docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ENGDOCS-2072b (#20094) 

* ENGDOCS-2072b

* final tweaks

* review edits
This commit is contained in:
Allie Sadler 2024-07-15 11:02:22 +01:00 committed by GitHub
parent 91ab0808f6
commit b904b7f074
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 377 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/admin/faqs/organization-faqs.md
View File

@ -26,7 +26,7 @@ No. Organization owners can invite users with their email address, and also assi
### Can I force my organization's members to authenticate before using Docker Desktop and are there any benefits?
Yes. You can [enforce sign-in](../../security/for-admins/configure-sign-in.md) and some benefits are:
Yes. You can [enforce sign-in](../../security/for-admins/enforce-sign-in/_index.md) and some benefits are:
- Administrators can enforce features like [Image Access Management](../../security/for-admins/image-access-management.md) and [Registry Access Management](../../security/for-admins/registry-access-management.md).
- Administrators can ensure compliance by blocking Docker Desktop usage for users who don't sign in as members of the organization.

2
content/desktop/get-started.md
View File

@ -29,7 +29,7 @@ aliases:
Docker recommends that you authenticate using the **Sign in** option in the top-right corner of the Docker Dashboard.
In large enterprises where admin access is restricted, administrators can [Configure registry.json to enforce sign-in](../security/for-admins/configure-sign-in.md).
In large enterprises where admin access is restricted, administrators can [enforce sign-in](../security/for-admins/enforce-sign-in/_index.md).
> **Tip**
>

