docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FAQ POC (#17570) 

* FAQ POC

* rearranging

* review comments and fix build

* review comments and fix build

* toc update

---------

Co-authored-by: aevesdocker <alliesadler@f693mt7fh6.home>
This commit is contained in:
Allie Sadler 2023-06-29 13:30:08 +01:00 committed by GitHub
parent c4ddae5b34
commit b38b2bd5b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 547 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
_data/toc.yaml
View File

@ -12,6 +12,9 @@ horizontalnav:
- title: Reference
path: /reference/
node: reference
- title: FAQ
path: /faq/
node: faq
- title: Samples
path: /samples/
node: samples
@ -1183,16 +1186,6 @@ manuals:
title: Workarounds for common problems
- path: /desktop/troubleshoot/known-issues/
title: Known issues
- sectiontitle: FAQs
section:
- path: /desktop/faqs/general/
title: General FAQs
- path: /desktop/faqs/macfaqs/
title: Mac FAQs
- path: /desktop/faqs/windowsfaqs/
title: Windows FAQs
- path: /desktop/faqs/linuxfaqs/
title: Linux FAQs
- path: /desktop/uninstall/
title: Uninstall Docker Desktop
- path: /desktop/feedback/
@ -1851,8 +1844,6 @@ manuals:
title: Control startup order
- path: /compose/samples-for-compose/
title: Sample apps with Compose
- path: /compose/faq/
title: FAQs
- path: /compose/release-notes/
title: Release notes
@ -2004,8 +1995,6 @@ manuals:
title: Create a company
- path: /docker-hub/company-owner/
title: Manage company owners
- path: /docker-hub/company-faqs/
title: FAQs
- path: /docker-hub/orgs/
title: Create your organization
- path: /docker-hub/convert-account/
@ -2022,8 +2011,6 @@ manuals:
title: Configure
- path: /single-sign-on/manage/
title: Manage
- path: /single-sign-on/faqs/
title: FAQs
- path: /docker-hub/scim/
title: SCIM
- path: /docker-hub/group-mapping/
@ -2052,9 +2039,6 @@ manuals:
title: Image Access Management
- path: /docker-hub/deactivate-account/
title: Deactivate an account or organization
- path: /docker-hub/onboarding-faqs/
title: FAQs
- sectiontitle: Billing
section:
- path: /billing/
@ -2067,8 +2051,7 @@ manuals:
title: View your billing history
- path: /billing/cycle/
title: Change your billing cycle
- path: /billing/faqs/
title: FAQs
- sectiontitle: Subscription
section:
@ -2084,8 +2067,6 @@ manuals:
title: Remove seats
- path: /subscription/downgrade/
title: Downgrade
- path: /subscription/faq/
title: FAQs
- path: /subscription/desktop-license/
title: Docker Desktop license agreement
@ -2184,3 +2165,48 @@ contribute:
title: Videos
- path: /contribute/checklist/
title: Writing checklist
faq:
- path: /faq/
title: Overview
- path: /billing/faqs/
title: Billing
- path: /compose/faq/
title: Compose
- sectiontitle: Desktop
section:
- path: /desktop/faqs/general/
title: General
- path: /desktop/faqs/macfaqs/
title: Mac
- path: /desktop/faqs/windowsfaqs/
title: Windows
- path: /desktop/faqs/linuxfaqs/
title: Linux
- path: /desktop/faqs/releases/
title: Releases
- sectiontitle: Docker Hub and admin
section:
- path: /docker-hub/general-faqs/
title: General
- path: /docker-hub/organization-faqs/
title: Organization
- path: /docker-hub/company-faqs/
title: Company
- sectiontitle: Single Sign-On
section:
- path: /single-sign-on/faqs/
title: General
- path: /single-sign-on/saml-faqs/
title: SAML
- path: /single-sign-on/idp-faqs/
title: Identity providers
- path: /single-sign-on/domain-faqs/
title: Domains
- path: /single-sign-on/enforcement-faqs/
title: Enforcement
- path: /single-sign-on/users-faqs/
title: Manage users
- path: /subscription/faq/
title: Subscription

4
billing/faqs.md
View File

@ -1,5 +1,5 @@
---
title: FAQs
title: Billing FAQs
description: Common FAQs related to billing
keywords: billing, renewal, payments
---
@ -30,7 +30,7 @@ Docker also sends an email notification `Action Required - Credit Card Payment F
Once the grace period is over and the invoice is still not paid, the subscription is downgraded to a free plan and all paid features are disabled.
## What billing-related emails will I receive from Docker Hub?
### What billing-related emails will I receive from Docker Hub?
Docker Hub sends the following billing-related emails:

