mirror of
https://github.com/docker/docs.git
synced 2026-03-27 06:18:55 +07:00
admin: org freshness part 1 (#22970)
## Description - Part 1 admin freshness, admin section is huge so I am breaking it up into several PRs to make review a little easier :) ## Reviews - [ ] Editorial review
This commit is contained in:
Sarah Sanders
@@ -1,14 +0,0 @@
|
||||
An organization in Docker is a collection of teams and repositories
|
||||
that can be managed together. A team is a group of Docker members that belong to an organization.
|
||||
An organization can have multiple teams. Members don't have to be added to a team to be part of an organization.
|
||||
|
||||
Docker users become members of an organization once they're associated with that organization by an organization owner. An organization owner is a user with administrative access to the organization.
|
||||
|
||||
Owners can invite users, assign them roles, create new teams, and add
|
||||
members to an existing team using their Docker ID or email address. An organization owner can also add
|
||||
additional owners to help them manage users, teams, and repositories in the
|
||||
organization.
|
||||
|
||||
The following diagram depicts the setup of an organization and how it relates to teams. Teams are an optional feature that owners can use to group members and assign permissions.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Administration
|
||||
description: Discover manuals on administration for accounts, organizations, and companies.
|
||||
description: Overview of administration features and roles in the Docker Admin Console
|
||||
keywords: admin, administration, company, organization, Admin Console, user accounts, account management
|
||||
weight: 10
|
||||
params:
|
||||
@@ -35,17 +35,66 @@ aliases:
|
||||
- /docker-hub/admin-overview
|
||||
---
|
||||
|
||||
Administrators can manage companies and organizations using the Docker Admin Console.
|
||||
Administrators can manage companies and organizations using the
|
||||
[Docker Admin Console](https://app.docker.com/admin). The Admin Console
|
||||
provides centralized observability, access management, and security controls
|
||||
across Docker environments.
|
||||
|
||||
## Company and organization hierarchy
|
||||
|
||||
The [Docker Admin Console](https://app.docker.com/admin) provides administrators with centralized observability, access management, and controls for their company and organizations. To provide these features, Docker uses the following hierarchy and roles.
|
||||
|
||||
|
||||
|
||||
|
||||
- Company: A company simplifies the management of Docker organizations and settings. Creating a company is optional and only available to Docker Business subscribers.
|
||||
- Company owner: A company can have multiple owners. Company owners have company-wide observability and can manage company-wide settings that apply to all associated organizations. In addition, company owners have the same access as organization owners for all associated organizations.
|
||||
- Organization: An organization is a collection of teams and repositories. Docker Team and Business subscribers must have at least one organization.
|
||||
- Organization owner: An organization can have multiple owners. Organization owners have observability into their organization and can manage its users and settings.
|
||||
- Team: A team is a group of Docker members that belong to an organization. Organization and company owners can group members into additional teams to configure repository permissions on a per-team basis. Using teams to group members is optional.
|
||||
- Member: A member is a Docker user that's a member of an organization. Organization and company owners can assign roles to members to define their permissions.
|
||||
### Company
|
||||
|
||||
A company groups multiple Docker organizations for centralized configuration.
|
||||
Companies are only available for Docker Business subscribers.
|
||||
|
||||
Companies have the following administrator role available:
|
||||
|
||||
- Company owner: Can view and manage all organizations within the company.
|
||||
Has full access to company-wide settings and inherits the same permissions as
|
||||
organization owners.
|
||||
|
||||
### Organization
|
||||
|
||||
An organization contains teams and repositories. All Docker Team and Business
|
||||
subscribers must have at least one organization.
|
||||
|
||||
Organizations have the following administrator role available:
|
||||
|
||||
- Organization owner: Can manage organization settings, users, and access
|
||||
controls.
|
||||
|
||||
### Team
|
||||
|
||||
Teams are optional and let you group members to assign repository permissions
|
||||
collectively. Teams simplify permission management across projects
|
||||
or functions.
|
||||
|
||||
### Member
|
||||
|
||||
A member is any Docker user added to an organization. Organization and company
|
||||
owners can assign roles to members to define their level of access.