2
content/desktop/hardened-desktop/air-gapped-containers.md
View File

@ -23,7 +23,7 @@ You can choose:
## Configuration
Assuming [enforced sign-in](../../security/for-admins/configure-sign-in.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
Assuming [enforced sign-in](../../../security/for-admins/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
```json
{

2
content/desktop/hardened-desktop/enhanced-container-isolation/_index.md
View File

@ -92,7 +92,7 @@ To enable Enhanced Container Isolation as a developer:
#### As an admin
To enable Enhanced Container Isolation as an admin, you first need to [configure a `registry.json` file to enforce sign-in](../../../security/for-admins/configure-sign-in.md).
To enable Enhanced Container Isolation as an admin, you first need to [enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md).
This is because the Enhanced Container Isolation feature requires a Docker
Business subscription and therefore your Docker Desktop users must authenticate
to your organization for this configuration to take effect.

2
content/desktop/hardened-desktop/settings-management/_index.md
View File

@ -51,7 +51,7 @@ For more details on the syntax and options admins can set, see [Configure Settin
### How do I set up and enforce Settings Management?
As an administrator, you first need to [configure a registry.json to enforce sign-in](../../../security/for-admins/configure-sign-in.md). This is because the Settings Management feature requires a Docker Business subscription and therefore your Docker Desktop developers must authenticate to your organization for this configuration to take effect.
As an administrator, you first need to [configure a registry.json to enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md). This is because the Settings Management feature requires a Docker Business subscription and therefore your Docker Desktop developers must authenticate to your organization for this configuration to take effect.
Next, you must either manually [create and configure the admin-settings.json file](configure.md), or use the `--admin-settings` installer flag on [macOS](../../install/mac-install.md#install-from-the-command-line) or [Windows](../../install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location.

2
content/desktop/hardened-desktop/settings-management/configure.md
View File

@ -15,7 +15,7 @@ Settings Management is designed specifically for organizations who dont give
### Prerequisites
- [Download and install Docker Desktop 4.13.0 or later](../../release-notes.md).
- As an admin, you need to [configure a registry.json to enforce sign-in](../../../security/for-admins/configure-sign-in.md). This is because this feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
- As an admin, you need to [configure a registry.json to enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md). This is because this feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
### Step one: Create the `admin-settings.json` file and save it in the correct location

2
content/docker-hub/_index.md
View File

@ -49,7 +49,7 @@ GitHub and Bitbucket and push them to Docker Hub.
{{< tab name="What administrative tasks can I perform in Docker Hub?" >}}
* [Create and manage teams and organizations](orgs.md)
* [Create a company](../admin/company/new-company.md)
* [Enforce sign in](configure-sign-in.md)
* [Enforce sign in](../security/for-admins/enforce-sign-in/_index.md)
* Set up [SSO](../security/for-admins/single-sign-on/index.md) and [SCIM](../security/for-admins/provisioning/scim.md)
* Use [Group mapping](group-mapping.md)
* [Carry out domain audits](domain-audit.md)

2
content/docker-hub/release-notes.md
View File

@ -72,7 +72,7 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro
### Bug fixes and enhancements
- In Docker Hub, you can now download a [registry.json](../security/for-admins/configure-sign-in.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
- In Docker Hub, you can now download a [registry.json](../security/for-admins/enforce-sign-in/_index.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
## 2022-09-19

2
content/security/_index.md
View File

@ -25,7 +25,7 @@ grid_admins:
link: /desktop/hardened-desktop/air-gapped-containers/
- title: Enforce sign-in
description: Configure sign-in for members of your teams and organizations.
link: /security/for-admins/configure-sign-in/
link: /security/for-admins/enforce-sign-in/
icon: passkey
- title: Domain audit
description: Identify uncaptured users in your organization.

4
content/security/faqs/single-sign-on/enforcement-faqs.md
View File

@ -66,4 +66,6 @@ Enforcing SSO and enforcing sign-in to Docker Desktop are different features tha
Enforcing SSO ensures that users sign in using their SSO credentials instead of their Docker ID. One of the benefits is that SSO enables you to better manage user credentials.
Enforcing sign-in to Docker Desktop ensures that users always sign in to an
account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/configure-sign-in.md).
account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/enforce-sign-in/_index.md).

4
content/security/faqs/single-sign-on/users-faqs.md
View File

@ -36,7 +36,7 @@ If users attempt to sign in through the CLI, they must authenticate using a pers
### Is it possible to force users of Docker Desktop to authenticate, and/or authenticate using their companys domain?
Yes. Administrators can force users to authenticate with Docker Desktop by provisioning a [`registry.json`](../../../security/for-admins/configure-sign-in.md) configuration file. The `registry.json` file will force users to authenticate as a user that's configured in the `allowedOrgs` list in the `registry.json` file.
