From a34f11edb20e83f94d9e084335e6519654f7029a Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 12 Feb 2025 14:14:58 -0500 Subject: [PATCH 1/4] Update mamange members and SSO users FAQs --- content/manuals/admin/organization/members.md | 4 ++++ content/manuals/security/faqs/single-sign-on/users-faqs.md | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index 8b589eac3959..55e9ba74d858 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -141,6 +141,10 @@ To add a member to a team with the Admin Console: ### Remove a member from a team +> [!NOTE] +> +> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim/) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker. + Organization owners can remove a member from a team in Docker Hub or Admin Console. Removing the member from the team will revoke their access to the permitted resources. {{< tabs >}} diff --git a/content/manuals/security/faqs/single-sign-on/users-faqs.md b/content/manuals/security/faqs/single-sign-on/users-faqs.md index 64a9c62ec45a..3a9d084ae318 100644 --- a/content/manuals/security/faqs/single-sign-on/users-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/users-faqs.md @@ -100,3 +100,9 @@ No, we don't differentiate the two in product. ### Is user information visible in Docker Hub? All Docker accounts have a public profile associated with their namespace. If you don't want user information (for example, full name) to be visible, you can remove those attributes from your SSO and SCIM mappings. Alternatively, you can use a different identifier to replace a user's full name. + +### What happens to existing licensed users when SCIM is enabled? + +Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but their management shifts to your identity provider (IdP). If an existing user is assigned to Docker in your IdP, their account remains active, but future changes must now be handled through the IdP. If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. + + From 668e0a6bb5cf0a6af1313af15fa91c1a69a67ef8 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 12 Feb 2025 14:19:25 -0500 Subject: [PATCH 2/4] whitespace --- content/manuals/security/faqs/single-sign-on/users-faqs.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/manuals/security/faqs/single-sign-on/users-faqs.md b/content/manuals/security/faqs/single-sign-on/users-faqs.md index 3a9d084ae318..e9f31f465828 100644 --- a/content/manuals/security/faqs/single-sign-on/users-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/users-faqs.md @@ -103,6 +103,4 @@ All Docker accounts have a public profile associated with their namespace. If yo ### What happens to existing licensed users when SCIM is enabled? -Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but their management shifts to your identity provider (IdP). If an existing user is assigned to Docker in your IdP, their account remains active, but future changes must now be handled through the IdP. If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. - - +Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but their management shifts to your identity provider (IdP). If an existing user is assigned to Docker in your IdP, their account remains active, but future changes must now be handled through the IdP. If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. \ No newline at end of file From 962089c32d66bebd0ad407cec53a431ddeea464e Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 12 Feb 2025 14:24:58 -0500 Subject: [PATCH 3/4] Grammar nit --- content/manuals/security/faqs/single-sign-on/users-faqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/security/faqs/single-sign-on/users-faqs.md b/content/manuals/security/faqs/single-sign-on/users-faqs.md index e9f31f465828..5488e1fa4485 100644 --- a/content/manuals/security/faqs/single-sign-on/users-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/users-faqs.md @@ -103,4 +103,4 @@ All Docker accounts have a public profile associated with their namespace. If yo ### What happens to existing licensed users when SCIM is enabled? -Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but their management shifts to your identity provider (IdP). If an existing user is assigned to Docker in your IdP, their account remains active, but future changes must now be handled through the IdP. If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. \ No newline at end of file +Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but after enabling SCIM, you will manage them in your identity provider (IdP). If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. \ No newline at end of file From 545a859dca34c0692b9094e675b85ca7f74595bb Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 12 Feb 2025 14:25:53 -0500 Subject: [PATCH 4/4] Broken link --- content/manuals/admin/organization/members.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index 55e9ba74d858..822c4f195fa1 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -143,7 +143,7 @@ To add a member to a team with the Admin Console: > [!NOTE] > -> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim/) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker. +> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim.md) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker. Organization owners can remove a member from a team in Docker Hub or Admin Console. Removing the member from the team will revoke their access to the permitted resources.