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> Creating a company is optional, but organizations are required for Team and
|
||||
Business subscriptions.
|
||||
|
||||
## Admin Console features
|
||||
|
||||
Docker's [Admin Console](https://app.docker.com/admin) allows you to:
|
||||
|
||||
- Create and manage companies and organizations
|
||||
- Assign roles and permissions to members
|
||||
- Group members into teams to manage access by project or role
|
||||
- Set company-wide policies, including SCIM provisioning and security
|
||||
enforcement
|
||||
|
||||
## Manage companies and organizations
|
||||
|
||||
Learn how to manage companies and organizations in the following sections.
|
||||
|
||||
{{< grid >}}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
title: Organization administration overview
|
||||
linkTitle: Organization administration
|
||||
weight: 10
|
||||
description: Learn about managing organizations in Docker including how they relate to teams, how to onboard, and more
|
||||
keywords: organizations, admin, overview
|
||||
description: Learn how to manage your Docker organization, including teams, members, permissions, and settings.
|
||||
keywords: organizations, admin, overview, manage teams, roles
|
||||
grid:
|
||||
- title: Onboard your organization
|
||||
description: Learn how to onboard and secure your organization.
|
||||
@@ -45,10 +45,26 @@ grid:
|
||||
icon: help
|
||||
---
|
||||
|
||||
{{% include "admin-org-overview.md" %}}
|
||||
A Docker organization is a collection of teams and repositories with centralized
|
||||
management. It helps administrators group members and assign access in a
|
||||
streamlined, scalable way.
|
||||
|
||||
To create an organization, see [Create your organization](../organization/orgs.md).
|
||||
## Organization structure
|
||||
|
||||
Learn how to administer an organization in the following sections.
|
||||
The following diagram shows how organizations relate to teams and members.
|
||||
|
||||
{{< grid >}}
|
||||
|
||||
|
||||
## Organization members
|
||||
|
||||
Organization owners have full administrator access to manage members, roles,
|
||||
and teams across the organization.
|
||||
|
||||
An organization includes members and optional teams. Teams help group members
|
||||
and simplify permission management.
|
||||
|
||||
## Create and manage your organization
|
||||
|
||||
Learn how to create and manage your organization in the following sections.
|
||||
|
||||
{{< grid >}}
|
||||
@@ -9,13 +9,15 @@ aliases:
|
||||
|
||||
{{< summary-bar feature_name="Admin orgs" >}}
|
||||
|
||||
You can convert an existing user account to an organization. This is useful if you need multiple users to access your account and the repositories that it’s connected to. Converting it to an organization gives you better control over permissions for these users through [teams](manage-a-team.md) and [roles](roles-and-permissions.md).
|
||||
Learn how to convert an existing user account into an organization. This is
|
||||
useful if you need multiple users to access your account and the repositories
|
||||
it’s connected to. Converting it to an organization gives you better control
|
||||
over permissions for these users through
|
||||
[teams](/manuals/admin/organization/manage-a-team.md) and
|
||||
[roles](/manuals/security/for-admins/roles-and-permissions.md).
|
||||
|
||||
When you convert a user account to an organization, the account is migrated to a Docker Team subscription.
|
||||
|
||||
> [!IMPORTANT]
|
||||
>
|
||||
> Once you convert your account to an organization, you can’t revert it to a user account.
|
||||
When you convert a user account to an organization, the account is migrated to
|
||||
a Docker Team subscription by default.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
@@ -34,40 +36,43 @@ Before you convert a user account to an organization, ensure that you meet the f
|
||||
|
||||
If you want to convert your user account into an organization account and you don't have any other user accounts, you need to create a new user account to assign it as the owner of the new organization. With the owner role assigned, this user account has full administrative access to configure and manage the organization. You can assign more users the owner role after the conversion.
|
||||
|
||||
## Effects of converting an account into an organization
|
||||
## What happens when you convert your account
|
||||
|
||||
Consider the following effects of converting your account:
|
||||
The following happens when you convert your account into
|
||||
an organization:
|
||||
|
||||
- This process removes the email address for the account, and organization owners will receive notification emails instead. You'll be able to reuse the removed email address for another account after converting.
|
||||
|
||||
- The current subscription will cancel and your new subscription will start.
|
||||
|
||||
- Repository namespaces and names won't change, but converting your account removes any repository collaborators. Once you convert the account, you'll need to add those users as team members.
|
||||
|
||||
- Existing automated builds will appear as if they were set up by the first owner added to the organization. See [Convert an account into an organization](#convert-an-account-into-an-organization) for steps on adding the first owner.
|
||||
|
||||
- The user account that you add as the first owner will have full administrative access to configure and manage the organization.
|
||||
|
||||
- To transfer a user's personal access tokens (PATs) to your converted organization,
|
||||
you must designate the user as an organization owner. This will ensure any PATs associated with the user's account are transferred to the organization owner.
|
||||
|
||||
> [!TIP]
|
||||
>
|
||||
> To avoid potentially disrupting service of personal access tokens when converting an account or changing ownership, it is recommended to use [organization access tokens](/manuals/security/for-admins/access-tokens.md). Organization access tokens are
|
||||
associated with an organization, not a single user account.
|
||||
- This process removes the email address for the account. Notifications are
|
||||
instead sent to organization owners. You'll be able to reuse the
|
||||
removed email address for another account after converting.
|
||||
- The current subscription will automatically cancel and your new subscription
|
||||
will start.