Yes. Admins can [force users to authenticate with Docker Desktop](../../for-admins/enforce-sign-in/_index.md) using a registry key, `.plist` file, or `registry.json` file.
Once SSO enforcement is set up on their Docker Business organization or company on Hub, when the user is forced to authenticate with Docker Desktop, the SSO enforcement will also force users to authenticate through SSO with their IdP (instead of authenticating using their username and password).
@ -51,7 +51,7 @@ Yes, you can convert existing users to an SSO account. To convert users from a n
- Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI.
- Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/configure-sign-in.md).
For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/single-sign-on/configure/_index.md).
### What impact can users expect once we start onboarding them to SSO accounts?

2
content/security/for-admins/domain-audit.md
View File

@ -17,7 +17,7 @@ Domain audit can't identify the following Docker users in your environment:
- Users who access Docker Desktop without authenticating
- Users who authenticate using an account that doesn't have an email address associated with one of your verified domains
Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](configure-sign-in.md).
Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
> **Tip**
>

45
content/security/for-admins/enforce-sign-in/_index.md Normal file
View File

@ -0,0 +1,45 @@
---
description: Understand what happens when you force users to sign in to Docker Desktop
toc_max: 2
keywords: authentication, registry.json, configure, enforce sign-in, docker desktop, security,
title: Enforce sign-in for Docker Desktop
aliases:
- /docker-hub/configure-sign-in/
- /security/for-admins/configure-sign-in/
---
By default, members of your organization can use Docker Desktop without signing
in. When users dont sign in as a member of your organization, they dont
receive the [benefits of your organizations
subscription](../../../subscription/core-subscription/details.md) and they can circumvent [Dockers
security features](../../../desktop/hardened-desktop/_index.md) for your organization.
There are multiple ways you can enforce sign-in, depending on your companies' set up and preferences:
- [Registry key method (Windows only)](methods.md#registry-key-method-windows-only){{< badge color=violet text="Early Access" >}}
- [`.plist` method (Mac only)](methods.md#plist-method-mac-only){{< badge color=violet text="Early Access" >}}
- [`registry.json` method (All)](methods.md#registryjson-method-all)
## How is sign-in enforced?
When Docker Desktop starts and it detects a registry key, a `.plist` file or `registry.json` file, the
following occurs:
- A **Sign in required!** prompt appears requiring the user to sign
in as a member of your organization to use Docker Desktop. ![Enforce Sign-in
Prompt](../../images/enforce-sign-in.png?w=400)
- When a user signs in to an account that isnt a member of your organization,
they are automatically signed out and cant use Docker Desktop. The user
can select **Sign in** and try again.
- When a user signs in to an account that is a member of your organization, they
can use Docker Desktop.
- When a user signs out, the **Sign in required!** prompt appears and they can
no longer use Docker Desktop.
> **Enforce sign-in versus enforce SSO**
>
> Enforcing sign-in ensures that users are required to sign in to use Docker Desktop.
> If your organization is also using single sign-on (SSO), you can optionally enforce SSO.
> This means that your users must use SSO to sign in, instead of a username and password.
> When you enforce sign-in and enforce SSO, your users must sign in and must use SSO to do so.
> See [Enforce SSO](/security/for-admins/single-sign-on/connect#optional-enforce-sso) for details on how to enable this for your SSO connection.
{ .tip }

308
content/security/for-admins/enforce-sign-in/methods.md Normal file
View File

@ -0,0 +1,308 @@
---
description: Learn about the different ways you can force users to sign in to Docker Desktop
keywords: authentication, registry.json, configure, enforce sign-in, docker desktop, security
title: Ways to enforce sign-in for Docker Desktop
---
This page outlines the different ways you can enforce sign-in for Docker Desktop.
## Registry key method (Windows only)
> **Early Access**
>
> The registry key method is an [early access](../../../release-lifecycle.md#early-access-ea) feature.
> It's available with Docker Desktop version 4.32 and later.
{ .restricted }
1. Create the registry key. Your new key should look like the following:
```console
$ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Docker\Docker Desktop
```
2. Create a multi-string value `allowedOrgs`.
> **Important**
>
> Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails.
{ .important }
3. As string data use your organizations name, all lowercase.
4. Restart Docker Desktop.
5. Open Docker Desktop and when Docker Desktop starts, verify that the **Sign in required!** prompt appears.
In some cases, a system reboot may be necessary for enforcement to take effect.
>**Note**
>
> If a registry key and a `registry.json` file both exist, the registry key takes precedence.
### Example deployment via Group Policy
The following is only an illustrative example.
There are many ways to deploy the registry key, for example using an MDM solution or with PowerShell scripting. The method you choose is dependent on your organizations infrastructure, security policies, and the administrative rights of the end-users.
1. Create the registry script. Write a script to create the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Docker\Docker Desktop` key, add the `allowedOrgs` multi-string, and then set the value to your organizations name.
