docsCreated with Sketch.

Domain management

Early Access

Docker Admin is an early access product.

It's currently available to all company owners and organization owners that have a Docker Business or Docker Team subscription. You can still manage companies and organizations in Docker Hub. For details about managing companies or organizations in Docker Hub, see Administration and security.

Use domain management to manage your domains for Single Sign-On and SCIM, as well as audit your domains for uncaptured users.

Add and verify a domain

  1. Sign in to Docker Adminopen_in_new.

  2. Select your organization in the left navigation drop-down menu, and then select Domain management.

  3. Select Add a domain.

  4. Continue with the on-screen instructions to get a verification code for your domain as a TXT Record Value.

    Note

    Format your domains without protocol or www information, for example, yourcompany.example. This should include all email domains and subdomains users will use to access Docker, for example yourcompany.example and us.yourcompany.example. Public domains such as gmail.com, outlook.com, etc. aren’t permitted.

  5. Once you have waited 72 hours for the TXT Record verification, you can then select Verify next to the domain you've added, and follow the on-screen instructions.

    Note

    Make sure that the TXT record name that you create on your DNS matches the domain you registered on Docker in Step 4. For example, if you registered the subdomain us.yourcompany.example, you need to create a TXT record within the same name/zone us. A root domain such as yourcompany.example needs a TXT record on the root zone, which is typically denoted with the @ name for the record.

  6. Once you have waited 72 hours for the TXT record verification, you can then select Verify next to the domain you've added, and follow the on-screen instructions.

Domain audit

Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see Upgrade your subscription.

Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings.

Domain audit can't identify the following Docker users in your environment:

  • Users who access Docker Desktop without authenticating
  • Users who authenticate using an account that doesn't have an email address associated with one of your verified domains

Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see Configure registry.json to enforce sign-in.

Audit your domains for uncaptured users

Before you audit your domains, the following prerequisites are required:

  • Your organization must be part of a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see Upgrade your subscription.
  • You must add and verify your domains.

To audit your domains:

  1. Sign in to Docker Adminopen_in_new.

  2. Select your organization in the left navigation drop-down menu, and then select Domain management.

  3. In Domain Audit, select Export Users to export a CSV file of uncaptured users with the following columns:

    • Name: The name of the user.
    • Username: The Docker ID of the user.
    • Email: The email address of the user.

You can invite all the uncaptured users to your organization using the exported CSV file. For more details, see Invite members. Optionally, enforce single sign-on or enable SCIM to add users to your organization automatically. For more details, see SSO or SCIM.

Note

Domain audit may identify accounts of users who are no longer a part of your organization. If you don't want to add a user to your organization and you don't want the user to appear in future domain audits, you must deactivate the account or update the associated email address.

Only someone with access to the Docker account can deactivate the account or update the associated email address. For more details, see Deactivating an account.

If you don't have access to the account, you can contact Docker support to discover if more options are available.