|
||||
- Repository namespaces and names won't change, but converting your account
|
||||
removes any repository collaborators. Once you convert the account, you'll need
|
||||
to add repository collaborators as team members.
|
||||
- Existing automated builds appear as if they were set up by the first owner
|
||||
added to the organization.
|
||||
- The user account that you add as the first owner will have full
|
||||
administrative access to configure and manage the organization.
|
||||
- To transfer a user's personal access tokens (PATs) to your converted
|
||||
organization, you must designate the user as an organization owner. This will
|
||||
ensure any PATs associated with the user's account are transferred to the
|
||||
organization owner.
|
||||
|
||||
## Convert an account into an organization
|
||||
|
||||
Before you convert an account into an organization ensure you have:
|
||||
> [!IMPORTANT]
|
||||
>
|
||||
> Converting an account into an organization is permanent. Back up any data
|
||||
or settings you want to retain.
|
||||
|
||||
- Removed your user account from any company or teams or organizations
|
||||
- Created a new Docker ID before you convert an account
|
||||
|
||||
See the [Prerequisites](#prerequisites) section for details.
|
||||
|
||||
1. Sign in to [Docker Home](https://app.docker.com/login).
|
||||
1. Select your avatar in the top-right corner and select **Account settings**.
|
||||
1. In the **Settings** section, select **Convert**.
|
||||
1. Review the warning displayed about converting a user account. This action cannot be undone and has considerable implications for your assets and the account.
|
||||
1. Enter a **Username of new owner** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert.
|
||||
1. Select **Confirm**. The new owner receives a notification email. Use that owner account to sign in and manage the new organization.
|
||||
1. Sign in to [Docker Home](https://app.docker.com/).
|
||||
1. Select your avatar in the top-right corner to open the drop-down.
|
||||
1. From **Account settings**, select **Convert**.
|
||||
1. Review the warning displayed about converting a user account. This action
|
||||
cannot be undone and has considerable implications for your assets and the
|
||||
account.
|
||||
1. Enter a **Username of new owner** to set an organization owner. The new
|
||||
Docker ID you specify becomes the organization’s owner. You cannot use the
|
||||
same Docker ID as the account you are trying to convert.
|
||||
1. Select **Confirm**. The new owner receives a notification email. Use that
|
||||
owner account to sign in and manage the new organization.
|
||||
|
||||
@@ -2,35 +2,49 @@
|
||||
title: Create and manage a team
|
||||
weight: 40
|
||||
description: Learn how to create and manage teams for your organization
|
||||
keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker
|
||||
Hub, docs, documentation, repository permissions
|
||||
keywords: docker, registry, teams, organizations, plans, Dockerfile, Docker
|
||||
Hub, docs, documentation, repository permissions, configure repository access, team management
|
||||
aliases:
|
||||
- /docker-hub/manage-a-team/
|
||||
---
|
||||
|
||||
{{< summary-bar feature_name="Admin orgs" >}}
|
||||
|
||||
You can create teams for your organization in Docker Hub and the Docker Admin Console. You can [configure repository access for a team](#configure-repository-permissions-for-a-team) in Docker Hub.
|
||||
You can create teams for your organization in the Admin Console or Docker Hub,
|
||||
and configure team repository access in Docker Hub.
|
||||
|
||||
A team is a group of Docker users that belong to an organization. An organization can have multiple teams. An organization owner can then create new teams and add members to an existing team using their Docker ID or email address and by selecting a team the user should be part of. Members aren't required to be part of a team to be associated with an organization.
|
||||
A team is a group of Docker users that belong to an organization. An
|
||||
organization can have multiple teams. An organization owner can create new
|
||||
teams and add members to an existing team using their Docker ID or email
|
||||
address. Members aren't required to be part of a team to be associated with an
|
||||
organization.
|
||||
|
||||
The organization owner can add additional organization owners to help them manage users, teams, and repositories in the organization by assigning them the owner role.
|
||||
The organization owner can add additional organization owners to help them
|
||||
manage users, teams, and repositories in the organization by assigning them
|
||||
the owner role.
|
||||
|
||||
## Organization owner
|
||||
## What is an organization owner?
|
||||
|
||||
An organization owner is an administrator who has the following permissions:
|
||||
|
||||
- Manage repositories and add team members to the organization.
|
||||
- Access private repositories, all teams, billing information, and organization settings.
|
||||
- Specify [permissions](#permissions-reference) for each team in the organization.
|
||||
- Enable [SSO](../../security/for-admins/single-sign-on/_index.md) for the organization.
|
||||
- Manage repositories and add team members to the organization
|
||||
- Access private repositories, all teams, billing information, and
|
||||
organization settings
|
||||
- Specify [permissions](#permissions-reference) for each team in the
|
||||
organization
|
||||
- Enable [SSO](../../security/for-admins/single-sign-on/_index.md) for the
|
||||
organization
|
||||
|
||||
When SSO is enabled for your organization, the organization owner can
|
||||
also manage users. Docker can auto-provision Docker IDs for new end-users or
|
||||
users who'd like to have a separate Docker ID for company use through SSO
|
||||
enforcement.