2. Within Group Policy, create or edit a Group Policy Objective (GPO) that applies to the machines or users you want to target.
3. Within the GPO, navigate to **Computer Configuration** > **Preferences** > **Windows Settings** > **Registry**.
4. Add the registry item. Right-click on the **Registry** node, select **New** > **Registry Item**.
5. Configure the new registry item to match the registry script you created, specifying the action as **Update**. Make sure you input the correct path, value name (`allowedOrgs`), and value data (your organizations name).
6. Link the GPO to an Organizational Unit (OU) that contains the machines you want to apply this setting to.
7. Test the GPO. Test the GPO on a small set of machines first to ensure it behaves as expected. You can use the `gpupdate /force` command on a test machine to manually refresh its group policy settings and check the registry to confirm the changes.
8. Once verified, you can proceed with broader deployment. Monitor the deployment to ensure the settings are applied correctly across the organization's computers.
## plist method (Mac only)
> **Early Access**
>
> The plist method is an [early access](../../../release-lifecycle.md#early-access-ea) feature.
> It's available with Docker Desktop version 4.32 and later.
{ .restricted }
1. Create the file `/Library/Application Support/com.docker.docker/desktop.plist`.
2. Open `desktop.plist` in a text editor and add the following content, where `myorg` is replaced with your organizations name all lowercase:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allowedOrgs</key>
<array>
<string>myorg</string>
</array>
</dict>
</plist>
```
> **Important**
>
> Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails.
{ .important }
3. Modify the file permissions to ensure the file cannot be edited by any non-administrator users.
4. Restart Docker Desktop.
5. Open Docker Desktop and when Docker Desktop starts, verify that the **Sign in required!** prompt appears.
>**Note**
>
> If a `plist` and `registry.json` file both exist, the registry key takes precedence.
### Example deployment
The following is only an illustrative example.
There are many ways to deploy the `.plist` file. The method you choose is dependent on your organizations infrastructure, security policies, and the administrative rights of the end-users.
{{< tabs >}}
{{< tab name="MDM" >}}
1. Follow the steps previously outlined to create the `desktop.plist` file.
2. Use an MDM tool like Jamf or Fleet to distribute the `desktop.plist` file to `/Library/Application Support/com.docker.docker/` on target macOS devices.
3. Through the MDM tool, set the file permissions to permit editing by administrators only.
{{< /tab >}}
{{< tab name="Shell script" >}}
1. Create a Bash script that can check for the existence of the `.plist` file in the correct directory, create or modify it as needed, and set the appropriate permissions.
Include commands in your script to:
- Navigate to the `/Library/Application Support/com.docker.docker/` directory or create it if it doesn't exist.
- Use the `defaults` command to write the required keys and values to the `desktop.plist` file. For example:
```console
$ defaults write /Library/Application\ Support/com.docker.docker/desktop.plist allowedOrgs -string "myorg"
```
- Change permissions of the `plist` file to restrict editing, using `chmod` and possibly `chown` to set the owner to root or another administrator account, ensuring it can't be easily modified by unauthorized users.
2. Before deploying the script across the organization, test it on a local macOS machine to ensure it behaves as expected. Pay attention to directory paths, permissions, and the successful application of `plist` settings.
3. Ensure that you have the capability to execute scripts remotely on macOS devices. This might involve setting up SSH access or using a remote support tool that supports macOS.
4. Use a method of remote script execution that fits your organization's infrastructure. Options include:
- SSH. If SSH is enabled on the target machines, you can use it to execute the script remotely. This method requires knowledge of the device's IP address and appropriate credentials.
- Remote support tool. For organizations using a remote support tool, you can add the script to a task and execute it across all selected machines.
5. Ensure the script is running as expected on all targeted devices. This might involve checking log files or implementing logging within the script itself to report its success or failure.
{{< /tab >}}
{{< /tabs >}}
## registry.json method (All)
The following instructions explain how to create and deploy a `registry.json` file to a single device. There are many ways to deploy the `regitry.json` file. You can follow the example deployments outlined in the `.plist` file section. The method you choose is dependent on your organization's infrastructure, security policies, and the administrative rights of the end-users.
### Option 1: Create a registry.json file to enforce sign-in
1. Ensure that the user is a member of your organization in Docker. For more
details, see [Manage members](/admin/organization/members/).
2. Create the `registry.json` file.
Based on the user's operating system, create a file named `registry.json` at the following location and make sure the file can't be edited by the user.
| Platform | Location |
| --- | --- |
| Windows | `/ProgramData/DockerDesktop/registry.json` |
| Mac | `/Library/Application Support/com.docker.docker/registry.json` |
| Linux | `/usr/share/docker-desktop/registry/registry.json` |
3. Specify your organization in the `registry.json` file.
