diff --git a/content/guides/admin-set-up/_index.md b/content/guides/admin-set-up/_index.md index 556c512a7c14..bc845c0ef895 100644 --- a/content/guides/admin-set-up/_index.md +++ b/content/guides/admin-set-up/_index.md @@ -1,13 +1,13 @@ --- title: Set up your company for success with Docker -linkTitle: Admin set up +linkTitle: Admin set up summary: Get the most out of Docker by streamlining workflows, standardizing development environments, and ensuring smooth deployments across your company. description: Learn how to onboard your company and take advantage of all of the Docker products and features. tags: [admin] params: featured: true time: 20 minutes - image: + image: resource_links: - title: Overview of Administration in Docker url: /admin/ @@ -27,42 +27,82 @@ params: url: /subscription/details/ --- -Docker's tools provide a scalable, secure platform that empowers your developers to create, ship, and run applications faster. As an administrator, you have the ability to streamline workflows, standardize development environments, and ensure smooth deployments across your organization. +Docker's tools provide a scalable, secure platform that empowers your +developers to create, ship, and run applications faster. As an administrator, +you can streamline workflows, standardize development environments, and ensure +smooth deployments across your organization. -By configuring Docker products to suit your company’s needs, you can optimize performance, simplify user management, and maintain control over resources. This guide will help you set up and configure Docker products to maximize productivity and success for your team whilst meeting compliance and security policies +By configuring Docker products to suit your company's needs, you can optimize +performance, simplify user management, and maintain control over resources. +This guide helps you set up and configure Docker products to maximize +productivity and success for your team while meeting compliance and security +policies. ## Who’s this for? -- Administrators responsible for managing Docker environments within their organization +- Administrators responsible for managing Docker environments within their + organization - IT leaders looking to streamline development and deployment workflows - Teams aiming to standardize application environments across multiple users -- Organizations seeking to optimize their use of Docker products for greater scalability and efficiency -- Organizations with [Docker Business subscriptions](https://www.docker.com/pricing/). +- Organizations seeking to optimize their use of Docker products for greater + scalability and efficiency +- Organizations with a + [Docker Business subscription](https://www.docker.com/pricing/) ## What you’ll learn -- The importance of signing in to the company's Docker organization for access to usage data and enhanced functionality. -- How to standardize Docker Desktop versions and settings to create a consistent baseline for all users, while allowing flexibility for advanced developers. -- Strategies for implementing Docker’s security configurations to meet company IT and software development security requirements without hindering developer productivity. +- Why signing into your company's Docker organization provides access to usage + data and enhanced functionality +- How to standardize Docker Desktop versions and settings to create a consistent + baseline for all users, while allowing flexibility for advanced developers +- Strategies for implementing Docker's security configurations to meet company + IT and software development security requirements without hindering developer productivity ## Features covered -- Organizations. These are the core structure for managing your Docker environment, grouping users, teams, and image repositories. Your organization was created with your subscription and is managed by one or more Owners. Users signed into the organization are assigned seats based on the purchased subscription. -- Enforce sign-in. By default, Docker Desktop does not require sign-in. However, you can configure settings to enforce this and ensure your developers sign in to your Docker organization. -- SSO. Without SSO, user management in a Docker organization is manual. Setting up an SSO connection between your identity provider and Docker ensures compliance with your security policy and automates user provisioning. Adding SCIM further automates user provisioning and de-provisioning. -- General and security settings. Configuring key settings will ensure smooth onboarding and usage of Docker products within your environment. Additionally, you can enable security features based on your company's specific security needs. +This guide covers the following Docker features: -## Who needs to be involved? +- [Organizations](/manuals/admin/organization/_index.md): The core structure + for managing your Docker environment, grouping users, teams, and image + repositories. Your organization was created with your subscription and is + managed by one or more owners. Users signed into the organization are + assigned seats based on the purchased subscription. +- [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md): + By default, Docker Desktop doesn't require sign-in. You can configure + settings to enforce this and ensure your developers sign in to your + Docker organization. +- [SSO](/manuals/enterprise/security/single-sign-on/_index.md): Without SSO, + user management in a Docker organization is manual. Setting + up an SSO connection between your identity provider and