|
||||
|
||||
The organization owner can also add additional organization owners to help them manage users, teams, and repositories in the organization.
|
||||
Organization owners can add others with the owner role to help them
|
||||
manage users, teams, and repositories in the organization.
|
||||
|
||||
For more information on roles, see
|
||||
[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
|
||||
|
||||
## Create a team
|
||||
|
||||
@@ -40,9 +54,6 @@ The organization owner can also add additional organization owners to help them
|
||||
1. Sign in to [Docker Home](https://app.docker.com) and select your
|
||||
organization.
|
||||
1. Select **Teams**.
|
||||
1. Select **Create team**.
|
||||
1. Fill out your team's information and select **Create**.
|
||||
1. [Add members to your team](members.md#add-a-member-to-a-team).
|
||||
|
||||
{{< /tab >}}
|
||||
{{< tab name="Docker Hub" >}}
|
||||
@@ -58,34 +69,45 @@ organization.
|
||||
{{< /tab >}}
|
||||
{{< /tabs >}}
|
||||
|
||||
## Configure repository permissions for a team
|
||||
## Set team repository permissions
|
||||
|
||||
Organization owners can configure repository permissions on a per-team basis.
|
||||
For example, you can specify that all teams within an organization have "Read and
|
||||
Write" access to repositories A and B, whereas only specific teams have "Admin"
|
||||
access. Note that organization owners have full administrative access to all repositories within the organization.
|
||||
For example, you can specify that all teams within an organization have
|
||||
"Read and Write" access to repositories A and B, whereas only specific
|
||||
teams have "Admin" access.
|
||||
|
||||
Note that organization owners have full administrative access to all
|
||||
repositories within the organization.
|
||||
|
||||
To give a team access to a repository:
|
||||
|
||||
1. Sign in to [Docker Hub](https://hub.docker.com).
|
||||
1. Select **My Hub** and choose your organization.
|
||||
1. Select the **Teams** and select the team that you'd like to configure repository access to.
|
||||
1. In the **Teams** section, select the team you want to configure repository
|
||||
access for.
|
||||
1. Select the **Permissions** tab and select a repository from the
|
||||
**Repository** drop-down.
|
||||
**Repository** drop-down.
|
||||
1. Choose a permission from the **Permissions** drop-down list and select
|
||||
**Add**.
|
||||
**Add**.
|
||||
|
||||
Organization owners can also assign members the editor role to grant partial administrative access. See [Roles and permissions](../../security/for-admins/roles-and-permissions.md) for more about the editor role.
|
||||
Organization owners can also assign members the editor role to grant partial
|
||||
administrative access. For more information on the editor role, see
|
||||
[Roles and permissions](../../security/for-admins/roles-and-permissions.md).
|
||||
|
||||
### Permissions reference
|
||||
|
||||
- `Read-only` access lets users view, search, and pull a private repository in the same way as they can a public repository.
|
||||
- `Read & Write` access lets users pull, push, and view a repository. In addition, it lets users view, cancel, retry or trigger builds
|
||||
- `Read-only` access lets users view, search, and pull a private repository
|
||||
in the same way as they can a public repository.
|
||||
- `Read & Write` access lets users pull, push, and view a repository. In
|
||||
addition, it lets users view, cancel, retry or trigger builds.
|
||||
- `Admin` access lets users pull, push, view, edit, and delete a
|
||||
repository. You can also edit build settings, and update the repositories description, collaborators rights, public/private visibility, and delete.
|
||||
repository. You can also edit build settings and update the repository’s
|
||||
description, collaborator permissions, public/private visibility, and delete.
|
||||
|
||||
Permissions are cumulative. For example, if you have "Read & Write" permissions,
|
||||
you automatically have "Read-only" permissions:
|
||||
you automatically have "Read-only" permissions.
|
||||
|
||||
The following table shows what each permission level allows users to do:
|
||||
|
||||
| Action | Read-only | Read & Write | Admin |
|
||||
|:------------------:|:---------:|:------------:|:-----:|
|
||||
@@ -103,22 +125,25 @@ you automatically have "Read-only" permissions:
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> A user who hasn't verified their email address only has
|
||||
> `Read-only` access to the repository, regardless of the rights their team
|
||||
> membership has given them.
|
||||
> A user who hasn't verified their email address only has `Read-only` access to
|
||||
the repository, regardless of the rights their team membership has given them.