Open the `registry.json` file in a text editor and add the following contents, where `myorg` is replaced with your organizations name. The file contents are case-sensitive and you must use lowercase letters for your organization's name.
```json
{
"allowedOrgs": ["myorg"]
}
```
> **Important**
>
> Only one entry for `allowedOrgs` is currently supported. If you add more than one value, sign-in enforcement silently fails.
{ .important }
4. Verify that sign-in is enforced.
To activate the `registry.json` file, restart Docker Desktop on the users machine. When Docker Desktop starts, verify that the **Sign in
required!** prompt appears.
In some cases, a system reboot may be necessary for the enforcement to take effect.
> **Tip**
>
> If your users have issues starting Docker Desktop after you enforce sign-in, they may need to update to the latest version.
{ .tip }
### Option 2: Create a registry.json file when installing Docker Desktop
To create a `registry.json` file when installing Docker Desktop, use the following instructions based on your user's operating system.
{{< tabs >}}
{{< tab name="Windows" >}}
To automatically create a `registry.json` file when installing Docker Desktop,
download `Docker Desktop Installer.exe` and run one of the following commands
from the directory containing `Docker Desktop Installer.exe`. Replace `myorg`
with your organization's name. You must use lowercase letters for your
organization's name.
If you're using PowerShell:
```powershell
PS> Start-Process '.\Docker Desktop Installer.exe' -Wait 'install --allowed-org=myorg'
```
If you're using the Windows Command Prompt:
```console
C:\Users\Admin> "Docker Desktop Installer.exe" install --allowed-org=myorg
```
{{< /tab >}}
{{< tab name="Mac" >}}
To automatically create a `registry.json` file when installing Docker Desktop,
download `Docker.dmg` and run the following commands in a terminal from the
directory containing `Docker.dmg`. Replace `myorg` with your organization's name. You must use lowercase letters for your organization's name.
```console
$ sudo hdiutil attach Docker.dmg
$ sudo /Volumes/Docker/Docker.app/Contents/MacOS/install --allowed-org=myorg
$ sudo hdiutil detach /Volumes/Docker
```
{{< /tab >}}
{{< /tabs >}}
### Option 3: Create a registry.json file using the command line
To create a `registry.json` using the command line, use the following instructions based on your user's operating system.
{{< tabs >}}
{{< tab name="Windows" >}}
To use the CLI to create a `registry.json` file, run the following PowerShell
command as an administrator and replace `myorg` with your organization's name. The file
contents are case-sensitive and you must use lowercase letters for your
organization's name.
```powershell
PS> Set-Content /ProgramData/DockerDesktop/registry.json '{"allowedOrgs":["myorg"]}'
```
This creates the `registry.json` file at
`C:\ProgramData\DockerDesktop\registry.json` and includes the organization
information the user belongs to. Make sure that the user can't edit this file, but only the administrator can:
```console
PS C:\ProgramData\DockerDesktop> Get-Acl .\registry.json
Directory: C:\ProgramData\DockerDesktop
Path Owner Access
---- ----- ------
registry.json BUILTIN\Administrators NT AUTHORITY\SYSTEM Allow FullControl...
```
{{< /tab >}}
{{< tab name="Mac" >}}
To use the CLI to create a `registry.json` file, run the following commands in a
terminal and replace `myorg` with your organization's name. The file contents
are case-sensitive and you must use lowercase letters for your organization's
name.
```console
$ sudo mkdir -p "/Library/Application Support/com.docker.docker"
$ echo '{"allowedOrgs":["myorg"]}' | sudo tee "/Library/Application Support/com.docker.docker/registry.json"
```
This creates (or updates, if the file already exists) the `registry.json` file
at `/Library/Application Support/com.docker.docker/registry.json` and includes
the organization information the user belongs to. Make sure that the file has the
expected content, and that the user can't edit this file, but only the administrator can.
Verify that the content of the file contains the correct information:
```console
$ sudo cat "/Library/Application Support/com.docker.docker/registry.json"
{"allowedOrgs":["myorg"]}
```
Verify that the file has the expected permissions (`-rw-r--r--`) and ownership
(`root` and `admin`):
```console
$ sudo ls -l "/Library/Application Support/com.docker.docker/registry.json"
-rw-r--r-- 1 root admin 26 Jul 27 22:01 /Library/Application Support/com.docker.docker/registry.json
```
{{< /tab >}}
{{< tab name="Linux" >}}
To use the CLI to create a `registry.json` file, run the following commands in a
terminal and replace `myorg` with your organization's name. The file contents
are case-sensitive and you must use lowercase letters for your organization's
name.
```console
$ sudo mkdir -p /usr/share/docker-desktop/registry
$ echo '{"allowedOrgs":["myorg"]}' | sudo tee /usr/share/docker-desktop/registry/registry.json
```
This creates (or updates, if the file already exists) the `registry.json` file
at `/usr/share/docker-desktop/registry/registry.json` and includes the
organization information to which the user belongs. Make sure the file has the
expected content and that the user can't edit this file, only the root can.
Verify that the content of the file contains the correct information:
```console
$ sudo cat /usr/share/docker-desktop/registry/registry.json
{"allowedOrgs":["myorg"]}
```
Verify that the file has the expected permissions (`-rw-r--r--`) and ownership
(`root`):
```console
$ sudo ls -l /usr/share/docker-desktop/registry/registry.json
-rw-r--r-- 1 root root 26 Jul 27 22:01 /usr/share/docker-desktop/registry/registry.json
```
{{< /tab >}}
{{< /tabs >}}