Docker ensures + compliance with your security policy and automates user provisioning. Adding + SCIM further automates user provisioning and de-provisioning. +- General and security settings: Configuring key settings ensures smooth + onboarding and usage of Docker products within your environment. You can also + enable security features based on your company's specific security needs. -- Docker organization owner: A Docker organization owner must be involved in the process and will be required for several key steps. -- DNS team: The DNS team is needed during the SSO setup to verify the company domain. -- MDM team: Responsible for distributing Docker-specific configuration files to developer machines. -- Identity Provider team: Required for configuring the identity provider and establishing the SSO connection during setup. -- Development lead: A development lead with knowledge of Docker configurations to help establish a baseline for developer settings. -- IT team: An IT representative familiar with company desktop policies to assist with aligning Docker configuration to those policies. -- Infosec: A security team member with knowledge of company development security policies to help configure security features. -- Docker testers: A small group of developers to test the new settings and configurations before full deployment. +## Who needs to be involved + +- Docker organization owner: Must be involved in the process and is required + for several key steps +- DNS team: Needed during the SSO setup to verify the company domain +- MDM team: Responsible for distributing Docker-specific configuration files to + developer machines +- Identity Provider team: Required for configuring the identity provider and + establishing the SSO connection during setup +- Development lead: A development lead with knowledge of Docker configurations + to help establish a baseline for developer settings +- IT team: An IT representative familiar with company desktop policies to + assist with aligning Docker configuration to those policies +- Infosec: A security team member with knowledge of company development + security policies to help configure security features +- Docker testers: A small group of developers to test the new settings and + configurations before full deployment ## Tools integration -Okta, Entra ID SAML 2.0, Azure Connect (OIDC), MDM solutions like Intune +This guide covers integration with: + +- Okta +- Entra ID SAML 2.0 +- Azure Connect (OIDC) +- MDM solutions like Intune diff --git a/content/guides/admin-set-up/comms-and-info-gathering.md b/content/guides/admin-set-up/comms-and-info-gathering.md index ce5e03caffc4..126ee22810e1 100644 --- a/content/guides/admin-set-up/comms-and-info-gathering.md +++ b/content/guides/admin-set-up/comms-and-info-gathering.md @@ -4,30 +4,71 @@ description: Gather your company's requirements from key stakeholders and commun weight: 10 --- -## Step one: Communicate with your developers and IT teams +## Communicate with your developers and IT teams -### Docker user communication +Before rolling out Docker Desktop across your organization, coordinate with key stakeholders to ensure a smooth transition. -You may already have Docker Desktop users within your company, and some steps in this process may affect how they interact with the platform. It's highly recommended to communicate early with users, informing them that as part of the subscription onboarding, they will be upgraded to a supported version of Docker Desktop. +### Notify Docker Desktop users -Additionally, communicate that settings will be reviewed to optimize productivity, and users will be required to sign in to the company’s Docker organization using their business email to fully utilize the subscription benefits. +You may already have Docker Desktop users within your company. Some steps in +this onboarding process may affect how they interact with the platform. -### MDM team communication +Communicate early with users to inform them that: -Device management solutions, such as Intune and Jamf, are commonly used for software distribution across enterprises, typically managed by a dedicated MDM team. It is recommended that you engage with this team early in the process to understand their requirements and the lead time for deploying changes. +- They'll be upgraded to a supported version of Docker Desktop as part of the subscription onboarding +- Settings will be reviewed and optimized for productivity +- They'll need to sign in to the company's Docker organization using their +business email to access subscription benefits -Several key setup steps in this guide require the use of JSON files, registry keys, or .plist files that need to be distributed to developer machines. It’s a best practice to use MDM tools for deploying these configuration files and ensuring their integrity is preserved. +### Engage with your MDM team -## Step two: Identify Docker organizations +Device management solutions, such as Intune and Jamf, are commonly used for +software distribution across enterprises. These tools are typically managed by a dedicated MDM team. -Some companies may have more than one [Docker organization](/manuals/admin/organization/_index.md) created. These organizations may have been created for specific purposes, or may not be needed anymore. If you suspect your company has more than one Docker organization, it's recommended you survey your teams to see if they have their own organizations. You can also contact your Docker Customer Success representative to get a list of organizations with users