|
||||
|
||||
## View a team's permissions for all repositories
|
||||
## View team permissions for all repositories
|
||||
|
||||
To view a team's permissions across all repositories:
|
||||
|
||||
1. Sign in to [Docker Hub](https://hub.docker.com).
|
||||
1. Select **My Hub** and choose your organization.
|
||||
1. Select **Teams** and choose your team name.
|
||||
1. Select the **Permissions** tab, where you can view the repositories this team can access.
|
||||
1. Select the **Permissions** tab, where you can view the repositories this
|
||||
team can access.
|
||||
|
||||
## Delete a team
|
||||
|
||||
Organization owners can delete a team in Docker Hub or Admin Console. When you remove a team from your organization, this action revokes the members' access to the team's permitted resources. It won't remove users from other teams that they belong to, nor will it delete any resources.
|
||||
Organization owners can delete a team. When you remove a team from your
|
||||
organization, this action revokes member access to the team's permitted
|
||||
resources. It won't remove users from other teams that they belong to, and it
|
||||
won't delete any resources.
|
||||
|
||||
{{< tabs >}}
|
||||
{{< tab name="Admin Console" >}}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
title: Manage organization members
|
||||
weight: 30
|
||||
description: Learn how to manage organization members in Docker Hub and Docker Admin Console.
|
||||
keywords: members, teams, organizations, invite members, manage team members
|
||||
keywords: members, teams, organizations, invite members, manage team members, export member list, edit roles, organization teams, user management
|
||||
aliases:
|
||||
- /docker-hub/members/
|
||||
---
|
||||
@@ -176,7 +176,7 @@ To add a member to a team with Docker Hub:
|
||||
{{< /tab >}}
|
||||
{{< /tabs >}}
|
||||
|
||||
### Remove a member from a team
|
||||
### Remove members from teams
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
@@ -217,6 +217,11 @@ Organization owners can manage [roles](/security/for-admins/roles-and-permission
|
||||
within an organization. If an organization is part of a company,
|
||||
the company owner can also manage that organization's roles. If you have SSO enabled, you can use [SCIM for role mapping](/security/for-admins/provisioning/scim/).
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> If you're the only owner of an organization, you need to assign a new owner
|
||||
before you can edit your role.
|
||||
|
||||
{{< tabs >}}
|
||||
{{< tab name="Admin Console" >}}
|
||||
|
||||
@@ -228,11 +233,6 @@ organization.
|
||||
1. Find the username of the member whose role you want to edit. Select the
|
||||
**Actions** menu, then **Edit role**.
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> If you're the only owner of an organization,
|
||||
> you need to assign a new owner before you can edit your role.
|
||||
|
||||
{{< /tab >}}
|
||||
{{< tab name="Docker Hub" >}}
|
||||
|
||||
@@ -289,4 +289,4 @@ To export a CSV file of your members:
|
||||
1. Select the **Action** icon and then select **Export users as CSV**.
|
||||
|
||||
{{< /tab >}}
|
||||
{{< /tabs >}}
|
||||
{{< /tabs >}}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
title: Onboard your organization
|
||||
weight: 20
|
||||
description: Get started onboarding your Docker Team or Business organization.
|
||||
keywords: business, team, organizations, get started, onboarding
|
||||
keywords: business, team, organizations, get started, onboarding, Admin Console, organization management,
|
||||
toc_min: 1
|
||||
toc_max: 3
|
||||
aliases:
|
||||
@@ -13,33 +13,40 @@ aliases:
|
||||
|
||||
{{< summary-bar feature_name="Admin orgs" >}}
|
||||
|
||||
Learn how to onboard your organization using Docker Hub or the Docker Admin Console.
|
||||
Learn how to onboard your organization using the Admin Console or Docker Hub.
|
||||
|
||||
Onboarding your organization lets administrators gain visibility into user activity and enforce security settings. In addition, members of your organization receive increased pull limits and other organization wide benefits. For more details, see [Docker subscriptions and features](../../subscription/details.md).
|
||||
Onboarding your organization includes:
|
||||
|
||||
In this guide, you'll learn how to do the following:
|
||||
|
||||
- Identify your users to help you efficiently allocate your subscription seats
|
||||
- Identifying users to help you allocate your subscription seats
|
||||
- Invite members and owners to your organization
|
||||
- Secure authentication and authorization for your organization using Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM)
|
||||
- Enforce sign-on for Docker Desktop to ensure security best practices
|
||||
- Secure authentication and authorization for your organization
|
||||
- Enforce sign-in for Docker Desktop to ensure security best practices
|
||||
|
||||
These actions help administrators gain visibility into user activity and
|
||||
enforce security settings. Organization memebers also receive increased pull
|
||||
limits and other benefits when they are signed in.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before you start onboarding your organization, ensure that you:
|
||||
Before you start onboarding your organization, ensure you:
|
||||
|
||||
- Have a Docker Team or Business subscription. See [Docker Pricing](https://www.docker.com/pricing/) for details.
|
||||
- Have a Docker Team or Business subscription. For more details, see
|
||||
[Docker subscriptions and features](/manuals/subscription/details.md).
