|
| 1 | +--- |
| 2 | +title: Manage unassociated machines |
| 3 | +description: Learn how to manage unassociated machines using the Docker Admin Console |
| 4 | +keywords: unassociated machines, insights, manage users, enforce sign-in |
| 5 | +sitemap: false |
| 6 | +params: |
| 7 | + sidebar: |
| 8 | + group: Platform |
| 9 | +--- |
| 10 | + |
| 11 | +{{< summary-bar feature_name="Unassociated machines" >}} |
| 12 | + |
| 13 | +Docker administrators can identify, view, and manage Docker Desktop machines |
| 14 | +that are likely associated with their organization but aren't currently linked |
| 15 | +to user accounts. This self-service capability helps you understand Docker |
| 16 | +Desktop usage across your organization and streamline user onboarding without |
| 17 | +IT involvement. |
| 18 | + |
| 19 | +## Prerequisites |
| 20 | + |
| 21 | +- Docker Business subscription |
| 22 | +- Organization owner access to your Docker organization |
| 23 | + |
| 24 | +## About unassociated machines |
| 25 | + |
| 26 | +Unassociated machines are Docker Desktop instances that Docker has identified |
| 27 | +as likely belonging to your organization based on usage patterns, but the users |
| 28 | +are not signed in to Docker Desktop with an account that is part of your |
| 29 | +organization. |
| 30 | + |
| 31 | +## How Docker identifies unassociated machines |
| 32 | + |
| 33 | +Docker uses telemetry data to identify which machines likely belong to your |
| 34 | +organization: |
| 35 | + |
| 36 | +- Domain matching: Users signed in with email domains associated with your |
| 37 | +organization |
| 38 | +- Registry patterns: Analysis of container registry access patterns that |
| 39 | +indicate organizational usage |
| 40 | + |
| 41 | +## View unassociated machines |
| 42 | + |
| 43 | +To see detailed information about unassociated machines: |
| 44 | + |
| 45 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 46 | +your organization. |
| 47 | +1. In **User management**, select **Unassociated**. |
| 48 | + |
| 49 | +The machine list displays: |
| 50 | + |
| 51 | +- Machine ID (Docker-generated identifier) |
| 52 | +- The registry address used to predict whether a user is part of your |
| 53 | +organization |
| 54 | +- User email (only displays if the user is signed into Docker Desktop while |
| 55 | +using it) |
| 56 | +- Docker Desktop version |
| 57 | +- Operating system (OS) |
| 58 | +- Last activity date |
| 59 | +- Sign-in enforced status |
| 60 | + |
| 61 | +You can: |
| 62 | + |
| 63 | +- Export the list as CSV |
| 64 | +- Take actions on individual or multiple machines |
| 65 | + |
| 66 | +## Enable sign-in enforcement for unassociated machines |
| 67 | + |
| 68 | +> [!NOTE] |
| 69 | +> |
| 70 | +> Sign-in enforcement for unassociated machines is different from |
| 71 | +the [organization-level sign-in enforcement](/security/for-admins/enforce-sign-in/) |
| 72 | +available through `registry.json` and configuration profiles. This sign-in |
| 73 | +enforcement only requires users to sign in so admins can identify who is |
| 74 | +using the machine, meaning users can sign in with any email address. For more |
| 75 | +stringent security controls that limit sign-ins to users who are already part |
| 76 | +of your organization, see [Enforce sign-in](/security/for-admins/enforce-sign-in/). |
| 77 | + |
| 78 | +Sign-in enforcement helps you identify who is using unassociated machines in |
| 79 | +your organization. When you enable enforcement, users on these machines will |
| 80 | +be required to sign in to Docker Desktop. Once they sign in, their email |
| 81 | +addresses will appear in the Unassociated list, allowing you to then add them |
| 82 | +to your organization. |
| 83 | + |
| 84 | +> [!IMPORTANT] |
| 85 | +> |
| 86 | +> Sign-in enforcement only takes effect after Docker Desktop is restarted. |
| 87 | +Users can continue using Docker Desktop until their next restart. |
| 88 | + |
| 89 | +### Enable for all unassociated machines |
| 90 | + |
| 91 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 92 | +your organization. |
| 93 | +1. In **User management**, select **Unassociated**. |
| 94 | +1. Turn on the **Enforce sign-in** toggle. |
| 95 | +1. In the pop-up modal, select **Require sign-in** to confirm. |
| 96 | + |
| 97 | +The **Sign-in required** status will update for all unassociated machines to |
| 98 | +**Yes**. |
| 99 | + |
| 100 | +> [!NOTE] |
| 101 | +> |
| 102 | +> When you enable sign-in enforcement for all unassociated machines, any new |
| 103 | +machines detected in the future will automatically have sign-in enforcement |
| 104 | +enabled. Sign-in enforcement requires Docker Desktop version 4.41 or later. |
| 105 | +Users with older versions will not be prompted to sign in and can continue |
| 106 | +using Docker Desktop normally until they update. Their status shows |
| 107 | +as **Pending** until they update to version 4.41 or later. |
| 108 | + |
| 109 | +### Enable for individual unassociated machines |