whose emails match your domain name. +Engage with this team early in the process to: -## Step three: Gather requirements +- Understand their requirements and lead time for deploying changes +- Coordinate the distribution of configuration files -Through [Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md), Docker provides numerous configuration parameters that can be preset. The Docker organization owner, development lead, and infosec representative should review these settings to establish the company’s baseline configuration, including security features and [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) for Docker Desktop users. Additionally, they should decide whether to take advantage of other Docker products, such as [Docker Scout](/manuals/scout/_index.md), which is included in the subscription. +Several setup steps in this guide require JSON files, registry keys, or .plist +files to be distributed to developer machines. Use MDM tools to deploy these configuration files and ensure their integrity. + +## Identify Docker organizations + +Some companies may have more than one +[Docker organization](/manuals/admin/organization/_index.md) created. These +organizations may have been created for specific purposes, or may not be +needed anymore. + +If you suspect your company has multiple Docker organizations: + +- Survey your teams to see if they have their own organizations +- Contact your Docker Support to get a list of organizations with users whose + emails match your domain name + +## Gather requirements + +[Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/_index.md) lets you preset numerous configuration parameters for Docker Desktop. + +Work with the following stakeholders to establish your company's baseline +configuration: + +- Docker organization owner +- Development lead +- Information security representative + +Review these areas together: + +- Security features and + [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) + for Docker Desktop users +- Additional Docker products included in your subscriptions To view the parameters that can be preset, see [Configure Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#step-two-configure-the-settings-you-want-to-lock-in). -## Optional step four: Meet with the Docker Implementation team +## Optional: Meet with the Docker Implementation team + +The Docker Implementation team can help you set up your organization, +configure SSO, enforce sign-in, and configure Docker Desktop. -The Docker Implementation team can help you step through setting up your organization, configuring SSO, enforcing sign-in, and configuring Docker. You can reach out to set up a meeting by emailing successteam@docker.com. +To schedule a meeting, email successteam@docker.com. diff --git a/content/guides/admin-set-up/deploy.md b/content/guides/admin-set-up/deploy.md index ab91d9f4e568..102ce80b6844 100644 --- a/content/guides/admin-set-up/deploy.md +++ b/content/guides/admin-set-up/deploy.md @@ -1,18 +1,35 @@ --- -title: Deploy +title: Deploy your Docker setup description: Deploy your Docker setup across your company. weight: 40 --- > [!WARNING] -> Ensure you communicate with your users before proceeding, and confirm that your IT and MDM teams are prepared to handle any unexpected issues, as these steps will affect all existing users signing into your Docker organization. +> +> Communicate with your users before proceeding, and confirm that your IT and +MDM teams are prepared to handle any unexpected issues, as these steps will +affect all existing users signing into your Docker organization. -## Step one: Enforce SSO +## Enforce SSO -Enforcing SSO means that anyone who has a Docker profile with an email address that matches your verified domain must sign in using your SSO connection. Make sure the Identity provider groups associated with your SSO connection cover all the developer groups that you want to have access to the Docker subscription. +Enforcing SSO means that anyone who has a Docker profile with an email address +that matches your verified domain must sign in using your SSO connection. Make +sure the Identity provider groups associated with your SSO connection cover all +the developer groups that you want to have access to the Docker subscription. -## Step two: Deploy configuration settings and enforce sign-in to users +For instructions on how to enforce SSO, see [Enforce SSO](/manuals/enterprise/security/single-sign-on/connect.md). -Have the MDM team deploy the configuration files for Docker to all users. +## Deploy configuration settings and enforce sign-in to users -Congratulations, you have successfully completed the admin implementation process for Docker. +Have the MDM team deploy the configuration files for Docker to all users. + +## Next steps + +Congratulations, you've successfully completed the admin implementation process +for Docker. + +To continue optimizing your Docker environment: + +- Review your [organization's usage data](/manuals/admin/organization/insights.md) to track adoption +- Monitor [Docker Scout findings](/manuals/scout/explore/analysis.md) for security insights +- Explore [additional security features](/manuals/enterprise/security/_index.md) to enhance your configuration diff --git a/content/guides/admin-set-up/finalize-plans-and-setup.md b/content/guides/admin-set-up/finalize-plans-and-setup.md index b1b0d235d4ee..87bc1de6734c 100644 --- a/content/guides/admin-set-up/finalize-plans-and-setup.md +++ b/content/guides/admin-set-up/finalize-plans-and-setup.md @@ -4,40 +4,73 @@ description: Collaborate with your MDM team to distribute configurations and set weight: 20 --- -## Step one: Send finalized settings files to the MDM team +## Send finalized settings files to the MDM team -After reaching an agreement with the relevant teams about your baseline and security configurations as outlined in module one, configure Settings Management using either the [Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md) or an [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md). +After reaching an agreement with the relevant teams about your baseline and +security configurations as outlined in the previous section, configure Settings Management using either the [Docker Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md) or an +[`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md). -Once the file is ready, collaborate with your MDM team to deploy your chosen settings, along with your chosen method for [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md). +Once the file is ready, collaborate with your MDM team to deploy your chosen +settings, along with your chosen method for [enforcing sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md). > [!IMPORTANT] > -> It’s highly recommended that you test this first with a small number of Docker Desktop developers to verify the functionality works as expected before deploying more widely. +> Test this first with a small number of Docker Desktop developers to verify the functionality works as expected before deploying more widely. -## Step two: Manage your organizations +## Manage your organizations -If you have more than one organization, it’s recommended that you either consolidate them into one organization or create a [Docker company](/manuals/admin/company/_index.md) to manage multiple organizations. Work with the Docker Customer Success and Implementation teams to make this happen. +If you have more than one organization, consider either [consolidating them +into one organization](/manuals/admin/organization/orgs.md) or creating a +[Docker company](/manuals/admin/company/_index.md) to manage multiple +organizations. -## Step three: Begin setup +## Begin setup -### Set up single sign-on SSO domain verification +### Set up single sign-on and domain verification -Single sign-on (SSO) lets developers authenticate using their identity providers (IdPs) to access Docker. SSO is available for a whole company, and all associated organizations, or an individual organization that has a Docker Business subscription. For more information, see the [documentation](/manuals/enterprise/security/single-sign-on/_index.md). +Single sign-on (SSO) lets developers authenticate using their identity +providers (IdPs) to access Docker. SSO is available for a whole company and all associated organizations, or an individual organization that has a Docker +Business subscription. For more information, see the +[documentation](/manuals/enterprise/security/single-sign-on/_index.md). -You can also enable [SCIM](/manuals/enterprise/security/provisioning/scim.md) for further automation of provisioning and deprovisioning of users. +You can also enable [SCIM](/manuals/enterprise/security/provisioning/scim.md) +for further automation of provisioning and deprovisioning of users. ### Set up Docker product entitlements included in the subscription -[Docker Build Cloud](/manuals/build-cloud/_index.md) significantly reduces build times, both locally and in CI, by providing a dedicated remote builder and shared cache. Powered by the cloud, developer time and local resources are freed up so your team can focus on more important things, like innovation. To get started, [set up a cloud builder](https://app.docker.com/build/). +[Docker Build Cloud](/manuals/build-cloud/_index.md) significantly reduces +build times, both locally and in CI, by providing a dedicated remote builder +and shared cache. Powered by the cloud, developer time and local resources are +freed up so your team can focus on more important things, like innovation. +To get started, [set up a cloud builder](https://app.docker.com/build/). -[Docker Scout](manuals/scout/_index.md) is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. To get started, see [Quickstart](/manuals/scout/quickstart.md). +[Docker Scout](manuals/scout/_index.md) is a solution for proactively enhancing +your software supply chain security. By analyzing your images, Docker Scout +compiles an inventory of components, also known as a Software Bill of Materials +(SBOM). The SBOM is matched against a continuously updated vulnerability +database to pinpoint security weaknesses. To get started, see +[Quickstart](/manuals/scout/quickstart.md). + +[Testcontainers Cloud](https://testcontainers.com/cloud/docs/) allows +developers to run containers in the cloud, removing the need to run heavy +containers on your local machine. + +[Docker Hardened Images](/manuals/dhi/_index.md) are minimal, secure, and production-ready container base and application images maintained by Docker. +Designed to reduce vulnerabilities and simplify compliance, DHIs integrate +easily into your existing Docker-based workflows with little to no retooling +required. ### Ensure you're running a supported version of Docker Desktop > [!WARNING] > -> This step could affect the experience for users on older versions of Docker Desktop. +> This step could affect the experience for users on older versions of Docker +> Desktop. -Existing users may be running outdated or unsupported versions of Docker Desktop. It is highly recommended that all users update to a