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> When purchasing a self-serve subscription, the on-screen instructions guide you through creating an organization. If you have purchased a subscription through Docker Sales and you have not yet created an organization, see [Create an organization](/admin/organization/orgs).
|
||||
> When purchasing a self-serve subscription, the on-screen instructions
|
||||
guide you through creating an organization. If you have purchased a
|
||||
subscription through Docker Sales and you have not yet created an
|
||||
organization, see [Create an organization](/manuals/admin/organization/orgs.md).
|
||||
|
||||
- Familiarize yourself with Docker concepts and terminology in the [administration overview](../_index.md) and [FAQs](/faq/admin/general-faqs/).
|
||||
- Familiarize yourself with Docker concepts and terminology in
|
||||
the [administration overview](../_index.md).
|
||||
|
||||
## Onboard with guided setup
|
||||
|
||||
The Admin Console has a guided setup to help you easily
|
||||
onboard your organization. The guided setup steps consist of basic onboarding
|
||||
The Admin Console has a guided setup to help you
|
||||
onboard your organization. The guided setup's steps consist of basic onboarding
|
||||
tasks. If you want to onboard outside of the guided setup,
|
||||
see [Recommended onboarding steps](/manuals/admin/organization/onboard.md#recommended-onboarding-steps).
|
||||
|
||||
@@ -52,8 +59,8 @@ The guided setup walks you through the following onboarding steps:
|
||||
- **Invite your team**: Invite owners and members.
|
||||
- **Manage user access**: Add and verify a domain, manage users with SSO, and
|
||||
enforce Docker Desktop sign-in.
|
||||
- **Docker Desktop security**: Configure image access management, registry access
|
||||
management, and settings management.
|
||||
- **Docker Desktop security**: Configure image access management, registry
|
||||
access management, and settings management.
|
||||
|
||||
## Recommended onboarding steps
|
||||
|
||||
@@ -63,56 +70,93 @@ Identifying your users helps you allocate seats efficiently and ensures they
|
||||
receive your Docker subscription benefits.
|
||||
|
||||
1. Identify the Docker users in your organization.
|
||||
- If your organization uses device management software, like MDM or Jamf, you can use the device management software to help identify Docker users. See your device management software's documentation for details. You can identify Docker users by checking if Docker Desktop is installed at the following location on each user's machine:
|
||||
- If your organization uses device management software, like MDM or Jamf,
|
||||
you can use the device management software to help identify Docker users.
|
||||
See your device management software's documentation for details. You can
|
||||
identify Docker users by checking if Docker Desktop is installed at the
|
||||
following location on each user's machine:
|
||||
- Mac: `/Applications/Docker.app`
|
||||
- Windows: `C:\Program Files\Docker\Docker`
|
||||
- Linux: `/opt/docker-desktop`
|
||||
- If your organization doesn't use device management software or your users haven't installed Docker Desktop yet, you can survey your users.
|
||||
2. Ask users to update their Docker account email to one in your organization’s domain, or create a new account with that email.
|
||||
- To update an account's email address, instruct your users to sign in to [Docker Hub](https://hub.docker.com), and update the email address to their email address in your organization's domain.
|
||||
- To create a new account, instruct your users to go [sign up](https://hub.docker.com/signup) using their email address in your organization's domain.
|
||||
3. Ask your Docker sales representative or [contact sales](https://www.docker.com/pricing/contact-sales/) to get a list of Docker accounts that use an email address in your organization's domain.
|
||||
- If your organization doesn't use device management software or your
|
||||
users haven't installed Docker Desktop yet, you can survey your users to
|
||||
identify who is using Docker Desktop.
|
||||
1. Ask users to update their Docker account's email address to one associated
|
||||
with your organization's domain, or create a new account with that email.
|
||||
- To update an account's email address, instruct your users to sign in
|
||||
to [Docker Hub](https://hub.docker.com), and update the email address to
|
||||
their email address in your organization's domain.
|
||||
- To create a new account, instruct your users to
|
||||
[sign up](https://hub.docker.com/signup) using their email address associated
|
||||
with your organization's domain.
|
||||
1. Identify Docker accounts associated with your organization's domain:
|
||||
- Ask your Docker sales representative or
|
||||
[contact sales](https://www.docker.com/pricing/contact-sales/) to get a list
|
||||
of Docker accounts that use an email address in your organization's domain.
|
||||
- Use [domain audit](/manuals/security/for-admins/domain-audit.md) to
|
||||
identify uncapture users in your organization.
|
||||
|
||||
### Step two: Invite owners
|
||||
|
||||
When you create an organization, you are the only owner. It is optional to add additional owners. Owners can help you onboard and manage your organization.
