Skip to content

Commit

Permalink
Multi IdP updates, and some typo fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
sarahsanders-docker committed Dec 19, 2024
1 parent c41ed45 commit acfffcd
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 7 deletions.
4 changes: 2 additions & 2 deletions content/manuals/admin/faqs/general-faqs.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Developers may have multiple Docker IDs in order to separate their Docker IDs as

### What if my Docker ID is taken?

All Docker IDs are first-come, first-served except for companies that have a US Trademark on a username. If you have a trademark for your namespace, [Docker Support](https://hub.docker.com/support/contact/) can retrieve the Docker ID for you.
All Docker IDs are first-come, first-served except for companies that have a U.S. Trademark on a username. If you have a trademark for your namespace, [Docker Support](https://hub.docker.com/support/contact/) can retrieve the Docker ID for you.

### What’s an organization?

Expand Down Expand Up @@ -60,7 +60,7 @@ The organization owner can also add additional owners to help them manage users,

### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org?

Docker SSO allows only one IdP configuration per organization. For more
Yes. Docker SSO supports multiple IdP configurations. For more
information, see [Configure SSO](../../security/for-admins/single-sign-on/configure/_index.md) and [SSO FAQs](../../security/faqs/single-sign-on/faqs.md).

### What is a service account?
Expand Down
4 changes: 2 additions & 2 deletions content/manuals/security/faqs/single-sign-on/idp-faqs.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ aliases:

### Is it possible to use more than one IdP with Docker SSO?

No. You can only configure Docker SSO to work with a single IdP. A domain can only be associated with a single IdP. Docker supports Entra ID (formerly Azure AD) and identity providers that support SAML 2.0.
Yes. Docker supports multiple IdP configurations. A domain can be associated with multiple IdPs. Docker supports Entra ID (formerly Azure AD) and identity providers that support SAML 2.0.

Check warning on line 13 in content/manuals/security/faqs/single-sign-on/idp-faqs.md

View workflow job for this annotation

GitHub Actions / vale

[vale] reported by reviewdog 🐶 [Docker.Acronyms] 'AD' has no definition. Raw Output: {"message": "[Docker.Acronyms] 'AD' has no definition.", "location": {"path": "content/manuals/security/faqs/single-sign-on/idp-faqs.md", "range": {"start": {"line": 13, "column": 139}}}, "severity": "WARNING"}

### Is it possible to change my identity provider after configuring SSO?

Expand Down Expand Up @@ -56,4 +56,4 @@ Yes, Entra ID (formerly Azure AD) is supported with SSO for Docker Business, bot

### My SSO connection with Entra ID isn't working and I receive an error that the application is misconfigured. How can I troubleshoot this?

Confirm that you've configured the necessary API permissions in Entra ID (formerly Azure AD) for your SSO connection. You need to grant admin consent within your Entra ID (formerly Azure AD) tenant. See [Entra ID (formerly Azure AD) documentation](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#grant-admin-consent-in-app-registrations).
Confirm that you've configured the necessary API permissions in Entra ID (formerly Azure AD) for your SSO connection. You need to grant administrator consent within your Entra ID (formerly Azure AD) tenant. See [Entra ID (formerly Azure AD) documentation](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#grant-admin-consent-in-app-registrations).

Check warning on line 59 in content/manuals/security/faqs/single-sign-on/idp-faqs.md

View workflow job for this annotation

GitHub Actions / vale

[vale] reported by reviewdog 🐶 [Docker.Acronyms] 'AD' has no definition. Raw Output: {"message": "[Docker.Acronyms] 'AD' has no definition.", "location": {"path": "content/manuals/security/faqs/single-sign-on/idp-faqs.md", "range": {"start": {"line": 59, "column": 90}}}, "severity": "WARNING"}

Check warning on line 59 in content/manuals/security/faqs/single-sign-on/idp-faqs.md

View workflow job for this annotation

GitHub Actions / vale

[vale] reported by reviewdog 🐶 [Docker.Acronyms] 'AD' has no definition. Raw Output: {"message": "[Docker.Acronyms] 'AD' has no definition.", "location": {"path": "content/manuals/security/faqs/single-sign-on/idp-faqs.md", "range": {"start": {"line": 59, "column": 196}}}, "severity": "WARNING"}

Check warning on line 59 in content/manuals/security/faqs/single-sign-on/idp-faqs.md

View workflow job for this annotation

GitHub Actions / vale

[vale] reported by reviewdog 🐶 [Docker.Acronyms] 'AD' has no definition. Raw Output: {"message": "[Docker.Acronyms] 'AD' has no definition.", "location": {"path": "content/manuals/security/faqs/single-sign-on/idp-faqs.md", "range": {"start": {"line": 59, "column": 238}}}, "severity": "WARNING"}
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ Get started creating a single sign-on (SSO) connection for your organization or

## Step one: Add your domain

> [!NOTE]
>
> Docker supports multiple identity provider (IdP) configurations. With a multiple IdP configuration, one domain can be associated with more than one SSO identity provider.
{{< tabs >}}
{{< tab name="Admin Console" >}}

Expand Down
9 changes: 7 additions & 2 deletions content/manuals/security/for-admins/single-sign-on/connect.md
Original file line number Diff line number Diff line change
Expand Up @@ -186,15 +186,20 @@ After you've completed the SSO connection process in Docker, we recommend testin

1. Open an incognito browser.
2. Sign in to the Admin Console using your **domain email address**.
3. The browser will redirect to your IdP's login page to authenticate.
3. The browser will redirect to your identity provider's sign in page to authenticate. If you have [multiple IdPs](#optional-configure-multiple-idps), the browser will prompt your to choose your identity provider.
4. Authenticate through your domain email instead of using your Docker ID.

You can also test your SSO connection through the command-line interface (CLI). If you want to test through the CLI, your users must have a personal access token (PAT).

## Optional: Configure multiple IdPs

Docker supports multiple IdP configurations. With multiple IdPs configured, one domain can be associated with multiple SSO identity providers. To configure multiple IdPs, repeat steps 1-4 in this guide for each IdP. Ensure each IdP configuration uses the same domain.

When a user signs in to a Docker organization that has multiple IdPs, the user is prompted to choose their identity provider. Once they have chosen their identity provider, they will authenticate through their domain email.

## Optional: Enforce SSO

>[!IMPORTANT]
> [!IMPORTANT]
>
> If SSO isn't enforced, users can choose to sign in with either their Docker username and password or SSO.
Expand Down
2 changes: 1 addition & 1 deletion layouts/shortcodes/admin-sso-management-connections.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

{{ if eq (.Get "product") "admin" }}
{{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
{{ $sso_navigation = "Select your organization or company from the Choose proifle page, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
{{ $sso_navigation = "Select your organization or company from the Choose profile page, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
{{ end }}

### Edit a connection
Expand Down
4 changes: 4 additions & 0 deletions layouts/shortcodes/admin-sso-management.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@

### Remove a domain from an SSO connection

> [!IMPORTANT]
>
> Docker supports multiple IdP configurations, where a single domain is used for multiple SSO identity providers. If you want to remove a domain from multiple SSO connections, you must remove it from each connection individually.
1. Sign in to {{ $product_link }}.
2. {{ $sso_navigation }}
3. In the SSO connections table, select the **Action** icon and then **Edit connection**.
Expand Down

0 comments on commit acfffcd

Please sign in to comment.