27
compose/faq.md
View File

@ -1,11 +1,11 @@
---
description: Frequently asked questions for Docker Compose
keywords: documentation, docs, docker, compose, faq
title: Frequently asked questions
title: Compose FAQs
---
{% include compose-eol.md %}
## How do I get help?
### How do I get help?
Docker Compose is under active development. If you need help, would like to
contribute, or simply want to talk about the project with like-minded
@ -18,11 +18,11 @@ individuals, we have a number of open channels for communication.
* To contribute code submit a [pull request on Github](https://github.com/docker/compose/pulls){: target="blank" rel="noopener" class="_" }.
## Where can I find example Compose files?
### Where can I find example Compose files?
There are [many examples of Compose files on GitHub](https://github.com/docker/awesome-compose){: target="blank" rel="noopener" class="_" }.
## What's the difference between `up`, `run`, and `start`?
### What's the difference between `up`, `run`, and `start`?
Typically, you want `docker compose up`. Use `up` to start or restart all the
services defined in a `docker-compose.yml`. In the default "attached"
@ -42,7 +42,7 @@ The `docker compose start` command is useful only to restart containers
that were previously created but were stopped. It never creates new
containers.
## Why do my services take 10 seconds to recreate or stop?
### Why do my services take 10 seconds to recreate or stop?
The `docker compose stop` command attempts to stop a container by sending a `SIGTERM`. It then waits
for a [default timeout of 10 seconds](../engine/reference/commandline/compose_stop.md). After the timeout,
@ -82,18 +82,18 @@ system (like [s6](https://skarnet.org/software/s6/){: target="blank" rel="noopen
[tini](https://github.com/krallin/tini){: target="blank" rel="noopener" class="_" }). Either of these wrappers takes care of
handling `SIGTERM` properly.
## Can I control service startup order?
### Can I control service startup order?
Yes, see [Controlling startup order](startup-order.md).
## How do I run multiple copies of a Compose file on the same host?
### How do I run multiple copies of a Compose file on the same host?
Compose uses the project name to create unique identifiers for all of a
project's containers and other resources. To run multiple copies of a project,
set a custom project name using the [`-p` command line option](reference/index.md)
or the [`COMPOSE_PROJECT_NAME` environment variable](environment-variables/envvars.md#compose_project_name).
## Can I use JSON instead of YAML for my Compose file?
### Can I use JSON instead of YAML for my Compose file?
Yes. [YAML is a superset of JSON](https://stackoverflow.com/a/1729545/444646){: target="blank" rel="noopener" class="_" } so
any JSON file should be valid YAML. To use a JSON file with Compose,
@ -103,7 +103,7 @@ specify the filename to use, for example:
$ docker compose -f docker-compose.json up
```
## Should I include my code with `COPY`/`ADD` or a volume?
### Should I include my code with `COPY`/`ADD` or a volume?
You can add your code to the image using `COPY` or `ADD` directive in a
`Dockerfile`. This is useful if you need to relocate your code along with the
@ -118,12 +118,3 @@ There may be cases where you want to use both. You can have the image
include the code using a `COPY`, and use a `volume` in your Compose file to
include the code from the host during development. The volume overrides
the directory contents of the image.
## Compose documentation
- [User guide](index.md)
- [Installing Compose](install/index.md)
- [Getting Started](gettingstarted.md)
- [Command line reference](reference/index.md)
- [Compose file reference](compose-file/index.md)
- [Sample apps with Compose](samples-for-compose.md)

32
desktop/faqs/general.md
View File

@ -6,7 +6,7 @@ redirect_from:
- /docker-for-mac/faqs/
- /docker-for-windows/faqs/
- /desktop/faqs/
title: Frequently asked questions
title: General FAQs for Desktop
---
### What are the system requirements for Docker Desktop?
@ -25,21 +25,17 @@ By default, Docker Desktop is installed at the following location:
- On Windows: `C:\Program Files\Docker\Docker`
- On Linux: `/opt/docker-desktop`
### Where can I find the checksums for the download files?
You can find the checksums on the [release notes](../release-notes.md) page.
### Do I need to pay to use Docker Desktop?
Docker Desktop is free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open-source projects. Otherwise, it requires a paid subscription for professional use. Paid subscriptions are also required for government entities. When downloading and installing Docker Desktop, you are asked to agree to the [Docker Subscription Service Agreement](https://www.docker.com/legal/docker-subscription-service-agreement){: target="_blank" rel="noopener" class="_"}.
Read the [Blog](https://www.docker.com/blog/updating-product-subscriptions/){: target="_blank" rel="noopener" class="_" id="dkr_docs_subscription_btl"} and [FAQs](https://www.docker.com/pricing/faq){: target="_blank" rel="noopener" class="_" id="dkr_docs_subscription_btl"} to learn more.
## Do I need to pay to create or share Docker Extensions?
### Do I need to pay to create or share Docker Extensions?
No, the [Docker Extension SDK](https://www.npmjs.com/package/@docker/extension-api-client){:target="_blank" rel="noopener" class="_"} is licensed under the Apache 2.0 License and is free to use. Anyone can create new Docker Extensions and share them without constraints.
## Do I need to use a specific license when I create a Docker Extension?
### Do I need to use a specific license when I create a Docker Extension?
No, there is no constraint on how each extension should be licensed, this is up to the extension authors to decide when creating a new extension.
@ -129,25 +125,3 @@ After updating the `settings.json` file, close and restart Docker Desktop to app
### Can I run Docker Desktop on Virtualized hardware?
No, currently this is unsupported and against terms of use.
## Releases
### How do new users install Docker Desktop?
Each Docker Desktop release is also delivered as a full installer for new users. The same applies if you have skipped a version, although this doesn't normally happen as updates are applied automatically.
### How frequent will new releases be?
New releases are available roughly monthly, unless there are critical fixes that need to be released sooner.
### How do I ensure that all users on my team are using the same version?
Previously you had to manage this yourself. Now, it happens automatically as a side effect of all users being on the latest version.
### My colleague has got a new version but I havent got it yet.
Sometimes we may roll out a new version gradually over a few days. Therefore, if you wait, it will turn up soon. Alternatively, you can select **Check for Updates** from the Docker menu to jump the queue and get the latest version immediately.
### Where can I find information about Stable and Edge releases?
Starting with Docker Desktop 3.0.0, Stable and Edge releases are combined into a single, cumulative release stream for all users.

22
desktop/faqs/linuxfaqs.md
View File

@ -1,12 +1,12 @@
---
description: Frequently asked questions
keywords: desktop, linux, faqs
title: Frequently asked questions for Linux
title: FAQs for Linux
redirect_from:
- /desktop/linux/space/
---
## What is the difference between Docker Desktop for Linux and Docker Engine
### What is the difference between Docker Desktop for Linux and Docker Engine
Docker Desktop for Linux and Docker Engine can be installed side-by-side on the
same machine. Docker Desktop for Linux stores containers and images in an isolated
@ -39,7 +39,7 @@ disable the Docker Engine service, and to prevent it from starting automatically
$ sudo systemctl disable docker docker.socket containerd
```
### How do I switch between Docker Desktop and Docker Engine
#### How do I switch between Docker Desktop and Docker Engine
{: id="context" }
The Docker CLI can be used to interact with multiple Docker Engines. For example,
@ -84,7 +84,7 @@ Current context is now "desktop-linux"
Refer to the [Docker Context documentation](../../engine/context/working-with-contexts.md) for more details.
## Why does Docker Desktop for Linux run a VM?
### Why does Docker Desktop for Linux run a VM?
Docker Desktop for Linux runs a Virtual Machine (VM) for the following reasons:
@ -111,7 +111,7 @@ Docker Desktop for Linux runs a Virtual Machine (VM) for the following reasons:
As such, we have adjusted the default memory available to the VM in DD4L. You can tweak this setting to your specific needs by using the **Memory** slider within the **Settings** > **Resources** tab of Docker Desktop.
## How do I enable file sharing?
### How do I enable file sharing?
Docker Desktop for Linux uses [virtiofs](https://virtio-fs.gitlab.io/){:target="_blank" rel="noopener"}{:target="_blank" rel="noopener"} as the
default (and currently only) mechanism to enable file sharing between the host
@ -163,16 +163,16 @@ easy access to such a file on the host. The problem is resolved by creating
a group with the new GID and adding our user to it, or by setting a recursive
ACL (see `setfacl(1)`) for folders shared with the Docker Desktop VM.
## Where does Docker Desktop store Linux containers?
### Where does Docker Desktop store Linux containers?
Docker Desktop stores Linux containers and images in a single, large "disk image" file in the Linux filesystem. This is different from Docker on Linux, which usually stores containers and images in the `/var/lib/docker` directory on the host's filesystem.
### Where is the disk image file?
#### Where is the disk image file?
To locate the disk image file, select **Settings** from the Docker Dashboard then **Advanced** from the **Resources** tab.
The **Advanced** tab displays the location of the disk image. It also displays the maximum size of the disk image and the actual space the disk image is consuming. Note that other tools might display space usage of the file in terms of the maximum file size, and not the actual file size.
#### What if the file is too large?
##### What if the file is too large?
If the disk image file is too large, you can:
@ -180,7 +180,7 @@ If the disk image file is too large, you can:
- Delete unnecessary containers and images
- Reduce the maximum allowable size of the file
#### How do I move the file to a bigger drive?
##### How do I move the file to a bigger drive?
To move the disk image file to a different location:
@ -192,7 +192,7 @@ To move the disk image file to a different location:
Do not move the file directly in Finder as this can cause Docker Desktop to lose track of the file.
#### How do I delete unnecessary containers and images?
##### How do I delete unnecessary containers and images?
Check whether you have any unnecessary containers and images. If your client and daemon API are running version 1.25 or later (use the `docker version` command on the client to check your client and daemon API versions), you can see the detailed space usage information by running:
@ -242,7 +242,7 @@ $ ls -klsh Docker.raw
In this example, the actual size of the disk is `2333548` KB, whereas the maximum size of the disk is `64` GB.
#### How do I reduce the maximum size of the file?
##### How do I reduce the maximum size of the file?
To reduce the maximum size of the disk image file:

2
desktop/faqs/macfaqs.md
View File

@ -1,7 +1,7 @@
---
description: Frequently asked questions
keywords: desktop, mac, faqs
title: Frequently asked questions for Mac
title: FAQs for Mac
redirect_from:
- /desktop/mac/space/
- /docker-for-mac/space/

30
desktop/faqs/releases.md Normal file
View File

@ -0,0 +1,30 @@
---
description: Frequently asked questions for all platforms
keywords: desktop, mac, windows, faqs
title: FAQs on Docker Desktop releases
---
### Where can I find the checksums for the download files?
You can find the checksums on the [release notes](../release-notes.md) page.
### How do new users install Docker Desktop?
Each Docker Desktop release is also delivered as a full installer for new users. The same applies if you have skipped a version, although this doesn't normally happen as updates are applied automatically.
### How frequent will new releases be?
New releases are available roughly monthly, unless there are critical fixes that need to be released sooner.
### How do I ensure that all users on my team are using the same version?
Previously you had to manage this yourself. Now, it happens automatically as a side effect of all users being on the latest version.
### My colleague has got a new version but I havent got it yet.
Sometimes we may roll out a new version gradually over a few days. Therefore, if you wait, it will turn up soon. Alternatively, you can select **Check for Updates** from the Docker menu to jump the queue and get the latest version immediately.
### Where can I find information about Stable and Edge releases?
Starting with Docker Desktop 3.0.0, Stable and Edge releases are combined into a single, cumulative release stream for all users.

