docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/layouts/shortcodes/admin-sso-management-users.md

3.4 KiB
Raw Blame History

{{ $product_link := "Docker Hub" }} {{ $sso_navigation := `Navigate to the SSO settings page for your organization or company.

  • Organization: Select Organizations, your organization, Settings, and then Security.
  • Company: Select Organizations, your company, and then Settings.` }} {{ $member_navigation := "Select Organizations, your organization, and then Members." }} {{ $invite_button := "Invite members" }} {{ $remove_button := "Remove member" }} {{ $provisioning_steps := "This feature is only available in the Admin Console."}}

{{ if eq (.Get "product") "admin" }} {{ $product_link = "the Admin Console" }} {{ $invite_button = "Invite" }} {{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select SSO & SCIM." }} {{ $member_navigation = Navigate to the user management page for your organization or company. - Organization: Select your organization in the left navigation drop-down menu, and then select **Members**. - Company: Select your company in the left navigation drop-down menu, and then select **Users**. }} {{ $remove_button = "Remove member, if you're an organization, or Remove user, if you're a company" }} {{ $provisioning_steps = `Users are provisioned with JIT provisioning by default. If you enable SCIM, you can disable JIT:

  1. Sign in to the Admin Console.
  2. Select your organization or company in the left navigation drop-down menu, and then select SSO & SCIM.
  3. In the SSO connections table, select the Action icon and then Disable JIT provisioning.
  4. Select Disable to confirm.` }} {{ end }}

Important

SSO has Just-In-Time (JIT) Provisioning enabled by default. This means your users are auto-provisioned to your organization.

You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:

Alternatively, see Manage how users are provisioned. { .important}

Add guest users when SSO is enabled

To add a guest that isn't verified through your IdP:

  1. Sign in to {{ $product_link }}.
  2. {{ $member_navigation }}
  3. Select {{ $invite_button }}.
  4. Follow the on-screen instructions to invite the user.

Remove users from the SSO company

To remove a user:

  1. Sign in to {{ $product_link }}.
  2. {{ $member_navigation }}
  3. Select the action icon next to a users name, and then select {{ $remove_button }}.
  4. Follow the on-screen instructions to remove the user.

Manage how users are provisioned

Beta feature

Optional Just-in-Time (JIT) provisioning is available in beta when you use the Admin Console and SCIM is enabled. With this feature, you have the option to disable JIT provisioning. See SSO authentication with JIT provisioning disabled. { .experimental }

{{ $provisioning_steps }}