| 110 | + |
| 111 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 112 | +your organization. |
| 113 | +1. In **User management**, select **Unassociated**. |
| 114 | +1. Locate the machine you want to enable sign-in enforcement for. |
| 115 | +1. Select the **Actions** menu and choose **Turn on sign-in enforcement**. |
| 116 | +1. In the pop-up modal, select **Require sign-in** to confirm. |
| 117 | + |
| 118 | +The **Sign-in required** status will update for the individual machine to |
| 119 | +**Yes**. |
| 120 | + |
| 121 | +> [!NOTE] |
| 122 | +> |
| 123 | +> Sign-in enforcement requires Docker Desktop version 4.41 or later. Users |
| 124 | +with older versions will not be prompted to sign in and can continue using |
| 125 | +Docker Desktop normally until they update. Their status shows as **Pending** |
| 126 | +until they update to version 4.41 or later. |
| 127 | + |
| 128 | +### What happens when users sign in |
| 129 | + |
| 130 | +After you enable sign-in enforcement: |
| 131 | + |
| 132 | +1. Users must restart Docker Desktop. Enforcement only takes effect after |
| 133 | +restart. |
| 134 | +1. When users open Docker Desktop, they see a sign-in prompt. They must sign |
| 135 | +in to continue using Docker Desktop. |
| 136 | +1. User email addresses appear in the **Unassociated** list. |
| 137 | +1. You can add users to your organization. |
| 138 | + |
| 139 | +Users can continue using Docker Desktop immediately after signing in, even |
| 140 | +before being added to your organization. |
| 141 | + |
| 142 | +## Add unassociated machines to your organization |
| 143 | + |
| 144 | +When users in your organization use Docker without signing in, their machines |
| 145 | +appear in the **Unassociated** list. You can add these users to your |
| 146 | +organization in two ways: |
| 147 | + |
| 148 | +- Automatic addition: |
| 149 | + - Auto-provisioning: If you have verified domains with auto-provisioning |
| 150 | + enabled, users who sign in with a matching email domain will automatically |
| 151 | + be added to your organization. For more information on verifying domains and |
| 152 | + auto-provisioning, see [Domain management](/manuals/security/for-admins/domain-management.md). |
| 153 | + - SSO user provisioning: If you have SSO configured with |
| 154 | + [Just-in-Time provisioning](/manuals/security/for-admins/provisioning/just-in-time.md), |
| 155 | + users who sign in through your SSO connection will automatically be added |
| 156 | + to your organization. |
| 157 | +- Manual addition: If you don't have auto-provisioning or SSO set up, or if a |
| 158 | +user's email domain doesn't match your configured domains, their email will |
| 159 | +appear in the **Unassociated** list where you can choose to add them directly. |
| 160 | + |
| 161 | +> [!NOTE] |
| 162 | +> |
| 163 | +> If you add users and do not have enough seats in your organization, a |
| 164 | +pop-up will appear prompting you to **Get more seats**. |
| 165 | + |
| 166 | +### Add individual users |
| 167 | + |
| 168 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 169 | +your organization. |
| 170 | +1. In **User management**, select **Unassociated**. |
| 171 | +1. Locate the machine you want to add to your organization. |
| 172 | +1. Select the **Actions** menu and choose **Add to organization**. |
| 173 | +1. In the pop-up modal, select **Add user**. |
| 174 | + |
| 175 | +### Bulk add users |
| 176 | + |
| 177 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 178 | +your organization. |
| 179 | +1. In **User management**, select **Unassociated**. |
| 180 | +1. Use the **checkboxes** to select the machines you want to add to your |
| 181 | +organizations. |
| 182 | +1. Select the **Add to organization** button. |
| 183 | +1. In the pop-up modal, select **Add users** to confirm. |
| 184 | + |
| 185 | +## Disable sign-in enforcement |
| 186 | + |
| 187 | +### Disable for all unassociated machines |
| 188 | + |
| 189 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 190 | +your organization. |
| 191 | +1. In **User management**, select **Unassociated**. |
| 192 | +1. Turn off the **Enforce sign-in** toggle. |
| 193 | +1. In the pop-up modal, select **Turn off sign-in requirement** to confirm. |
| 194 | + |
| 195 | +The **Sign-in required** status will update for all unassociated machines to |
| 196 | +**No**. |
| 197 | + |
| 198 | +### Disable for specific unassociated machines |
| 199 | + |
| 200 | +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select |
| 201 | +your organization. |
| 202 | +1. In **User management**, select **Unassociated**. |
| 203 | +1. Locate the machine you want to disable sign-in enforcement for. |
| 204 | +1. Select the **Actions** menu and choose **Turn off sign-in enforcement**. |
| 205 | +1. In the pop-up modal, select **Turn off sign-in requirement** to confirm. |
| 206 | + |
| 207 | +The **Sign-in required** status will update for the individual machine to |
| 208 | +**No**. |
0 commit comments