2
desktop/faqs/windowsfaqs.md
View File

@ -1,7 +1,7 @@
---
description: Frequently asked questions
keywords: desktop, windows, faqs
title: Frequently asked questions for Windows
title: FAQs for Windows
---
### Can I use VirtualBox alongside Docker Desktop?

2
desktop/release-notes.md
View File

@ -22,7 +22,7 @@ This page contains information about the new features, improvements, known issue
Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1){: target="_blank" rel="noopener" class="_"} to see what's coming next.
For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/general.md/#releases)
For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/releases.md).
## 4.20.1

2
docker-hub/company-faqs.md
View File

@ -1,7 +1,7 @@
---
description: Company FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Frequently asked questions
title: FAQs on companies
---
### Are existing subscriptions affected when a company is created and organizations are added to the company?

86
docker-hub/onboarding-faqs.md → docker-hub/general-faqs.md
View File

@ -1,8 +1,9 @@
---
title: "Frequently asked questions"
title: General FAQs for Docker Hub
description: Frequently asked administration and security questions
keywords: onboarding, docker, teams, orgs
toc_max: 2
redirect:
- /docker-hub/onboarding-faqs/
---
### What is a Docker ID?
@ -61,79 +62,6 @@ have a separate Docker ID for company use through SSO enforcement.
The organization owner can also add additional owners to help them manage users, teams, and repositories in the organization.
### How do I add an organization owner?
An existing owner can add additional team members as organization owners. All
they need to do is select the organization from the
[Organizations](https://hub.docker.com/orgs){: target="_blank" rel="noopener"
class="_"} page in Docker Hub, add the Docker ID/Email of the user, and then
select the **Owners** team from the drop-down menu. See [The owners team](manage-a-team.md#the-owners-team).
### Do users first need to authenticate with Docker before an owner can add them to an organization?
No. Organization owners can invite users through email and also choose a team for them to join within the invite.
### Can I force my organization's members to authenticate before using Docker Desktop and are there any benefits?
Yes. You can [enforce sign-in](../docker-hub/configure-sign-in.md) and some benefits are:
- Administrators can enforce features like [Image Access Management](../docker-hub/image-access-management.md) and [Registry Access Management](../docker-hub/registry-access-management.md).
- Administrators can ensure compliance by blocking Docker Desktop usage for users who do not sign in as members of the organization.
### If a user has their personal email associated with a user account in Docker Hub, do they have to convert to using the orgs domain before they can be invited to join an organization?
Yes. When SSO is enabled for your organization, each user must sign in with the companys domain. However, the user can retain their personal credentials and create a new Docker ID associated with their organization's domain.
### Can I convert my personal user account (Docker ID) to an organization account?
Yes. You can convert your user account to an organization account. Once you
convert a user account into an organization, it is not possible to
revert it to a personal user account. For prerequisites and instructions, see
[Convert an account into an organization](convert-account.md).
### Our users create Docker Hub accounts through self-service. How do we know when the total number of users for the requested licenses has been met? Is it possible to add more members to the organization than the total number of licenses?
Currently, we dont have a way to notify you. However, if the number of team
members exceed the number of licenses, you will receive an error informing you
to contact the administrator due to lack of seats.
### How can I merge organizations in Docker Hub?
Reach out to your Support contact if you need to consolidate organizations.
### Do organization invitees take up seats?
Yes. A user invited to an organization will take up one of the provisioned
seats, even if that user hasnt accepted their invitation yet. Organization
owners can manage the list of invitees through the **Invitees** tab on the organization settings page in Docker Hub.
### Do organization owners take a seat?
Yes. Organization owners will take up a seat.
### What is the difference between user, invitee, seat, and member?
User may refer to a Docker user with a Docker ID.
An invitee is a user who has been invited to join an organization, but has not yet accepted their invitation.
Seats is the number of planned members within an organization.
Member may refer to a user that has received and accepted an invitation to join an organization. Member can also refer to a member of a team within an organization.
### If there are two organizations and a user belongs to both orgs, do they take up two seats?
Yes. In a scenario where a user belongs to two orgs, they take up one seat in each organization.
### Is it possible to set permissions for repositories within an organization?
Yes. You can configure repository access on a per-team basis. For example, you
can specify that all teams within an organization have **Read and Write** access
to repositories A and B, whereas only specific teams have **Admin** access. Org
owners have full administrative access to all repositories within the
organization. See [Configure repository permissions for a team](manage-a-team.md#configure-repository-permissions-for-a-team).
### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org?
Docker SSO allows only one IdP configuration per organization. For more
@ -143,14 +71,6 @@ information, see [Configure SSO](../single-sign-on/index.md) and [SSO FAQs](../s
A [service account](../docker-hub/service-accounts.md) is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and do not share Docker IDs with the members in the Team or Business plan. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process.
### Does my organization need to use Docker's registry?
A registry is a hosted service containing repositories of images that responds to the Registry API. Docker Hub is Docker's primary registry, but you can use Docker with other container image registries. You can access the default registry by browsing to [Docker Hub](https://hub.docker.com) or using the `docker search` command.
### What is included in my Docker Business or Team plan?
For a list of features available in each tier, see [Docker subscription overview](../subscription/index.md).
### Can I delete or deactivate a Docker account for another user?
Only someone with access to the Docker account can deactivate the account. For more details, see [Deactivating an account](../docker-hub/deactivate-account.md/).

