Merge pull request #21939 from docker/published-update

sarahsanders-docker · web-flow · commit 74b985a482e1 · 2025-01-31T07:30:16.000-08:00
publish updates from main
diff --git a/content/manuals/billing/details.md b/content/manuals/billing/details.md
@@ -24,7 +24,9 @@ To update your billing information:
 2. Under Settings and administration, select **Billing**.
 3. Select **Billing information** from the left-hand navigation.
 4. On your billing information card, select **Change**.
-5. Update your billing contact and billing address information, then select **Update**.
+5. Update your billing contact and billing address information.
+6. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
+7. Select **Update**.
 
 {{< /tab >}}
 {{< tab name="Legacy Docker plan" >}}
@@ -35,7 +37,8 @@ To update your billing information:
 2. Select your avatar in the top-right corner.
 3. From the drop-down menu, select **Billing**.
 4. Select **Billing Address** and enter your updated billing information.
-5. Select **Submit**.
+5. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
+6. Select **Submit**.
 
 {{< /tab >}}
 {{< /tabs >}}
@@ -55,7 +58,9 @@ To update your billing information:
 2. Under Settings and administration, select **Billing**.
 3. Select **Billing information** from the left-hand navigation.
 4. On your billing information card, select **Change**.
-5. Update your billing contact and billing address information, then select **Update**.
+5. Update your billing contact and billing address information.
+6. Optional. To add or update a VAT ID, select the **I'm purchasing as a business** checkbox and enter your Tax ID.
+7. Select **Update**.
 
 {{< /tab >}}
 {{< tab name="Legacy Docker plan" >}}
@@ -67,7 +72,7 @@ To update your billing information:
 3. From the drop-down menu select **Billing**.
 4. Select the organization that you want to change the payment method for.
 5. Select **Billing Address**.
-6. Enter your updated billing information.
+6. Optional. To add or update a VAT ID, enter your **Tax ID/VAT**.
 7. Select **Submit**.
 
 {{< /tab >}}
diff --git a/content/manuals/billing/faqs.md b/content/manuals/billing/faqs.md
@@ -29,13 +29,13 @@ If your subscription payment fails, there is a grace period of 15 days, includin
 - 5 days after the previous attempt
 - 7 days after the previous attempt
 
-Docker also sends an email notification `Action Required - Credit Card Payment Failed` with an attached unpaid invoice after each failed payment attempt. 
+Docker also sends an email notification `Action Required - Credit Card Payment Failed` with an attached unpaid invoice after each failed payment attempt.
 
 Once the grace period is over and the invoice is still not paid, the subscription downgrades to a free plan and all paid features are disabled.
 
 ### Does Docker collect sales tax and/or VAT?
 
-Starting July 1, 2024, Docker will begin collecting sales tax on subscription fees in compliance with state regulations for customers in the United States. For global customers subject to VAT, the implementation will start rolling out on July 1, 2024. Note that while the rollout begins on this date, VAT charges may not apply to all applicable subscriptions immediately.
+Docker began collecting sales tax on subscription fees for United States customers on July 1, 2024. For European customers, Docker will begin collecting VAT on March 1, 2025.
 
 To ensure that tax assessments are correct, make sure that your billing information and VAT/Tax ID, if applicable, are updated. See [Update the billing information](/billing/details/).
 
diff --git a/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md b/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md
@@ -8,14 +8,10 @@ aliases:
 - /faq/security/single-sign-on/enforcement-faqs/
 ---
 
-### We currently have a Docker Team subscription. How do we enable SSO?
+### I currently have a Docker Team subscription. How do I enable SSO?
 
 SSO is available with a Docker Business subscription. To enable SSO, you must first upgrade your subscription to a Docker Business subscription. To learn how to upgrade your existing account, see [Upgrade your subscription](../../../subscription/change.md).
 
-### How do service accounts work with SSO?
-
-Service accounts work like any other user when SSO is turned on. If the service account is using an email for a domain with SSO turned on, it needs a PAT for CLI and API usage.
-
 ### Is DNS verification required to enable SSO?
 
 Yes. You must verify a domain before using it with an SSO connection.
@@ -26,9 +22,9 @@ When SSO is enforced, [passwords are prevented from accessing the Docker CLI](/s
 
 Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](/security/for-developers/access-tokens/). Users who already used a PAT to sign in before SSO enforcement will still be able to use that PAT to authenticate.
 
-### How does SSO affect our automation systems and CI/CD pipelines?
+### How does SSO affect automation systems and CI/CD pipelines?
 
-Before enforcing SSO, you must create PATs for automation systems and CI/CD pipelines and use the tokens instead of a password.
+Before enforcing SSO, you must [create PATs](/security/for-developers/access-tokens/). These PATs are used instead of passwords for signing into automation systems and CI/CD pipelines.
 