supported version. Docker Desktop versions released within the past 6 months from the latest release are supported. +Existing users may be running outdated or unsupported versions of +Docker Desktop. All users should update to a supported version. Docker Desktop +versions released within the past 6 months from the latest release are supported. -It's recommended that you use a MDM solution to manage the version of Docker Desktop for users. Users may also get Docker Desktop directly from Docker or through a company software portal. +Use an MDM solution to manage the version of Docker Desktop for users. Users +may also get Docker Desktop directly from Docker or through a company software +portal. diff --git a/content/guides/admin-set-up/testing.md b/content/guides/admin-set-up/testing.md index e334c5a0ab64..f301ccafbe45 100644 --- a/content/guides/admin-set-up/testing.md +++ b/content/guides/admin-set-up/testing.md @@ -6,27 +6,55 @@ weight: 30 ## SSO and SCIM testing -You can test SSO and SCIM by signing in to Docker Desktop or Docker Hub with the email address linked to a Docker account that is part of the verified domain. Developers who sign in using their Docker usernames will remain unaffected by the SSO and/or SCIM setup. +Test SSO and SCIM by signing in to Docker Desktop or Docker Hub with the email +address linked to a Docker account that is part of the verified domain. +Developers who sign in using their Docker usernames remain unaffected by the +SSO and SCIM setup. -> [!IMPORTANT] +> [!IMPORTANT] > -> Some users may need CLI based logins to Docker Hub, and for this they will need a [personal access token (PAT)](/manuals/security/access-tokens.md). +> Some users may need CLI based logins to Docker Hub, and for this they will +need a [personal access token (PAT)](/manuals/security/access-tokens.md). -## Test RAM and IAM +## Test Registry Access Management and Image Access Management > [!WARNING] -> Be sure to communicate with your users before proceeding, as this step will impact all existing users signing into your Docker organization +> +> Communicate with your users before proceeding, as this step will impact all +existing users signing into your Docker organization. + +If you plan to use [Registry Access Management (RAM)](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) and/or [Image Access Management (IAM)](/manuals/enterprise/security/hardened-desktop/image-access-management.md): -If you plan to use [Registry Access Management (RAM)](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) and/or [Image Access Management (IAM)](/manuals/enterprise/security/hardened-desktop/image-access-management.md), ensure your test developer signs in to Docker Desktop using their organization credentials. Once authenticated, have them attempt to pull an unauthorized image or one from a disallowed registry via the Docker CLI. They should receive an error message indicating that the registry is restricted by the organization. +1. Ensure your test developer signs in to Docker Desktop using their + organization credentials +2. Have them attempt to pull an unauthorized image or one from a disallowed + registry via the Docker CLI +3. Verify they receive an error message indicating that the registry is + restricted by the organization ## Deploy settings and enforce sign in to test group -Deploy the Docker settings and enforce sign-in for a small group of test users via MDM. Have this group test their development workflows with containers on Docker Desktop and Docker Hub to ensure all settings and the sign-in enforcement function as expected. +Deploy the Docker settings and enforce sign-in for a small group of test users +via MDM. Have this group test their development workflows with containers on +Docker Desktop and Docker Hub to ensure all settings and the sign-in enforcement +function as expected. ## Test Docker Build Cloud capabilities -Have one of your Docker Desktop testers [connect to the cloud builder you created and use it to build](/manuals/build-cloud/usage.md). +Have one of your Docker Desktop testers [connect to the cloud builder you created and use it to build](/manuals/build-cloud/usage.md). + +## Test Testcontainers Cloud + +Have a test developer [connect to Testcontainers Cloud](https://testcontainers.com/cloud/docs/#getting-started) and run a container in +the cloud to verify the setup is working correctly. ## Verify Docker Scout monitoring of repositories -Check the [Docker Scout dashboard](https://scout.docker.com/) to confirm that data is being properly received for the repositories where Docker Scout has been enabled. +Check the [Docker Scout dashboard](https://scout.docker.com/) to confirm that +data is being properly received for the repositories where Docker Scout has +been enabled. + +## Verify access to Docker Hardened Images + +Have a test developer attempt to [pull a Docker Hardened Image](/manuals/dhi/get-started.md) to confirm that +the team has proper access and can integrate these images into their workflows. diff --git a/content/guides/admin-user-management/_index.md b/content/guides/admin-user-management/_index.md index 5d68916081c6..4d69a265e3ec 100644 --- a/content/guides/admin-user-management/_index.md +++ b/content/guides/admin-user-management/_index.md @@ -22,21 +22,25 @@ params: url: /admin/organization/activity-logs/ --- -Managing roles and permissions is key to securing your Docker environment while enabling easy collaboration and operational efficiency. This guide walks IT administrators through the essentials of user and access management, offering