2
docker-hub/onboard-business.md
View File

@ -12,7 +12,7 @@ The following section contains step-by-step instructions on how to get started o
Before you start to on board your organization, ensure that you:
- [Create an organization](../docker-hub/orgs.md#create-an-organization) with a Docker Business subscription.
- Familiarize yourself with Docker concepts and terminology in the [glossary](../glossary.md) and [FAQs](../docker-hub/onboarding-faqs.md).
- Familiarize yourself with Docker concepts and terminology in the [glossary](../glossary.md) and [FAQs](../docker-hub/general-faqs.md).
## Step 1: Identify your Docker users and their Docker accounts

2
docker-hub/onboard-team.md
View File

@ -12,7 +12,7 @@ The following section contains step-by-step instructions on how to get started o
Before you start to on board your organization, ensure that you:
- [Create an organization](../docker-hub/orgs.md#create-an-organization) with a Docker Team subscription.
- Familiarize yourself with Docker concepts and terminology in the [glossary](../glossary.md) and [FAQs](../docker-hub/onboarding-faqs.md).
- Familiarize yourself with Docker concepts and terminology in the [glossary](../glossary.md) and [FAQs](../docker-hub/general-faqs.md).
## Step 1: Identify your Docker users and their Docker accounts

90
docker-hub/organization-faqs.md Normal file
View File

@ -0,0 +1,90 @@
---
description: Company FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: FAQs on organizations
---
### What if the Docker ID I want for my organization or company is taken?
This depends on the state of the namespace, if trademark claims exist for the organization or company Docker ID, a manual flow for legal review is required.
### What if I want to create more than 3 organizations?
You can create multiple organizations or multiple teams under a single company. SSO is available at the company level.
### How do I add an organization owner?
An existing owner can add additional team members as organization owners. All
they need to do is select the organization from the
[Organizations](https://hub.docker.com/orgs){: target="_blank" rel="noopener"
class="_"} page in Docker Hub, add the Docker ID/Email of the user, and then
select the **Owners** team from the drop-down menu. See [The owners team](manage-a-team.md#the-owners-team).
### Do users first need to authenticate with Docker before an owner can add them to an organization?
No. Organization owners can invite users through email and also choose a team for them to join within the invite.
### Can I force my organization's members to authenticate before using Docker Desktop and are there any benefits?
Yes. You can [enforce sign-in](../docker-hub/configure-sign-in.md) and some benefits are:
- Administrators can enforce features like [Image Access Management](../docker-hub/image-access-management.md) and [Registry Access Management](../docker-hub/registry-access-management.md).
- Administrators can ensure compliance by blocking Docker Desktop usage for users who do not sign in as members of the organization.
### If a user has their personal email associated with a user account in Docker Hub, do they have to convert to using the orgs domain before they can be invited to join an organization?
Yes. When SSO is enabled for your organization, each user must sign in with the companys domain. However, the user can retain their personal credentials and create a new Docker ID associated with their organization's domain.
### Can I convert my personal user account (Docker ID) to an organization account?
Yes. You can convert your user account to an organization account. Once you
convert a user account into an organization, it is not possible to
revert it to a personal user account. For prerequisites and instructions, see
[Convert an account into an organization](convert-account.md).
### Our users create Docker Hub accounts through self-service. How do we know when the total number of users for the requested licenses has been met? Is it possible to add more members to the organization than the total number of licenses?
Currently, we dont have a way to notify you. However, if the number of team
members exceed the number of licenses, you will receive an error informing you
to contact the administrator due to lack of seats.
### How can I merge organizations in Docker Hub?
Reach out to your Support contact if you need to consolidate organizations.
### Do organization invitees take up seats?
Yes. A user invited to an organization will take up one of the provisioned
seats, even if that user hasnt accepted their invitation yet. Organization
owners can manage the list of invitees through the **Invitees** tab on the organization settings page in Docker Hub.
### Do organization owners take a seat?
Yes. Organization owners will take up a seat.
### What is the difference between user, invitee, seat, and member?
User may refer to a Docker user with a Docker ID.
An invitee is a user who has been invited to join an organization, but has not yet accepted their invitation.
Seats is the number of planned members within an organization.
Member may refer to a user that has received and accepted an invitation to join an organization. Member can also refer to a member of a team within an organization.
### If there are two organizations and a user belongs to both orgs, do they take up two seats?
Yes. In a scenario where a user belongs to two orgs, they take up one seat in each organization.
### Is it possible to set permissions for repositories within an organization?
Yes. You can configure repository access on a per-team basis. For example, you
can specify that all teams within an organization have **Read and Write** access
to repositories A and B, whereas only specific teams have **Admin** access. Org
owners have full administrative access to all repositories within the
organization. See [Configure repository permissions for a team](manage-a-team.md#configure-repository-permissions-for-a-team).
### Does my organization need to use Docker's registry?
A registry is a hosted service containing repositories of images that responds to the Registry API. Docker Hub is Docker's primary registry, but you can use Docker with other container image registries. You can access the default registry by browsing to [Docker Hub](https://hub.docker.com) or using the `docker search` command.