 ### What can organization users who authenticated with personal emails prior to enforcement expect?
 
@@ -38,34 +34,23 @@ Ensure your users have their organization email on their account, so that the ac
 
 Yes, you can choose to not enforce, and users have the option to use either Docker ID (standard email and password) or domain-verified email address (SSO) at the sign-in screen.
 
-### SSO is enforced, but one of our users is able to sign in through username and password. Why is this happening?
+### SSO is enforced, but a user can sign in using a username and password. Why is this happening?
 
 Guest users who are not part of your registered domain but have been invited to your organization do not sign in through your SSO Identity Provider. SSO enforcement only requires that users which do belong to your domain, must go through the SSO IdP.
 
 ### Is there a way to test this functionality in a test tenant with Okta before going to production?
 
-Yes, you can create a test organization. Companies can set up a new 5 seat Business plan on a new organization to test with (making sure to only enable SSO, not enforce it or all domain email users will be forced to sign in to that test tenant).
-
-### Once we enable SSO for Docker Desktop, what's the impact to the flow for Build systems that use service accounts?
-
-If you enable SSO, there is no impact. Both username/password or personal access token (PAT) sign-in are supported.
-However, if you enforce SSO:
-
-- Service Account domain email addresses must not be aliased and must be enabled in their IdP
-- Username/password authentication [won’t work](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced), so you should update the build system to use a PAT instead of a password
-- Those who know the IdP credentials can sign in as that Service Account through SSO on Hub and create or change the personal access token for that service account.
+Yes, you can create a test organization. Companies can set up a new 5 seat Business plan on a new organization to test with. To do this, make sure to only enable SSO, not enforce it, or all domain email users will be forced to sign in to that test tenant.
 
 ### Is the sign in required tracking at runtime or install time?
 
-At runtime for Docker Desktop if it’s configured to require authentication to the organization.
+For Docker Desktop, if it's configured to require authentication to the organization, it tracks at runtime.
 
 ### What is enforcing SSO versus enforcing sign-in?
 
 Enforcing SSO and enforcing sign-in to Docker Desktop are different features that you can use separately or together.
 
 Enforcing SSO ensures that users sign in using their SSO credentials instead of their Docker ID. One of the benefits is that SSO enables you to better manage user credentials.
 
-Enforcing sign-in to Docker Desktop ensures that users always sign in to an
-
-account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/enforce-sign-in/_index.md).
+Enforcing sign-in to Docker Desktop ensures that users always sign in to an account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/enforce-sign-in/_index.md#enforcing-sign-in-versus-enforcing-single-sign-on-sso).
 
diff --git a/content/manuals/security/for-admins/enforce-sign-in/_index.md b/content/manuals/security/for-admins/enforce-sign-in/_index.md
@@ -27,8 +27,7 @@ There are multiple methods for enforcing sign-in, depending on your companies' s
 
 ## How is sign-in enforced?
 
-When Docker Desktop starts and it detects a registry key, `.plist` file, or `registry.json` file, the
-following occurs:
+When Docker Desktop starts and it detects a registry key, `.plist` file, or `registry.json` file, the following occurs:
 
 - A **Sign in required!** prompt appears requiring the user to sign
   in as a member of your organization to use Docker Desktop. ![Enforce Sign-in
@@ -41,10 +40,13 @@ following occurs:
 - When a user signs out, the **Sign in required!** prompt appears and they can
   no longer use Docker Desktop.
 
+> [!NOTE]
+>
+> Enforcing sign-in for Docker Desktop does not impact accessing the Docker CLI. CLI access is only impacted for organizations that enforce single sign-on.
+
 ## Enforcing sign-in versus enforcing single sign-on (SSO)
 
-[Enforcing SSO](/manuals/security/for-admins/single-sign-on/connect.md) and
-enforcing sign-in are different features. The following table provides a
+[Enforcing SSO](/manuals/security/for-admins/single-sign-on/connect.md#optional-enforce-sso) and enforcing sign-in are different features. The following table provides a
 description and benefits when using each feature.
 
 | Enforcement                       | Description                                                     | Benefits                                                                                                                                                                                                                                                   |
diff --git a/content/manuals/security/for-admins/single-sign-on/connect.md b/content/manuals/security/for-admins/single-sign-on/connect.md
@@ -211,6 +211,10 @@ Enforcing SSO requires users to use SSO when signing into Docker. This centraliz
 
 Your users must now sign in to Docker with SSO.
 
+> [!NOTE]
+>
+> When SSO is enforced, [users can't use passwords to access the Docker CLI](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced). Users must use a [personal access token](/manuals/security/for-admins/access-tokens.md) (PAT) for authentication to access the Docker CLI.
+
 ## More resources
 
 The following videos demonstrate how to enforce SSO.
@@ -223,3 +227,4 @@ The following videos demonstrate how to enforce SSO.
 
 - [Provision users](/manuals/security/for-admins/provisioning/_index.md)
 - [Enforce sign-in](../enforce-sign-in/_index.md)
+- [Create access tokens](/manuals/security/for-admins/access-tokens.md)