strategies for assigning roles, provisioning users, and using tools like Activity logs and Insights to monitor and optimize Docker usage. +Managing roles and permissions is key to securing your Docker environment while enabling easy collaboration and operational efficiency. This guide walks IT administrators through the essentials of user and access management, offering strategies for assigning roles, provisioning users, and using tools like activity logs and Insights to monitor and optimize Docker usage. ## Who's this for? -- IT teams: Tasked with configuring and maintaining secure user access. -- Security professionals: Focused on enforcing secure access practices. -- Project managers: Overseeing team collaboration and resource management. +- IT teams tasked with configuring and maintaining secure user access +- Security professionals focused on enforcing secure access practices +- Project managers overseeing team collaboration and resource management ## What you'll learn -- How to assess and manage Docker user access and align accounts with organizational needs. -- When to use team configurations for scalable access control. -- How to automate and streamline user provisioning with SSO, SCIM, and JIT. -- How to get the most out of Docker's monitoring tools. +- How to assess and manage Docker user access and align accounts with organizational needs +- When to use team configurations for scalable access control +- How to automate and streamline user provisioning with SSO, SCIM, and JIT +- How to get the most out of Docker's monitoring tools -## Tools integration +## Tools integration -Okta, Entra ID SAML 2.0, Azure Connect (OIDC) +This guide covers integration with: + +- Okta +- Entra ID SAML 2.0 +- Azure Connect (OIDC) diff --git a/content/guides/admin-user-management/audit-and-monitor.md b/content/guides/admin-user-management/audit-and-monitor.md index 905dd7fbaabd..ba982cbd2365 100644 --- a/content/guides/admin-user-management/audit-and-monitor.md +++ b/content/guides/admin-user-management/audit-and-monitor.md @@ -11,21 +11,18 @@ Activity logs and Insights are useful tools for user and access management in Do Activity logs track events at the organization and repository levels, offering a clear view of activities like repository changes, team updates, and billing adjustments. -It is available for Docker Team or Docker Business plans, with data retained for three months. +Activity logs are available for Docker Team or Docker Business plans, with data retained for three months. ### Key features - - Change tracking: View what changed, who made the change, and when. - - - Comprehensive reporting: Monitor critical events such as repository creation, deletion, privacy changes, and role assignments. +- Change tracking: View what changed, who made the change, and when. +- Comprehensive reporting: Monitor critical events such as repository creation, deletion, privacy changes, and role assignments. ### Example scenarios - - Audit trail for security: A repository’s privacy settings were updated unexpectedly. The activity logs reveal which user made the change and when, helping administrators address potential security risks. - - - Team collaboration review: Logs show which team members pushed updates to a critical repository, ensuring accountability during a development sprint. - - - Billing adjustments: Track who added or removed subscription seats to maintain budgetary control and compliance. +- Audit trail for security: A repository’s privacy settings were updated unexpectedly. The activity logs reveal which user made the change and when, helping administrators address potential security risks. +- Team collaboration review: Logs show which team members pushed updates to a critical repository, ensuring accountability during a development sprint. +- Billing adjustments: Track who added or removed subscription seats to maintain budgetary control and compliance. For more information, see [Activity logs](/manuals/admin/organization/activity-logs.md). @@ -35,18 +32,23 @@ Insights provide data-driven views of Docker usage to improve team productivity ### Key benefits - - Standardized environments: Ensure consistent configurations and enforce best practices across teams. - - - Improved visibility: Monitor metrics like Docker Desktop usage, builds, and container activity to understand team workflows and engagement. - - - Optimized resources: Track license usage and feature adoption to maximize the value of your Docker subscription. +- Standardized environments: Ensure consistent configurations and enforce best practices across teams. +- Improved visibility: Monitor metrics like Docker Desktop usage, builds, and container activity to understand team workflows and engagement. +- Optimized resources: Track license usage and feature adoption to maximize the value of your Docker subscription. ### Example scenarios - - Usage trends: Identify underutilized licenses or resources, allowing reallocation to more active teams. +- Usage trends: Identify underutilized licenses or resources, allowing reallocation to more active teams. +- Build efficiency: Track average build times and success rates to pinpoint bottlenecks in development processes. +- Container utilization: Analyze container activity across departments to ensure proper resource distribution and cost efficiency. + +For more information, see [Insights](/manuals/admin/organization/insights.md). - - Build efficiency: Track average build times and success rates to pinpoint bottlenecks in development processes. +## Next steps - - Container utilization: Analyze container activity across departments to ensure proper resource distribution and cost efficiency. +Now that you've mastered user and access management in Docker, you can: - For more information, see [Insights](/manuals/admin/organization/insights.md). +- Review your [activity logs](/manuals/admin/organization/activity-logs.md) regularly to maintain security awareness +- Check your [Insights dashboard](/manuals/admin/organization/insights.md) to identify opportunities for optimization +- Explore [advanced security features](/manuals/enterprise/security/_index.md) to further enhance your Docker environment +- Share best practices with your team to ensure consistent adoption of security policies diff --git a/content/guides/admin-user-management/onboard.md b/content/guides/admin-user-management/onboard.md index a76f2eb3796d..e311ee99d8a3 100644 --- a/content/guides/admin-user-management/onboard.md +++ b/content/guides/admin-user-management/onboard.md @@ -7,31 +7,27 @@ weight: 20 This page guides you through onboarding owners and members, and using tools like SSO and SCIM to future-proof onboarding going forward. -## Step 1: Invite owners +## Invite owners -When you create a Docker organization, you automatically become its sole owner. While optional, adding additional owners can significantly ease the process of onboarding and managing your organization by distributing administrative responsibilities. It also ensures continuity and does not cause a blocker if the primary owner is unavailable. +When you create a Docker organization, you automatically become its sole owner. While optional, adding additional owners can significantly ease the process of onboarding and managing your organization by distributing administrative responsibilities. It also ensures continuity and prevents blockers if the primary owner is unavailable. For detailed information on owners, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md). -## Step 2: Invite members and assign roles +## Invite members and assign roles -Members are granted controlled access to resources and enjoy enhanced organizational benefits. When you invite members to join you Docker organization, you immediately assign them a role. +Members are granted controlled access to resources and enjoy enhanced organizational benefits. When you invite members to join your Docker organization, you immediately assign them a role. ### Benefits of inviting members - Enhanced visibility: Gain insights into user activity, making it easier to monitor access and enforce security policies. - - Streamlined collaboration: Help members collaborate effectively by granting access to shared resources and repositories. - - Improved resource management: Organize and track users within your organization, ensuring optimal allocation of resources. - - Access to enhanced features: Members benefit from organization-wide perks, such as increased pull limits and access to premium Docker features. - - Security control: Apply and enforce security settings at an organizational level, reducing risks associated with unmanaged accounts. For detailed information, see [Manage organization members](/manuals/admin/organization/members.md). -## Step 3: Future-proof user management +## Future-proof user management A robust, future-proof approach to user management combines automated provisioning, centralized authentication, and dynamic access control. Implementing these practices ensures a scalable, secure, and efficient environment. @@ -39,15 +35,13 @@ A robust, future-proof approach to user management combines automated provisioni Integrating Docker with your identity provider streamlines user access and enhances security. -SSO: +SSO: - Simplifies sign in, as users sign in with their organizational credentials. - - Reduces password-related vulnerabilities. - - Simplifies onboarding as it works seamlessly with SCIM and group mapping for automated provisioning. -[SSO documentation](/manuals/enterprise/security/single-sign-on/_index.md). +For more information, see the [SSO documentation](/manuals/enterprise/security/single-sign-on/_index.md). ### Automate onboarding with SCIM and JIT provisioning @@ -56,13 +50,11 @@ Streamline user provisioning and role management with [SCIM](/manuals/enterprise With SCIM you can: - Sync users and roles automatically with your identity provider. - - Automate adding, updating, or removing users based on directory changes. With JIT provisioning you can: - Automatically add users upon first sign in based on [group mapping](#simplify-access-with-group-mapping). - - Reduce overhead by eliminating pre-invite steps. ### Simplify access with group mapping @@ -72,9 +64,7 @@ Group mapping automates permissions management by linking identity provider grou It also: - Reduces manual errors in role assignments. - - Ensures consistent access control policies. - - Help you scale permissions as teams grow or change. For more information on how it works, see [Group mapping](/manuals/enterprise/security/provisioning/group-mapping.md). diff --git a/content/guides/admin-user-management/setup.md b/content/guides/admin-user-management/setup.md index 94eabba382a5..2cf0a6330311 100644 --- a/content/guides/admin-user-management/setup.md +++ b/content/guides/admin-user-management/setup.md @@ -5,35 +5,32 @@ keywords: Docker roles, permissions management, access control, IT administratio weight: 10 --- -With the right configurations, you can ensure your developers have easy access to necessary resources while preventing unauthorized access. This