2
content/security/for-admins/image-access-management.md
View File

@ -18,7 +18,7 @@ For example, a developer, who is part of an organization, building a new contain
## Prerequisites
You need to [configure a registry.json to enforce sign-in](configure-sign-in.md). For Image Access Management to take effect, Docker Desktop users must authenticate to your organization.
You need to [configure a registry.json to enforce sign-in](enforce-sign-in/_index.md). For Image Access Management to take effect, Docker Desktop users must authenticate to your organization.
## Configure Image Access Management permissions

2
content/security/for-admins/registry-access-management.md
View File

@ -28,7 +28,7 @@ Example registries administrators can allow include:
## Prerequisites
You need to [configure a registry.json to enforce sign-in](/docker-hub/configure-sign-in/). For Registry Access Management to take effect, Docker Desktop users must authenticate to your organization.
You need to [configure a registry.json to enforce sign-in](enforce-sign-in/_index.md). For Registry Access Management to take effect, Docker Desktop users must authenticate to your organization.
## Configure Registry Access Management permissions

8
data/toc.yaml
View File

@ -2271,8 +2271,12 @@ Manuals:
title: Just-in-Time
- path: /security/for-admins/provisioning/group-mapping/
title: Group mapping
- path: /security/for-admins/configure-sign-in/
title: Enforce sign in
- sectiontitle: Enforce sign-in
section:
- path: /security/for-admins/enforce-sign-in/
title: Overview
- path: /security/for-admins/enforce-sign-in/methods/
title: Methods
- path: /security/for-admins/roles-and-permissions/
title: Roles and permissions
- path: /security/for-admins/domain-audit/

2
layouts/shortcodes/admin-org-onboarding.md
View File

@ -57,7 +57,7 @@ You can manage your members in your identity provider and automatically provisio
## Step 5: Enforce sign-in for Docker Desktop
By default, members of your organization can use Docker Desktop on their machines without signing in to any Docker account. You must enforce sign-in to ensure that users receive the benefits of your Docker subscription and that security settings are enforced. For details, see [Configure registry.json to enforce sign-in](/docker-hub/configure-sign-in/).
By default, members of your organization can use Docker Desktop on their machines without signing in to any Docker account. You must enforce sign-in to ensure that users receive the benefits of your Docker subscription and that security settings are enforced. For details, see [Configure registry.json to enforce sign-in](/security/for-admins/enforce-sign-in/).
## What's next