From c8183564d2a9a4f422f6e69a7ea294b5911fe642 Mon Sep 17 00:00:00 2001
From: Andrey Sobolev <catandscript@gmail.com>
Date: Wed, 7 May 2025 10:39:54 +0300
Subject: [PATCH 1/2] Merge pull request #22553 from
 duffuniverse/fix-typos-in-use-compose-watch-manual

Fix typos in the Use Compose Watch manual
---
 content/manuals/compose/how-tos/file-watch.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/content/manuals/compose/how-tos/file-watch.md b/content/manuals/compose/how-tos/file-watch.md
index 5cef4963916e..e59386d267eb 100644
--- a/content/manuals/compose/how-tos/file-watch.md
+++ b/content/manuals/compose/how-tos/file-watch.md
@@ -31,8 +31,8 @@ Compose supports sharing a host directory inside service containers. Watch mode
 More importantly, `watch` allows for greater granularity than is practical with a bind mount. Watch rules let you ignore specific files or entire directories within the watched tree.
 
 For example, in a JavaScript project, ignoring the `node_modules/` directory has two benefits:
-* Performance. File trees with many small files can cause high I/O load in some configurations
-* Multi-platform. Compiled artifacts cannot be shared if the host OS or architecture is different to the container
+* Performance. File trees with many small files can cause a high I/O load in some configurations
+* Multi-platform. Compiled artifacts cannot be shared if the host OS or architecture is different from the container
 
 For example, in a Node.js project, it's not recommended to sync the `node_modules/` directory. Even though JavaScript is interpreted, `npm` packages can contain native code that is not portable across platforms.
 
@@ -88,12 +88,12 @@ If `action` is set to `rebuild`, Compose automatically builds a new image with B
 
 The behavior is the same as running `docker compose up --build <svc>`.
 
-Rebuild is ideal for compiled languages or as fallbacks for modifications to particular files that require a full
+Rebuild is ideal for compiled languages or as a fallback for modifications to particular files that require a full
 image rebuild (e.g. `package.json`).
 
 #### Sync + Restart
 
-If `action` is set to `sync+restart`, Compose synchronizes your changes with the service containers and restarts it. 
+If `action` is set to `sync+restart`, Compose synchronizes your changes with the service containers and restarts them. 
 
 `sync+restart` is ideal when the config file changes, and you don't need to rebuild the image but just restart the main process of the service containers. 
 It will work well when you update a database configuration or your `nginx.conf` file, for example.

From a461224f1c52f3bfe5c87a71596794430d4dea9b Mon Sep 17 00:00:00 2001
From: Sarah Sanders <sarah.sanders@docker.com>
Date: Wed, 7 May 2025 14:20:28 -0400
Subject: [PATCH 2/2] security: domain management (#22477)

## Description
- Adds Domain management guide separate from Domain audit (open to
discussing where else to put this)
- Adds steps to add and verify a domain, removing mention of SSO

## Related issues or tickets
- https://docker.atlassian.net/browse/ENGDOCS-2543

## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---
 .../security/for-admins/domain-management.md  | 158 ++++++++++++++++++
 data/summary.yaml                             |   3 +
 2 files changed, 161 insertions(+)
 create mode 100644 content/manuals/security/for-admins/domain-management.md