67
faq/index.md Normal file
View File

@ -0,0 +1,67 @@
---
title: Frequently asked questions
description: Landing page to common FAQ topics
keywords: faqs, desktop, Hub, Scout, Engine, Build, Extensions
---
Explore popular FAQ topics.
<div class="component-container">
<!--start row-->
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/subscription/faq/"><img src="/assets/images/contact.svg" alt="subscription" width="70" height="70"></a>
</div>
<h2 id="subscription-faqs"><a href="/subscription/faq/">Subscription</a></h2>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/billing/faqs/"><img src="/assets/images/payment-info.svg" alt="subscription" width="70" height="70"></a>
</div>
<h2 id="billing-faqs"><a href="/billing/faqs/">Billing</a></h2>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/docker-hub/general-faqs/"><img src="/assets/images/engine-networking.svg" alt="Docker-Hub" width="70" height="70"></a>
</div>
<h2 id="Docker-Hub-faqs"><a href="/docker-hub/general-faqs/">Docker Hub</a></h2>
</div>
</div>
</div>
<!--start row-->
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/single-sign-on/enforcement-faqs/"><img src="/assets/images/sign-on.svg" alt="enforcing-sso" width="70" height="70"></a>
</div>
<h2 id="enforcing-sso"><a href="/single-sign-on/enforcement-faqs/">Enforcing Single Sign-On</a></h2>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/single-sign-on/idp-faqs/"><img src="/assets/images/checklist.svg" alt="SSO-and-idp" width="70" height="70"></a>
</div>
<h2 id="SSO-and-idps"><a href="/single-sign-on/idp-faqs/">Single Sign-On and IdPs</a></h2>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-4 block">
<div class="component">
<div class="component-icon">
<a href="/desktop/faqs/general/"><img src="/assets/images/explore.svg" alt="desktop-faqs" width="70" height="70"></a>
</div>
<h2 id="desktop-faqs"><a href="/desktop/faqs/general/">Docker Desktop</a></h2>
</div>
</div>
</div>
</div>

30
single-sign-on/domain-faqs.md Normal file
View File

@ -0,0 +1,30 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Domains
---
### Can i add sub-domains?
Yes, you can add sub-domains to your SSO , however all email addresses should also be on that domain. Verify that your DNS provider supports multiple txt fields for the same domain.
### Can the DNS provider configure it once for one-time verification and remove it later OR will it be needed permanently?
They can do it one time to add it to a connection. If they ever change IdPs and have to set up SSO again, they will need to verify again.
### Is adding domain required to configure SSO? What domains should I be adding? And how do I add it?
Adding and verifying a domain is required to enable and enforce SSO. Select **Add Domain** and specify the email domains that's allowed to authenticate through your server. This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
### If users are using their personal email, do they have to convert to using the Orgs domain before they can be invited to join an Org? Is this just a quick change in their Hub account?
No, they don't. Though they can add multiple emails to a Docker ID if they choose to. However, that email can only be used once across Docker. The other thing to note is that (as of January 2022) SSO will not work for multi domains as an MVP and it will not work for personal emails either.
### Since Docker ID is tracked from SAML, at what point is the login required to be tracked from SAML? Runtime or install time?
Runtime for Docker Desktop if they configure Docker Desktop to require authentication to their org.
### Do you support IdP-initiated authentication (e.g., Okta tile support)?
We don't support IdP-initiated authentication. Users must initiate login through Docker Desktop or Hub.

54
single-sign-on/enforcement-faqs.md Normal file
View File

@ -0,0 +1,54 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Enforcement
---
### We currently have a Docker Team subscription. How do we enable SSO?
SSO is available with a Docker Business subscription. To enable SSO, you must first upgrade your subscription to a Docker Business subscription. To learn how to upgrade your existing account, see [Upgrade your subscription](https://www.docker.com/pricing).
### How do service accounts work with SSO?
Service accounts work like any other user when SSO is turned on. If the service account is using an email for a domain with SSO turned on, it needs a PAT for CLI and API usage.
### Is DNS verification required to enable SSO?
Yes. You must verify a domain before using it with an SSO connection.
### Does Docker SSO support authenticating through the command line?
Yes. When SSO is enforced, you can access the Docker CLI through Personal Access Tokens (PATs). Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](../docker-hub/access-tokens.md).
### How does SSO affect our automation systems and CI/CD pipelines?
Before enforcing SSO, you must create PATs for automation systems and CI/CD pipelines and use the tokens instead of a password.
### I have a user working on projects within Docker Desktop but authenticated with personal or no email. After they purchase Docker Business licenses, they will implement and enforce SSO through Okta to manage their users. When this user signs on SSO, is their work on DD compromised/impacted with the migration to the new account?
If they already have their organization email on their account, then it will be migrated to SSO.
### If an organization enables SSO, the owners can control Docker IDs associated with their work email domain. Some of these Docker IDs won't be users of Docker Desktop and therefore don't require a Business subscription. Can the owners choose which Docker IDs they add to their Docker org and get access to Business features? Is there a way to flag which of these Docker IDs are Docker Desktop users?
SSO enforcement will apply to any domain email user, and automatically add that user to the Docker Hub org that enables enforcement. The admin could remove users from the org manually, but those users wouldn't be able to authenticate if SSO is enforced.
### Can I enable SSO and hold off on the domain verification and enforcement options?
Yes, they can choose to not enforce, and users have the option to use either Docker ID (standard email/password) or email address (SSO) at the sign-in screen.
### SSO is enforced, but one of our users is connected to several organizations (and several email-addresses) and is able to bypass SSO and login through userid and password. Why is this happening?
They can bypass SSO if the email they're using to sign in doesn't match the organization email being used when SSO is enforced.
### Is there a way to test this functionality in a test tenant with Okta before going to production?
Yes, you can create a test organization. Companies can set up a new 5 seat Business plan on a new organization to test with (making sure to only enable SSO, not enforce it or all domain email users will be forced to sign in to that test tenant).
### Once we enable SSO for Docker Desktop, what's the impact to the flow for Build systems that use service accounts?
If SSO is enabled, there is no impact for now. We'll continue to support either username/password or personal access token sign-in.
However, if you **enforce** SSO:
* Service Account domain email addresses must be unaliased and enabled in their IdP
* Username/password and personal access token will still work (but only if they exist, which they won't for new accounts)
* Those who know the IdP credentials can sign in as that Service Account through SSO on Hub and create or change the personal access token for that service account.

