docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/content/manuals/security/for-admins/single-sign-on/manage.md

3.1 KiB
Raw Permalink Blame History

description keywords title linkTitle aliases
Learn how to manage Single Sign-On for your organization or company. manage, single sign-on, SSO, sign-on, docker hub, admin console, admin, security Manage single sign-on Manage
/admin/company/settings/sso-management/
/single-sign-on/manage/

{{< summary-bar feature_name="SSO" >}}

Manage organizations

[!NOTE]

You must have a company to manage more than one organization.

{{% admin-sso-management-orgs product="admin" %}}

Manage domains

{{< tabs >}} {{< tab name="Admin Console" >}}

{{% admin-sso-management product="admin" %}}

{{< /tab >}} {{< tab name="Docker Hub" >}}

{{% include "hub-org-management.md" %}}

{{% admin-sso-management product="hub" %}}

{{< /tab >}} {{< /tabs >}}

Manage SSO connections

{{< tabs >}} {{< tab name="Admin Console" >}}

{{% admin-sso-management-connections product="admin" %}}

{{< /tab >}} {{< tab name="Docker Hub" >}}

{{% include "hub-org-management.md" %}}

{{% admin-sso-management-connections product="hub" %}}

{{< /tab >}} {{< /tabs >}}

Manage users

[!IMPORTANT]

SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have disabled it. This means your users are auto-provisioned to your organization.

You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:

Alternatively, see the Provisioning overview guide.

Add guest users when SSO is enabled

To add a guest that isn't verified through your IdP:

  1. Sign in to the Admin Console.
  2. Select your organization or company from the Choose profile page, then select Members.
  3. Select Invite.
  4. Follow the on-screen instructions to invite the user.

Remove users from the SSO company

To remove a user:

  1. Sign in to Admin Console.
  2. Select your organization or company from the Choose profile page, then select Members.
  3. Select the action icon next to a users name, and then select Remove member, if you're an organization, or Remove user, if you're a company.
  4. Follow the on-screen instructions to remove the user.

Manage provisioning

Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the Provisioning overview guide.

What's next?