diff --git a/content/manuals/security/for-admins/domain-management.md b/content/manuals/security/for-admins/domain-management.md
new file mode 100644
index 000000000000..8a2e99a454fa
--- /dev/null
+++ b/content/manuals/security/for-admins/domain-management.md
@@ -0,0 +1,158 @@
+---
+description: Learn how to manage domains and users in the Admin Console
+keywords: domain management, security, identify users, manage users
+title: Domain management
+weight: 55
+---
+
+{{< summary-bar feature_name="Domain management" >}}
+
+Domain management lets you add and verify domains, and enable
+auto-provisioning for users. Auto-provisioning adds users to your
+organization when they sign in with an email address that matches a verified
+domain.
+
+This simplifies user management, ensures consistent security settings, and
+reduces the risk of unmanaged users accessing Docker without visibility
+or control.
+
+## Add a domain
+
+1. Sign in to the [Admin Console](https://admin.docker.com/).
+2. Select your organization or company from the **Choose profile** page.
+If your organization is part of a company, select the company
+and configure the domain for the organization at the company level.
+3. Under **Security and access**, select **Domain management**.
+4. Select **Add a domain**.
+5. Enter your domain and select **Add domain**.
+6. In the pop-up modal, copy the **TXT Record Value** to verify your domain.
+
+## Verify a domain
+
+Verifying your domain confirms that you own it. To verify, add a TXT record to
+your Domain Name System (DNS) host using the value provided by Docker. This
+value proves ownership and instructs your DNS to publish the record.
+
+It can take up to 72 hours for the DNS change to propagate. Docker automatically
+checks for the record and confirms ownership once the change is recognized.
+
+Follow your DNS provider’s documentation to add the **TXT Record Value**. If
+your provider isn't listed, use the steps for other providers.
+
+> [!TIP]
+>
+> The record name field determines where the TXT record is added in your domain
+(root or subdomain). In general, refer to the following tips for
+adding a record name:
+>
+> - Use `@` or leave the record name empty for root domains like `example.com`,
+depending on your provider.
+> - Don't enter values like `docker`, `docker-verification`, `www`, or your
+domain name. These values may direct to the wrong place.
+>
+> Check your DNS provider's documentation to verify record name requirements.
+
+{{< tabs >}}
+{{< tab name="AWS Route 53" >}}
+
+1. To add your TXT record to AWS, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html).
+2. TXT record verification can take 72 hours. Once you have waited for
+TXT record verification, return to the **Domain management** page of the
+[Admin Console](https://app.docker.com/admin) and select **Verify** next to
+your domain name.
+
+{{< /tab >}}
+{{< tab name="Google Cloud DNS" >}}
+
+1. To add your TXT record to Google Cloud DNS, see [Verifying your domain with a TXT record](https://cloud.google.com/identity/docs/verify-domain-txt).
+2. TXT record verification can take 72 hours. Once you have waited for TXT
+record verification, return to the **Domain management** page of the
+[Admin Console](https://app.docker.com/admin) and select **Verify** next to
+your domain name.
+
+{{< /tab >}}
+{{< tab name="GoDaddy" >}}
+
+1. To add your TXT record to GoDaddy, see [Add a TXT record](https://www.godaddy.com/help/add-a-txt-record-19232).
+2. TXT record verification can take 72 hours. Once you have waited for TXT
+record verification, return to the **Domain management** page of the
+[Admin Console](https://app.docker.com/admin) and select **Verify** next to your
+domain name.
+
+{{< /tab >}}
+{{< tab name="Other providers" >}}
+
+1. Sign in to your domain host.
+2. Add a TXT record to your DNS settings and save the record.
+3. TXT record verification can take 72 hours. Once you have waited for TXT
+record verification, return to the **Domain management** page of the
+[Admin Console](https://app.docker.com/admin) and select **Verify** next to
+your domain name.
+
+{{< /tab >}}
+{{< /tabs >}}
+
+## Delete a domain
+
+Deleting a domain removes the assigned TXT record value. To delete a domain:
+
+1. Sign in to the [Admin Console](https://admin.docker.com/).
+2. Select your organization or company from the **Choose profile** page.
+If your organization is part of a company, select the company
+and configure the domain for the organization at the company level.
+3. Under **Security and access**, select **Domain management**.
+4. For the domain you want to delete, section the **Actions** menu, then
+**Delete domain**.
+5. To confirm, select **Delete domain** in the pop-up modal.
+
+## Auto-provisioning
+
+You must add and verify a domain before enabling auto-provisioning. This
+confirms your organization owns the domain. Once a domain is verified,
+Docker can automatically associate matching users with your organization.
+Auto-provisioning does not require an SSO connection.
+
+> [!IMPORTANT]
+>
+> For domains that are part of an SSO connection, Just-in-Time (JIT) overrides
+auto-provisioning to add users to an organization.
+
+### How it works
+
+When auto-provisioning is enabled for a verified domain, the next time a user
+signs into Docker with an email address that is associated with your verified
+domain, they are automatically added to your organization. Auto-provisioning
+does not create accounts for new users, it adds existing unassociated users to
+your organization. Users will *not* experience any sign in or user experience
+changes.
+
+When a new user is auto-provisioned, company and organization owners will
+receive an email notifying them that a new user has been added to their
+organization. If you need to add more seats to your organization to
+to accomodate new users, see [Manage seats](/manuals/subscription/manage-seats.md).
+
+### Enable auto-provisioning
+
+Auto-provisioning is enabled per user. To enable
+auto-provisioning:
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to the user you want to enable
+auto-provisioning for.
+4. Select **Enable auto-provisioning**.
+5. Optional. If enabling auto-provisioning at the company level, select an
+organization for the user.
+6. Select **Enable** to confirm.
+
+The **Auto-provisioning** column will update to **Enabled**.
+
+### Disable auto-provisioning
+
+To disable auto-provisioning for a user:
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to your user.
+4. Select **Disable auto-provisioning**.
+5. Select **Disable**.
diff --git a/data/summary.yaml b/data/summary.yaml
index 3f5953caf82b..01f870c28e66 100644
--- a/data/summary.yaml
+++ b/data/summary.yaml
@@ -165,6 +165,9 @@ Docker Scout Mount Permissions:
 Domain audit:
   subscription: [Business]
   for: Administrators
+Domain management:
+  subscription: [Business]
+  for: Administrators
 Enforce sign-in:
   subscription: [Business]
   for: Administrators