32
single-sign-on/faqs.md
View File

@ -1,8 +1,34 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Single Sign-on FAQs
toc_max: 2
title: General
---
{% include admin-sso-faq.md %}
### Is Docker SSO available for all paid subscriptions?
Docker Single Sign-on (SSO) is only available with the Docker Business subscription. Upgrade your existing subscription to start using Docker SSO.
### How does Docker SSO work?
Docker Single Sign-on (SSO) allows users to authenticate using their identity providers (IdPs) to access Docker. Docker supports Azure AD and any SAML 2.0 identity providers. When you enable SSO, users are redirected to your providers authentication page to authenticate using their email and password.
### What SSO flows are supported by Docker?
Docker supports Service Provider Initiated (SP-initiated) SSO flow. This means users must sign in to Docker Hub or Docker Desktop to initiate the SSO authentication process.
### Where can I find detailed instructions on how to configure Docker SSO?
You first need to establish an SSO connection with your identity provider, and the company email domain needs to be verified prior to establishing an SSO connection for your users. For detailed step-by-step instructions on how to configure Docker SSO, see [Single Sign-on](index.md).
### Does Docker SSO support multi-factor authentication (MFA)?
When an organization uses SSO, MFA is determined on the IdP level, not on the Docker platform.
### Do I need a specific version of Docker Desktop for SSO?
Yes, all users in your organization must upgrade to Docker Desktop version 4.4.2 or later. Users on older versions of Docker Desktop will not be able to sign in after SSO is enforced, if the company domain email is used to sign in or as the primary email associated with an existing Docker account. Your users with existing accounts can't sign in with their username and password.
### Can I retain my Docker ID when using SSO?
For a personal Docker ID, a user is the account owner, its associated with access to the user's repositories, images, assets. An end user can choose to have a company domain email on the Docker account, when enforcing SSO, the account is connected to the organization account. When enforcing SSO for an organization(s) or company, any user logging in without an existing account using verified company domain email will automatically have an account provisioned, and a new Docker ID created.

53
single-sign-on/idp-faqs.md Normal file
View File

@ -0,0 +1,53 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Identity providers
---
### Is it possible to use more than one IdP with Docker SSO?
No. You can only configure Docker SSO to work with a single IdP. A domain can only be associated with a single IdP. Docker supports Azure AD and identity providers that support SAML 2.0.
### Is it possible to change my identity provider after configuring SSO?
Yes. You must delete your existing IdP configuration in Docker Hub and follow the instructions to Configure SSO using your IdP. If you had already turned on enforcement, you should turn off enforcement before updating the provider SSO connection.
### What information do I need from my identity providers to configure SSO?
To enable SSO in Docker, you need the following from your IdP:
* **SAML**: Entity ID, ACS URL, Single Logout URL and the public X.509 certificate
* **Azure AD**: Client ID, Client Secret, AD Domain.
### What happens if my existing certificate expires?
If your existing certificate has expired, you may need to contact your identity provider to retrieve a new x509 certificate. The new certificate must be updated in the SSO configuration settings page on Docker Hub.
### What happens if my IdP goes down when SSO is enabled?
It's not possible to access Docker Hub when your IdP is down. However, you can access Docker Hub images from the CLI using your Personal Access Token. Or, if you had an existing account before the SSO enforcement, you can use your username and password to access Docker Hub images during the grace period for your organization.
### What happens when I turn off SSO for my organization(s) or company?
When you turn off SSO, authentication through your Identity Provider isn't required to access Docker. Users may continue to sign in through Single Sign-On as well as Docker ID and password.
### How do I handle accounts using Docker Hub as a secondary registry? Do I need a bot account?
You can add a bot account to your IDP and create an access token for it to replace the other credentials.
### Does Docker plan to release SAML just in time provisioning?
The SSO implementation is already "just in time". Admins don't have to create users accounts on Hub, they can just enable it on the IdP and have the users sign in through their domain email on Hub.
### Will there be IdP initiated logins? Does Docker plan to support SSO logins outside of Hub and Desktop?
We currently do not have any plans to enable IdP initiated logins.
### Build agents - For customers using SSO, do they need to create a bot account to fill a seat within the dockerorg?
Yes, bot accounts needs a seat, similar to a regular end user, having a non-aliased domain email enabled in the IdP and using a seat in Hub.
### Is it possible to connect Docker Hub directly with a Microsoft Azure Active Directory Group?
Yes, Azure AD is supported with SSO for Docker Business, both through a direct integration and through SAML.

21
single-sign-on/saml-faqs.md Normal file
View File

@ -0,0 +1,21 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: SAML
---
### Does SAML authentication require additional attributes?
You must provide an email address as an attribute to authenticate through SAML. The Name attribute is optional.
### Does the application recognize the NameID/Unique Identifier in the SAMLResponse subject?
The preferred format is your email address, which should also be your Name ID.
### When you enforce SAML SSO, at what stage is the login required for tracking through SAML? At runtime or install time?
At runtime for Docker Desktop if its configured to require authentication to the organization.
### Do you have any information on how to use the Docker Desktop application in accordance with the SSO users we provide? How can we verify that we're handling the licensing correctly?
Verify that your users have downloaded the latest version of Docker Desktop. An enhancement in user management observability and capabilities will become available in the future.

