|
| 1 | +--- |
| 2 | +description: Learn how to manage domains and users in the Admin Console |
| 3 | +keywords: domain management, security, identify users, manage users |
| 4 | +title: Domain management |
| 5 | +weight: 55 |
| 6 | +--- |
| 7 | + |
| 8 | +{{< summary-bar feature_name="Domain management" >}} |
| 9 | + |
| 10 | +Domain management lets you add and verify domains, and enable |
| 11 | +auto-provisioning for users. Auto-provisioning adds users to your |
| 12 | +organization when they sign in with an email address that matches a verified |
| 13 | +domain. |
| 14 | + |
| 15 | +This simplifies user management, ensures consistent security settings, and |
| 16 | +reduces the risk of unmanaged users accessing Docker without visibility |
| 17 | +or control. |
| 18 | + |
| 19 | +## Add a domain |
| 20 | + |
| 21 | +1. Sign in to the [Admin Console](https://admin.docker.com/). |
| 22 | +2. Select your organization or company from the **Choose profile** page. |
| 23 | +If your organization is part of a company, select the company |
| 24 | +and configure the domain for the organization at the company level. |
| 25 | +3. Under **Security and access**, select **Domain management**. |
| 26 | +4. Select **Add a domain**. |
| 27 | +5. Enter your domain and select **Add domain**. |
| 28 | +6. In the pop-up modal, copy the **TXT Record Value** to verify your domain. |
| 29 | + |
| 30 | +## Verify a domain |
| 31 | + |
| 32 | +Verifying your domain confirms that you own it. To verify, add a TXT record to |
| 33 | +your Domain Name System (DNS) host using the value provided by Docker. This |
| 34 | +value proves ownership and instructs your DNS to publish the record. |
| 35 | + |
| 36 | +It can take up to 72 hours for the DNS change to propagate. Docker automatically |
| 37 | +checks for the record and confirms ownership once the change is recognized. |
| 38 | + |
| 39 | +Follow your DNS provider’s documentation to add the **TXT Record Value**. If |
| 40 | +your provider isn't listed, use the steps for other providers. |
| 41 | + |
| 42 | +> [!TIP] |
| 43 | +> |
| 44 | +> The record name field determines where the TXT record is added in your domain |
| 45 | +(root or subdomain). In general, refer to the following tips for |
| 46 | +adding a record name: |
| 47 | +> |
| 48 | +> - Use `@` or leave the record name empty for root domains like `example.com`, |
| 49 | +depending on your provider. |
| 50 | +> - Don't enter values like `docker`, `docker-verification`, `www`, or your |
| 51 | +domain name. These values may direct to the wrong place. |
| 52 | +> |
| 53 | +> Check your DNS provider's documentation to verify record name requirements. |
| 54 | +
|
| 55 | +{{< tabs >}} |
| 56 | +{{< tab name="AWS Route 53" >}} |
| 57 | + |
| 58 | +1. To add your TXT record to AWS, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html). |
| 59 | +2. TXT record verification can take 72 hours. Once you have waited for |
| 60 | +TXT record verification, return to the **Domain management** page of the |
| 61 | +[Admin Console](https://app.docker.com/admin) and select **Verify** next to |
| 62 | +your domain name. |
| 63 | + |
| 64 | +{{< /tab >}} |
| 65 | +{{< tab name="Google Cloud DNS" >}} |
| 66 | + |
| 67 | +1. To add your TXT record to Google Cloud DNS, see [Verifying your domain with a TXT record](https://cloud.google.com/identity/docs/verify-domain-txt). |
| 68 | +2. TXT record verification can take 72 hours. Once you have waited for TXT |
| 69 | +record verification, return to the **Domain management** page of the |
| 70 | +[Admin Console](https://app.docker.com/admin) and select **Verify** next to |
| 71 | +your domain name. |
| 72 | + |
| 73 | +{{< /tab >}} |
| 74 | +{{< tab name="GoDaddy" >}} |
| 75 | + |
| 76 | +1. To add your TXT record to GoDaddy, see [Add a TXT record](https://www.godaddy.com/help/add-a-txt-record-19232). |
| 77 | +2. TXT record verification can take 72 hours. Once you have waited for TXT |
| 78 | +record verification, return to the **Domain management** page of the |
