Manage single sign-on
Manage organizations
Note
You must have a company to manage more than one organization.
Early Access
The Docker Admin Console is an early access product.
It's available to all company owners and organization owners. You can still manage organizations in Docker Hub, but the Admin Console includes company-level management and enhanced features for organization management.
Connect an organization
- Sign in to the Admin Console.
- Select your company from the Choose profile page, and then select SSO and SCIM.
- In the SSO connections table, select the Action icon and then Edit connection.
- Select Next to navigate to the section where connected organizations are listed.
- In the Organizations drop-down, select the organization to add to the connection.
- Select Next to confirm or change the default organization and team provisioning.
- Review the Connection Summary and select Update connection.
Remove an organization
- Sign in to the Admin Console.
- Select your company from the Choose profile page, and then select SSO and SCIM.
- In the SSO connections table, select the Action icon and then Edit connection.
- Select Next to navigate to the section where connected organizations are listed.
- In the Organizations drop-down, select Remove to remove the connection.
- Select Next to confirm or change the default organization and team provisioning.
- Review the Connection Summary and select Update connection.
Manage domains
Early Access
The Docker Admin Console is an early access product.
It's available to all company owners and organization owners. You can still manage organizations in Docker Hub, but the Admin Console includes company-level management and enhanced features for organization management.
Remove a domain from an SSO connection
- Sign in to the Admin Console.
- Select your organization or company from the Choose profile page, and then select SSO and SCIM.
- In the SSO connections table, select the Action icon and then Edit connection.
- Select Next to navigate to the section where the connected domains are listed.
- In the Domain drop-down, select the x icon next to the domain that you want to remove.
- Select Next to confirm or change the connected organization(s).
- Select Next to confirm or change the default organization and team provisioning selections.
- Review the Connection Summary and select Update connection.
Note
If you want to re-add the domain, a new TXT record value is assigned. You must then complete the verification steps with the new TXT record value.
Remove a domain from an SSO connection
- Sign in to Docker Hub.
- Navigate to the SSO settings page for your organization. Select Organizations, your organization, Settings, and then Security.
- In the SSO connections table, select the Action icon and then Edit connection.
- Select Next to navigate to the section where the connected domains are listed.
- In the Domain drop-down, select the x icon next to the domain that you want to remove.
- Select Next to confirm or change the connected organization(s).
- Select Next to confirm or change the default organization and team provisioning selections.
- Review the Connection Summary and select Update connection.
Note
If you want to re-add the domain, a new TXT record value is assigned. You must then complete the verification steps with the new TXT record value.
Manage SSO connections
Early Access
The Docker Admin Console is an early access product.
It's available to all company owners and organization owners. You can still manage organizations in Docker Hub, but the Admin Console includes company-level management and enhanced features for organization management.
Edit a connection
- Sign in to the Admin Console.
- Select your organization or company from the Choose proifle page, and then select SSO and SCIM. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level.
- In the SSO connections table, select the Action icon.
- Select Edit connection.
- Follow the on-screen instructions to edit the connection.
Delete a connection
- Sign in to the Admin Console.
- Select your organization or company from the Choose proifle page, and then select SSO and SCIM. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level.
- In the SSO connections table, select the Action icon.
- Select Delete connection.
- Follow the on-screen instructions to delete a connection.
Deleting SSO
When you disable SSO, you can delete the connection to remove the configuration settings and the added domains. Once you delete this connection, it can't be undone. If an SSO connection is deleted, Docker users must authenticate with their Docker ID and password.
Edit a connection
- Sign in to Docker Hub.
- Navigate to the SSO settings page for your organization. Select Organizations, your organization, Settings, and then Security.
- In the SSO connections table, select the Action icon.
- Select Edit connection.
- Follow the on-screen instructions to edit the connection.
Delete a connection
- Sign in to Docker Hub.
- Navigate to the SSO settings page for your organization. Select Organizations, your organization, Settings, and then Security.
- In the SSO connections table, select the Action icon.
- Select Delete connection.
- Follow the on-screen instructions to delete a connection.
Deleting SSO
When you disable SSO, you can delete the connection to remove the configuration settings and the added domains. Once you delete this connection, it can't be undone. If an SSO connection is deleted, Docker users must authenticate with their Docker ID and password.
Manage users
Important
SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have disabled it. This means your users are auto-provisioned to your organization.
You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:
Alternatively, see the Provisioning overview guide.
Add guest users when SSO is enabled
To add a guest that isn't verified through your IdP:
- Sign in to the Admin Console.
- Select your organization or company from the Choose profile page, then select Members.
- Select Invite.
- Follow the on-screen instructions to invite the user.
Remove users from the SSO company
To remove a user:
- Sign in to Admin Console.
- Select your organization or company from the Choose profile page, then select Members.
- Select the action icon next to a user’s name, and then select Remove member, if you're an organization, or Remove user, if you're a company.
- Follow the on-screen instructions to remove the user.
Manage provisioning
Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the Provisioning overview guide.