89
single-sign-on/users-faqs.md Normal file
View File

@ -0,0 +1,89 @@
---
description: Single Sign-on FAQs
keywords: Docker, Docker Hub, SSO FAQs, single sign-on
title: Manage users
---
### How do I manage users when using SSO?
Users are managed through organizations in Docker Hub. When you configure SSO in Docker, you need to make sure an account exists for each user in your IdP account. When a user signs in to Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
### Do I need to manually add users to my organization?
No, you dont need to manually add users to your organization in Docker Hub. You just need to make sure an account for your users exists in your IdP. When users sign in to Docker Hub, they're automatically assigned to the organization using their domain email address.
When a user signs into Docker for the first time using their domain email address, they will be automatically added to the organization after a successful authentication.
### Can users in my organization use different email addresses to authenticate through SSO?
During the SSO setup, youll have to specify the company email domains that are allowed to authenticate. All users in your organization must authenticate using the email domain specified during SSO setup. Some of your users may want to maintain a different account for their personal projects.
Users with a public domain email address will be added as guests.
### Can Docker org owners/Admins/company owners approve users to an organization and use a seat, rather than having them automatically added when SSO Is enabled?
Admins, organization owners and company owners can currently approve users by configuring their permissions through their IdP. That's if the user account is configured in the IdP, the user will be automatically added to the organization in Docker Hub as long as theres an available seat.
### How will users be made aware that they're being made a part of a Docker Org?
When SSO is enabled, users will be prompted to authenticate through SSO the next time they try to sign in to Docker Hub or Docker Desktop. The system will see the end-user has a domain email associated with the docker ID they're trying to authenticate with, and prompts them to sign in with SSO email and credentials instead.
If users attempt to sign in through the CLI, they must authenticate using a personal access token (PAT).
### Is it possible to force users of Docker Desktop to authenticate, and/or authenticate using their companys domain?
Yes. Admins can force users to authenticate with Docker Desktop by provisioning a [`registry.json`](../docker-hub/configure-sign-in.md) configuration file. The `registry.json` file will force users to authenticate as a user that's configured in the `allowedOrgs` list in the `registry.json` file.
Once SSO enforcement is set up on their Docker Business organisation or company on Hub, when the user is forced to authenticate with Docker Desktop, the SSO enforcement will also force users to authenticate through SSO with their IdP (instead of authenticating using their username and password).
Users may still be able to authenticate as a "guest" account using a non-domain email address. However, they can only authenticate as guests if that non-domain email was invited.
### Is it possible to convert existing users from non-SSO to SSO accounts?
Yes, you can convert existing users to an SSO account. To convert users from a non-SSO account:
* Ensure your users have a company domain email address and they have an account in your IdP
* Verify that all users have Docker Desktop version 4.4.2 or later installed on their machines
* Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI
* Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](index.md).
### What impact can users expect once we start onboarding them to SSO accounts?
When SSO is enabled and enforced, your users just have to sign in using the email address and password.
### Is Docker SSO fully synced with Active Directory (AD)?
Docker doesnt currently support a full sync with AD. That's, if a user leaves the organization, administrators must sign in to Docker Hub and manually [remove the user](../docker-hub/members.md#remove-members) from the organization.
Additionally, you can use our APIs to complete this process.
### What's the best way to provision the Docker Subscription without SSO?
Company or organisation owners can invite users through Docker Hub UI, by email address (for any user) or by Docker ID (assuming the user has created a user account on Hub already).
### If we add a user manually for the first time, can I register in the dashboard and will the user get an invitation link through email?
Yes, if the user is added through email address to an org, they will receive an email invite. If invited through Docker ID as an existing user instead, they'll be added to the organization automatically. A new invite flow will occur in the near future that will require an email invite (so the user can choose to opt out). If the org later sets up SSO for [zeiss.com](https://www.zeiss.com/) domain, the user will automatically be added to the domain SSO org next sign in which requires SSO auth with the identity provider (Hub login will automatically redirect to the identity provider).
### Can someone join an organization without an invitation? Is it possible to put specific users to an organization with existing email accounts?
Not without SSO. Joining requires an invite from a member of the Owners group. When SSO is enforced, then the domains verified through SSO will allow users to automatically join the organization the next time they sign in as a user that has a domain email assigned.
### When we send an invitation to the user, will the existing account be consolidated and retained?
Yes, the existing user account will join the organization with all assets retained.
### How can I view, update, and remove multiple email addresses for my users?
We only support one email per user on the Docker platform.
### How can I remove invitees to the org who haven't signed in?
They can go to the invitee list in the org view and remove them.
### How's the flow for service account authentication different from a UI user account?
It isn't; we don't differentiate the two in product.

2
support/index.md
View File

@ -104,7 +104,7 @@ For more information, see [Docker Data Processing Agreement](https://www.docker.
Before seeking support, you can perform basic troubleshooting. See [Diagnose and Troubleshooting](../desktop/troubleshoot/overview.md) for more information.
You can also see if an answer already exists in the following FAQs:
- [Docker Business or Team onboarding](../docker-hub/onboarding-faqs.md)
- [Docker Business or Team onboarding](../docker-hub/general-faqs.md)
- [Docker Desktop](../desktop/faqs/general.md)
- [Docker Desktop for Linux](../desktop/faqs/linuxfaqs.md)
- [Docker Desktop for Mac](../desktop/faqs/macfaqs.md)