| 79 | +[Admin Console](https://app.docker.com/admin) and select **Verify** next to your |
| 80 | +domain name. |
| 81 | + |
| 82 | +{{< /tab >}} |
| 83 | +{{< tab name="Other providers" >}} |
| 84 | + |
| 85 | +1. Sign in to your domain host. |
| 86 | +2. Add a TXT record to your DNS settings and save the record. |
| 87 | +3. TXT record verification can take 72 hours. Once you have waited for TXT |
| 88 | +record verification, return to the **Domain management** page of the |
| 89 | +[Admin Console](https://app.docker.com/admin) and select **Verify** next to |
| 90 | +your domain name. |
| 91 | + |
| 92 | +{{< /tab >}} |
| 93 | +{{< /tabs >}} |
| 94 | + |
| 95 | +## Delete a domain |
| 96 | + |
| 97 | +Deleting a domain removes the assigned TXT record value. To delete a domain: |
| 98 | + |
| 99 | +1. Sign in to the [Admin Console](https://admin.docker.com/). |
| 100 | +2. Select your organization or company from the **Choose profile** page. |
| 101 | +If your organization is part of a company, select the company |
| 102 | +and configure the domain for the organization at the company level. |
| 103 | +3. Under **Security and access**, select **Domain management**. |
| 104 | +4. For the domain you want to delete, section the **Actions** menu, then |
| 105 | +**Delete domain**. |
| 106 | +5. To confirm, select **Delete domain** in the pop-up modal. |
| 107 | + |
| 108 | +## Auto-provisioning |
| 109 | + |
| 110 | +You must add and verify a domain before enabling auto-provisioning. This |
| 111 | +confirms your organization owns the domain. Once a domain is verified, |
| 112 | +Docker can automatically associate matching users with your organization. |
| 113 | +Auto-provisioning does not require an SSO connection. |
| 114 | + |
| 115 | +> [!IMPORTANT] |
| 116 | +> |
| 117 | +> For domains that are part of an SSO connection, Just-in-Time (JIT) overrides |
| 118 | +auto-provisioning to add users to an organization. |
| 119 | + |
| 120 | +### How it works |
| 121 | + |
| 122 | +When auto-provisioning is enabled for a verified domain, the next time a user |
| 123 | +signs into Docker with an email address that is associated with your verified |
| 124 | +domain, they are automatically added to your organization. Auto-provisioning |
| 125 | +does not create accounts for new users, it adds existing unassociated users to |
| 126 | +your organization. Users will *not* experience any sign in or user experience |
| 127 | +changes. |
| 128 | + |
| 129 | +When a new user is auto-provisioned, company and organization owners will |
| 130 | +receive an email notifying them that a new user has been added to their |
| 131 | +organization. If you need to add more seats to your organization to |
| 132 | +to accomodate new users, see [Manage seats](/manuals/subscription/manage-seats.md). |
| 133 | + |
| 134 | +### Enable auto-provisioning |
| 135 | + |
| 136 | +Auto-provisioning is enabled per user. To enable |
| 137 | +auto-provisioning: |
| 138 | + |
| 139 | +1. Open the [Admin Console](https://app.docker.com/admin). |
| 140 | +2. Select **Domain management** from the left-hand navigation. |
| 141 | +3. Select the **Actions menu** next to the user you want to enable |
| 142 | +auto-provisioning for. |
| 143 | +4. Select **Enable auto-provisioning**. |
| 144 | +5. Optional. If enabling auto-provisioning at the company level, select an |
| 145 | +organization for the user. |
| 146 | +6. Select **Enable** to confirm. |
| 147 | + |
| 148 | +The **Auto-provisioning** column will update to **Enabled**. |
| 149 | + |
| 150 | +### Disable auto-provisioning |
| 151 | + |
| 152 | +To disable auto-provisioning for a user: |
| 153 | + |
| 154 | +1. Open the [Admin Console](https://app.docker.com/admin). |
| 155 | +2. Select **Domain management** from the left-hand navigation. |
| 156 | +3. Select the **Actions menu** next to your user. |
| 157 | +4. Select **Disable auto-provisioning**. |
| 158 | +5. Select **Disable**. |
0 commit comments