or change the default organization and team provisioning.
+5. Review the **Connection Summary** and select **Save**.