|
||||
Owners can help you onboard and manage your organization.
|
||||
|
||||
To add an owner, invite a user and assign them the owner role. For more details, see [Invite members](/admin/organization/members/).
|
||||
When you create an organization, you are the only owner. It is optional to
|
||||
add additional owners.
|
||||
|
||||
To add an owner, invite a user and assign them the owner role. For more
|
||||
details, see [Invite members](/manuals/admin/organization/members.md) and
|
||||
[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
|
||||
|
||||
### Step three: Invite members
|
||||
|
||||
When you add users to your organization, you gain visibility into their activity and you can enforce security settings. In addition, members of your organization receive increased pull limits and other organization wide benefits.
|
||||
When you add users to your organization, you gain visibility into their
|
||||
activity and you can enforce security settings. Your members also
|
||||
receive increased pull limits and other organization wide benefits when
|
||||
they are signed in.
|
||||
|
||||
To add a member, invite a user and assign them the member role. For more details, see [Invite members](/admin/organization/members/).
|
||||
To add a member, invite a user and assign them the member role.
|
||||
For more details, see [Invite members](/manuals/admin/organization/members.md) and
|
||||
[Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md).
|
||||
|
||||
### Step four: Manage user access with SSO and SCIM
|
||||
|
||||
Configuring SSO and SCIM is optional and only available to Docker Business subscribers. To upgrade a Docker Team subscription to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
|
||||
Configuring SSO and SCIM is optional and only available to Docker Business
|
||||
subscribers. To upgrade a Docker Team subscription to a Docker Business
|
||||
subscription, see [Change your subscription](/manuals/subscription/change.md).
|
||||
|
||||
Use your identity provider (IdP) to manage members and provision them to Docker
|
||||
automatically via SSO and SCIM. See the following for more details:
|
||||
|
||||
- [Configure SSO](/manuals/security/for-admins/single-sign-on/configure.md) to authenticate and add members when they sign in to Docker through your identity provider.
|
||||
- Optional. [Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) to ensure that when users sign in to Docker, they must use SSO.
|
||||
- [Configure SSO](/manuals/security/for-admins/single-sign-on/configure.md)
|
||||
to authenticate and add members when they sign in to Docker through your
|
||||
identity provider.
|
||||
- Optional.
|
||||
[Enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md) to
|
||||
ensure that when users sign in to Docker, they must use SSO.
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
> Enforcing single sign-on (SSO) and enforcing Docker Desktop sign in
|
||||
are different features. For more details, see
|
||||
> [Enforcing sign-in versus enforcing single sign-on (SSO)](/security/for-admins/enforce-sign-in/#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
|
||||
> [Enforcing sign-in versus enforcing single sign-on (SSO)](/manuals/security/for-admins/enforce-sign-in.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
|
||||
|
||||
- [Configure SCIM](/security/for-admins/provisioning/scim/) to automatically provision, add, and de-provision members to Docker through your identity provider.
|
||||
- [Configure SCIM](/manuals/security/for-admins/provisioning/scim.md) to
|
||||
automatically provision, add, and de-provision members to Docker through
|
||||
your identity provider.
|
||||
|
||||
### Step five: Enforce sign-in for Docker Desktop
|
||||
|
||||
By default, members of your organization can use Docker Desktop without signing
|
||||
in. When users don’t sign in as a member of your organization, they don’t
|
||||
receive the [benefits of your organization’s subscription](../../subscription/details.md) and they can circumvent [Docker’s security features](/security/for-admins/hardened-desktop/).
|
||||
receive the
|
||||
[benefits of your organization’s subscription](../../subscription/details.md)
|
||||
and they can circumvent [Docker’s security features](/manuals/security/for-admins/hardened-desktop/_index.md).
|
||||
|
||||
There are multiple ways you can enforce sign-in, depending on your company's setup and preferences:
|
||||
- [Registry key method (Windows only)](/security/for-admins/enforce-sign-in/methods/#registry-key-method-windows-only)
|
||||
- [`.plist` method (Mac only)](/security/for-admins/enforce-sign-in/methods/#plist-method-mac-only)
|
||||
- [`registry.json` method (All)](/security/for-admins/enforce-sign-in/methods/#registryjson-method-all)
|
||||
There are multiple ways you can enforce sign-in, depending on your organization's
|
||||
Docker configuration:
|
||||
- [Registry key method (Windows only)](/manuals/security/for-admins/enforce-sign-in/methods.md#registry-key-method-windows-only)
|
||||
- [`.plist` method (Mac only)](/manuals/security/for-admins/enforce-sign-in/methods.md#plist-method-mac-only)
|
||||
- [`registry.json` method (All)](/manuals/security/for-admins/enforce-sign-in/methods.md#registryjson-method-all)
|
||||
|
||||
### Step six: Manage Docker Desktop security
|
||||
|
||||
@@ -129,4 +173,5 @@ security posture:
|
||||
- Configure [Hardened Docker Desktop](/desktop/hardened-desktop/) to improve your organization’s security posture for containerized development.