page guides you through identifying Docker users, so you can allocate subscription seats efficiently within your Docker organization, and assigning roles to align with your organization's structure. +With the right configurations, you can ensure your developers have easy access to necessary resources while preventing unauthorized access. This page guides you through identifying Docker users so you can allocate subscription seats efficiently within your Docker organization, and assigning roles to align with your organization's structure. -## Step 1: Identify your Docker users and accounts +## Identify your Docker users and accounts -Before setting up roles and permissions, it’s important to have a clear understanding of who in your organization requires Docker access. Focus on gathering a comprehensive view of active users, their roles within projects, and how they interact with Docker resources. This process can be supported by tools like device management software or manual assessments. Encourage all users to update their Docker accounts to use organizational email addresses, ensuring seamless integration with your subscription. +Before setting up roles and permissions, it's important to have a clear understanding of who in your organization requires Docker access. Focus on gathering a comprehensive view of active users, their roles within projects, and how they interact with Docker resources. This process can be supported by tools like device management software or manual assessments. Encourage all users to update their Docker accounts to use organizational email addresses, ensuring seamless integration with your subscription. For steps on how you can do this, see [step 1 of onboarding your organization](/manuals/admin/organization/onboard.md). -## Step 2: Assign roles strategically +## Assign roles strategically -When you invite members to join you Docker organization, you assign them a role. +When you invite members to join your Docker organization, you assign them a role. -Docker’s predefined roles offer flexibility for various organizational needs. Assigning roles effectively ensures a balance of accessibility and security. +Docker's predefined roles offer flexibility for various organizational needs. Assigning roles effectively ensures a balance of accessibility and security. - Member: Non-administrative role. Members can view other members that are in the same organization. - Editor: Partial administrative access to the organization. Editors can create, edit, and delete repositories. They can also edit an existing team's access permissions. -- Organization owner: Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing. -- Company owner: In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations. +- Owner: Full organization administrative access. Owners can manage organization repositories, teams, members, settings, and billing. For more information, see [Roles and permissions](/manuals/enterprise/security/roles-and-permissions.md). -### Enhancing with teams +### Enhance with teams Teams in Docker provide a structured way to manage member access and they provide an additional level of permissions. They simplify permission management and enable consistent application of policies. - Organize users into teams aligned with projects, departments, or functional roles. This approach helps streamline resource allocation and ensures clarity in access control. - - Assign permissions at the team level rather than individually. For instance, a development team might have "Read & Write" access to certain repositories, while a QA team has "Read-only" access. - - As teams grow or responsibilities shift, you can easily update permissions or add new members, maintaining consistency without reconfiguring individual settings. For more information, see [Create and manage a team](/manuals/admin/organization/manage-a-team.md). @@ -41,13 +38,10 @@ For more information, see [Create and manage a team](/manuals/admin/organization ### Example scenarios - Development teams: Assign the member role to developers, granting access to the repositories needed for coding and testing. - - Team leads: Assign the editor role to team leads for resource management and repository control within their teams. - - Organizational oversight: Restrict the organization owner or company owner roles to a select few trusted individuals responsible for billing and security settings. ### Best practices - Apply the principle of least privilege. Assign users only the minimum permissions necessary for their roles. - -- Plan to conduct regulars reviews of role assignments to ensure they align with evolving team structures and organizational responsibilities. +- Conduct regular reviews of role assignments to ensure they align with evolving team structures and organizational responsibilities. diff --git a/content/manuals/subscription/details.md b/content/manuals/subscription/details.md index 09a25316ca2a..d9d95c5cb696 100644 --- a/content/manuals/subscription/details.md +++ b/content/manuals/subscription/details.md @@ -21,6 +21,8 @@ Docker subscriptions provide licensing for commercial use of Docker products and - [Testcontainers Cloud](https://testcontainers.com/cloud/docs): Container-based testing automation that provides faster tests, a unified developer experience, and more. +- [Docker Hardened Images](/manuals/dhi/_index.md): Minimal, secure, and + production-ready container base and application images maintained by Docker. Choose the subscription that fits your needs, from individual developers to large enterprises.