mirror of https://github.com/docker/docs.git
Update SCIM and Group mapping attributes (#17876)
* add note to scim docs on attributes and fix typo * update attributes and shift group mapping content * updates from sme feedback * update for sme feedback
This commit is contained in:
parent
565306f956
commit
fbf8368b75
|
@ -10,15 +10,6 @@
|
|||
|
||||
With directory group-to-team provisioning from your IdP, user updates will automatically sync with your Docker organizations and teams.
|
||||
|
||||
To correctly assign your users to Docker teams, you must create groups in your IDP following the naming pattern `organization:team`. For example, if you want to manage provisioning for the team "developers” in Docker, and your organization name is “moby,” you must create a group in your IdP with the name “moby:developers”.
|
||||
|
||||
Once you enable group mappings in your connection, users assigned to that group in your IdP will automatically be added to the team “developers” in Docker.
|
||||
|
||||
>**Tip**
|
||||
>
|
||||
>Use the same names for the Docker teams as your group names in the IdP to prevent further configuration. When you sync groups, a group is created if it doesn’t already exist.
|
||||
{: .tip}
|
||||
|
||||
## How group mapping works
|
||||
|
||||
IdPs share with Docker the main attributes of every authorized user through SSO, such as email address, name, surname, and groups. These attributes are used by Just-In-Time (JIT) Provisioning to create or update the user’s Docker profile and their associations with organizations and teams on Docker Hub.
|
||||
|
@ -42,6 +33,26 @@ After every successful SSO sign-in authentication, the JIT provisioner performs
|
|||
|
||||
## Use group mapping
|
||||
|
||||
To correctly assign your users to Docker teams, you must create groups in your IdP following the naming pattern `organization:team`. For example, if you want to manage provisioning for the team "developers", and your organization name is "moby", you must create a group in your IdP with the name `moby:developers`.
|
||||
|
||||
Once you enable group mappings in your connection, users assigned to that group in your IdP will automatically be added to the team "developers" in Docker.
|
||||
|
||||
You can use this format to add a user to multiple organizations. For example, if you want to add a user to the "backend" team in the "moby" organization as well as the "desktop" team in the "docker" organization, the format would be: `moby:backend` and `docker:desktop`.
|
||||
|
||||
>**Tip**
|
||||
>
|
||||
>Use the same names for the Docker teams as your group names in the IdP to prevent further configuration. When you sync groups, a group is created if it doesn’t already exist.
|
||||
{: .tip}
|
||||
|
||||
The following lists the supported group mapping attributes:
|
||||
|
||||
| Attribute | Description |
|
||||
|:--------- | :---------- |
|
||||
| id | Unique ID of the group in UUID format. This attribute is read-only. |
|
||||
| displayName | Name of the group following the group mapping format: `organization:team`. |
|
||||
| members | A list of users that are members of this group. |
|
||||
| members[x].value | Unique ID of the user that is a member of this group. Members are referenced by ID. |
|
||||
|
||||
To take advantage of group mapping, follow the instructions provided by your IdP:
|
||||
|
||||
- [Okta](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-enable-group-push.htm){: target="_blank" rel="noopener" class="_" }
|
||||
|
|
|
@ -29,13 +29,16 @@ The following provisioning features are supported:
|
|||
- Re-activate users
|
||||
- Group mapping
|
||||
|
||||
The table below lists the supported attributes. Note that your attribute mappings must match for SSO to prevent duplicating your members.
|
||||
The following table lists the supported attributes. Note that your attribute mappings must match for SSO to prevent duplicating your members.
|
||||
|
||||
| Attribute | Description
|
||||
|:---------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
|
||||
| username | Unique identifier of the user (email) |
|
||||
| givenName | User’s first name |
|
||||
| familyName |User’s surname |
|
||||
| userName | User's primary email address. This is used as the unique identifier of the user. |
|
||||
| name.givenName | User’s first name |
|
||||
| name.familyName | User’s surname |
|
||||
| active | Indicates if a user is enabled or disabled. Can be set to false to de-provision the user. |
|
||||
|
||||
For additional details about supported attributes and SCIM, see [Docker Hub API SCIM reference](/docker-hub/api/latest/#tag/scim).
|
||||
|
||||
## Set up SCIM
|
||||
|
||||
|
|
Loading…
Reference in New Issue