|
||||
- [Manage your domains](/manuals/security/for-admins/domain-management.md) to ensure that all Docker users in your domain are part of your organization.
|
||||
|
||||
Your Docker subscription provides many more additional features. To learn more, see [Docker subscriptions and features](/subscription/details/).
|
||||
Your Docker subscription provides many more additional features. To learn more,
|
||||
see [Docker subscriptions and features](/subscription/details/).
|
||||
|
||||
@@ -2,23 +2,29 @@
|
||||
title: Create your organization
|
||||
weight: 10
|
||||
description: Learn how to create an organization.
|
||||
keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker
|
||||
Hub, docs, documentation
|
||||
keywords: docker organizations, organization, create organization, docker teams, docker admin console, organization management
|
||||
aliases:
|
||||
- /docker-hub/orgs/
|
||||
- /docker-hub/orgs/
|
||||
---
|
||||
|
||||
{{< summary-bar feature_name="Admin orgs" >}}
|
||||
|
||||
This section describes how to create an organization. Before you begin:
|
||||
This page describes how to create an organization.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before you begin creating an organization:
|
||||
|
||||
- You need a [Docker ID](/accounts/create-account/)
|
||||
- Review the [Docker subscriptions and features](../../subscription/details.md) to determine what subscription to choose for your organization
|
||||
- Review the [Docker subscriptions and features](../../subscription/details.md)
|
||||
to determine what subscription to choose for your organization
|
||||
|
||||
## Create an organization
|
||||
|
||||
There are multiple ways to create an organization. You can either:
|
||||
- Create a new organization using the **Create Organization** option in Docker Hub
|
||||
|
||||
- Create a new organization using the **Create Organization** option in the
|
||||
Admin Console or Docker Hub
|
||||
- Convert an existing user account to an organization
|
||||
|
||||
The following section contains instructions on how to create a new organization. For prerequisites and
|
||||
@@ -105,7 +111,8 @@ configure your organization.
|
||||
|
||||
To view an organization:
|
||||
|
||||
1. Sign in to [Docker Hub](https://hub.docker.com) with a user account that is a member of any team in the organization.
|
||||
1. Sign in to [Docker Hub](https://hub.docker.com) with a user account that is
|
||||
a member of any team in the organization.
|
||||
|
||||
> [!NOTE]
|
||||
>
|
||||
@@ -139,10 +146,9 @@ configure your organization.
|
||||
- **Settings**: Displays information about your
|
||||
organization, and you to view and change your repository privacy
|
||||
settings, configure org permissions such as
|
||||
[Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the
|
||||
organization's **Settings** page.
|
||||
[Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md), configure notification settings, and [deactivate](/manuals/admin/organization/deactivate-account.md#deactivate-an-organization) You can also update your organization name and company name that appear on your organization landing page. You must be an owner to access the organization's **Settings** page.
|
||||
- **Billing**: Displays information about your existing
|
||||
[Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md).
|
||||
[Docker subscription](../../subscription/_index.md), including the number of seats and next payment due date. For how to access the billing history and payment methods for your organization, see [View billing history](../../billing/history.md).
|
||||
|
||||
{{< /tab >}}
|
||||
{{< /tabs >}}
|
||||
@@ -151,12 +157,13 @@ configure your organization.
|
||||
|
||||
> [!WARNING]
|
||||
>
|
||||
> If you are merging organizations, it is recommended to do so at the *end* of
|
||||
> If you are merging organizations, it is recommended to do so at the _end_ of
|
||||
> your billing cycle. When you merge an organization and downgrade another, you
|
||||
> will lose seats on your downgraded organization. Docker does not offer
|
||||
> refunds for downgrades.
|
||||
|
||||
If you have multiple organizations that you want to merge into one, complete the following:
|
||||
If you have multiple organizations that you want to merge into one, complete
|
||||
the following steps:
|
||||
|
||||
1. Based on the number of seats from the secondary organization, [purchase additional seats](../../subscription/manage-seats.md) for the primary organization account that you want to keep.
|
||||
1. Manually add users to the primary organization and remove existing users from the secondary organization.
|
||||
@@ -165,7 +172,8 @@ If you have multiple organizations that you want to merge into one, complete the
|
||||
|
||||
> [!TIP]
|
||||
>
|
||||
> If your organization has a Docker Business subscription with a purchase order, contact Support or your Account Manager at Docker.
|
||||
> If your organization has a Docker Business subscription with a purchase
|
||||
order, contact Support or your Account Manager at Docker.
|
||||
|
||||
## More resources
|
||||
|
||||
|
||||
Reference in New Issue
Block a user