centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-05 02:38:52 +07:00
Code Issues Packages Projects Releases Wiki Activity

Fix vale

Browse Source
This commit is contained in:
twelsh-aw
2024-07-09 14:26:11 -04:00
parent 45394a2c22
commit fbc3288420
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/security/faqs/single-sign-on/enforcement-faqs.md
View File

@@ -40,7 +40,7 @@ Yes, you can choose to not enforce, and users have the option to use either Dock
### SSO is enforced, but one of our users is able to sign in through username and password. Why is this happening?
Guest users who are not part of your registered domain but have been invited to your organization do not login through your SSO Identity Provider. SSO Enforcement only requires that users which _do_ belong to your domain must go through the SSO IdP.
Guest users who are not part of your registered domain but have been invited to your organization do not sign-in through your SSO Identity Provider. SSO Enforcement only requires that users which _do_ belong to your domain must go through the SSO IdP.
### Is there a way to test this functionality in a test tenant with Okta before going to production?

2
content/security/for-admins/single-sign-on/_index.md
View File

@@ -30,7 +30,7 @@ The following diagram shows how SSO operates and is managed in Docker Hub and Do
* You must first notify your company about the new SSO login procedures.
* Verify that your members have Docker Desktop version 4.4.2, or later, installed on their machines.
* If your organization is planning to [enforce SSO](/security/for-admins/single-sign-on/connect/#optional-enforce-sso), members using the Docker CLI will be required to [create a Personal Access Token (PAT)](/docker-hub/access-tokens/) to sign in instead of with a username and password. Docker plans to deprecate signing in to the CLI with a password in the future, so using a PAT will be required to prevent issues with authentication. For more details see the [security announcement](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced).
* Ensure all your Docker users have a valid user on your IDP with the same email address as their Unique Primary Identifier (UPN)
* Ensure all your Docker users have a valid user on your IdP with the same email address as their Unique Primary Identifier (UPN)
* Confirm that all CI/CD pipelines have replaced their passwords with PATs.
* For your service accounts, add your additional domains or enable it in your IdP.

2
content/security/security-announcements.md
View File

@@ -10,7 +10,7 @@ toc_max: 2
_Last updated July, 2024_
When [SSO Enforcement](/security/for-admins/single-sign-on/connect/#optional-enforce-sso) was first introduced, Docker provided a grace period to continue to allow passwords to be used on the Docker CLI when authenticating to Docker Hub. This was allowed to provide organizations easier adoption of the SSO Enforcement feature. Admins configuring SSO have been recommended that users using the CLI [switch over to Personal Access Tokens](/security/for-admins/single-sign-on/#prerequisites) in anticipation of this grace period ending.
When [SSO Enforcement](/security/for-admins/single-sign-on/connect/#optional-enforce-sso) was first introduced, Docker provided a grace period to continue to let passwords to be used on the Docker CLI when authenticating to Docker Hub. This was allowed to provide organizations easier adoption of the SSO Enforcement feature. Admins configuring SSO have been recommended that users using the CLI [switch over to Personal Access Tokens](/security/for-admins/single-sign-on/#prerequisites) in anticipation of this grace period ending.
On September 16, 2024 the grace period will end and passwords will no longer be able to authenticate to Docker Hub via the Docker CLI when SSO is enforced. Affected users are required to switch over to using PATs to continue logging in.