From 9bfdca5ed2d7e6fddaead874b7228535ed4fcabc Mon Sep 17 00:00:00 2001 From: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> Date: Mon, 12 Dec 2022 14:05:31 -0800 Subject: [PATCH] Add domain audit (#16293) * Add domain audit feature for early access --- _data/toc.yaml | 2 ++ docker-hub/domain-audit.md | 34 ++++++++++++++++++++++++++++++++++ docker-hub/onboarding-faqs.md | 8 +++++++- docker-hub/release-notes.md | 9 ++++++++- 4 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 docker-hub/domain-audit.md diff --git a/_data/toc.yaml b/_data/toc.yaml index 80c723107a..1de967f56f 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1820,6 +1820,8 @@ manuals: title: FAQs - path: /docker-hub/scim/ title: SCIM + - path: /docker-hub/domain-audit/ + title: Domain audit - path: /docker-hub/image-access-management/ title: Image Access Management diff --git a/docker-hub/domain-audit.md b/docker-hub/domain-audit.md new file mode 100644 index 0000000000..16e343569f --- /dev/null +++ b/docker-hub/domain-audit.md @@ -0,0 +1,34 @@ +--- +description: Audit your domains for uncaptured users. +keywords: domain audit, security +title: Domain audit +--- + +> **Note** +> +> Domain audit is currently in [Early Access](../release-lifecycle.md/#early-access-ea). +> The feature is enabled for specific user groups as part of an incremental roll-out strategy. + +When your organization has configured SSO, and you have verified your domains, you can audit your domains. Auditing your domains will identify uncaptured users that have authenticated with an email associated with one of your verified domains. + +Uncaptured users can pose a security threat to your environment since your organization's security settings aren't applied to the user's sessions who aren't part of your organization. In addition, you won't have visibility into the activity of uncaptured users. + +You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings. Additionally, you can enforce sign-in to ensure that only members of your organization can sign in to Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../docker-hub/configure-sign-in.md). + +## Audit your domains for uncaptured users + +To audit your domains: + +1. Sign in to [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} as an administrator of your organization. + +2. Select **Organizations** and then select your organization. + +3. Select **Settings** and then select **Security**. + +4. In **Domain Audit**, select **Export Users** to export a CSV file of uncaptured users with the following columns: + - Name: The name of the user. + - Username: The Docker ID of the user. + - Email: The email address of the user. + - Date Joined: The date the user created their Docker account. + +You can invite all the uncaptured users to your organization using the exported CSV file. For more details, see [Invite members via CSV file](../docker-hub/members.md/#invite-members-via-csv-file). diff --git a/docker-hub/onboarding-faqs.md b/docker-hub/onboarding-faqs.md index 7c9d4b9db2..1ae83439ed 100644 --- a/docker-hub/onboarding-faqs.md +++ b/docker-hub/onboarding-faqs.md @@ -144,4 +144,10 @@ A registry is a hosted service containing repositories of images that responds t ### What is included in my Docker Business or Team plan? -For a list of features available in each tier, see [Docker subscription overview](../subscription/index.md). \ No newline at end of file +For a list of features available in each tier, see [Docker subscription overview](../subscription/index.md). + +### Can I delete or deactivate a Docker account for another user? + +Only someone with access to the Docker account can deactivate the account. For more details, see [Deactivating an account](../docker-hub/deactivate-account.md/). + +If the user is a member of your organization, you can remove the user from your organization. For more details, see [Remove members](../docker-hub/members.md/#remove-members). \ No newline at end of file diff --git a/docker-hub/release-notes.md b/docker-hub/release-notes.md index 858d43a251..b546d1b109 100644 --- a/docker-hub/release-notes.md +++ b/docker-hub/release-notes.md @@ -11,9 +11,16 @@ known issues for each Docker Hub release. Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next. +## 2022-12-12 + +### New + +- The new [domain audit](../docker-hub/domain-audit.md) feature lets you audit your domains for users who aren't a member of your organization. + + ## 2022-09-26 -### New +### New - The new [autobuild feature](../docker-hub/builds/index.md#check-your-active-builds) lets you view your in-progress logs every 30 seconds instead of when the build is complete.