review, fix UI steps

sarahsanders-docker · sarahsanders-docker · commit b5eda00c4b43 · 2025-06-11T11:32:54.000-04:00
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -13,7 +13,7 @@
   "no-space-in-code": true,
   "no-space-in-links": true,
   "no-empty-links": true,
-  "ol-prefix": {"style": "ordered"},
+  "ol-prefix": {"style": "one_or_ordered"},
   "no-reversed-links": true,
   "reference-links-images": {
     "shortcut_syntax": false
diff --git a/content/manuals/security/_index.md b/content/manuals/security/_index.md
@@ -31,10 +31,18 @@ grid_admins:
   description: Configure sign-in for members of your teams and organizations.
   link: /security/for-admins/enforce-sign-in/
   icon: passkey
+- title: Domain management
+  description: Learn how to manage domains and users in the Admin Console.
+  link: /security/for-admins/domain-management/
+  icon: domain_verification
 - title: Domain audit
   description: Identify uncaptured users in your organization.
   link: /security/for-admins/domain-audit/
   icon: person_search
+- title: Manage unassociated machines
+  description: Learn how to manage unassociated machines using the Docker Admin Console.
+  link: /security/for-admins/unassociated-machines/
+  icon: desktop_windows
 - title: Docker Scout
   description: Explore how Docker Scout can help you create a more secure software supply chain.
   icon: query_stats
diff --git a/content/manuals/security/for-admins/unassociated-machines.md b/content/manuals/security/for-admins/unassociated-machines.md
@@ -46,8 +46,8 @@ The Insights dashboard shows high-level metrics for both associated and
 unassociated machines:
 
 1. Navigate to your organization in Docker Hub.
-2. Go to the Insights tab.
-3. View the summary of:
+1. Go to the Insights tab.
+1. View the summary of:
 	- Total active users (associated + unassociated)
 	- Associated organization members
 	- Unassociated machines detected
@@ -59,81 +59,147 @@ sign-in enforcement for your organization.
 
 For more information, see [Insights](/manuals/admin/organization/insights.md).
 
-### In the machines management view
+### In the Admin Console
 
 To see detailed information about unassociated machines:
 
-1. Navigate to your organization in Docker Hub.
-2. Go to Settings > General.
-3. Select Unassociated machines.
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
 
 The machine list displays:
 
 - Machine ID (Docker-generated identifier)
 - Registry addresses accessed (when available)
-- Last activity date
+- User email
 - Docker Desktop version
-- User email (after sign-in enforcement)
+- Last activity date
+- Sign-in enforced status
 
 You can:
 
 - Export the list as CSV
-- Filter and sort machines by activity
 - Take actions on individual or multiple machines
 
-## Manage unassociated machines
+## Add unassociated machines to your organization
+
+You can add unassociated machines by:
+- [Auto-provisiong](/manuals/security/for-admins/domain-management.md#auto-provisioning)
+- [SSO user provisioning](/manuals/security/for-admins/provisioning/_index.md)
+- [Manually adding them](#add-unassociated-machines-to-your-organization)
+
+> [!NOTE]
+>
+> If you add users and do not have enough seats in your organization, a
+pop-up will appear prompting you to **Get more seats**.
+
+### Add individual users
+
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Locate the machine you want to add to your organization.
+1. Select the **Actions** menu and choose **Add to organization**.
+1. In the pop-up modal, select **Add user**.
+
+### Bulk add users
+
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Use the **checkboxes** to select the machines you want to add to your
+organizations.
+1. Select the **Add to organization** button.
+1. In the pop-up modal, select **Add users** to confirm.
+
+## Enable sign-in enforcement
 
-### Enable sign-in enforcement
+### Enable for all unassociated machines
 
-You can require users to sign in to Docker Desktop.
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Turn on the **Require sign-in** toggle.
+1. In the pop-up modal, select **Require sign-in** to confirm.
 
-For all unassociated machines:
+The **Sign-in required** status will update for all unassociated machines to
+**Yes**.
 
-1. In your organization settings, go to Unassociated machines.
-2. Select Enforce sign-in for all machines.
-3. Confirm the action.
+> [!NOTE]
+>
+> Sign-in enforcement requires Docker Desktop version 4.37 or later. If you
+enable enforcement for a user with an older version, their status shows
+as **Pending** until they update Docker Desktop.
+
+### Enable for individual unassociated machines
+
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Locate the machine you want to enable sign-in enforcement for.
+1. Select the **Actions** menu and choose **Turn on sign-in enforcement**.
+1. In the pop-up modal, select **Require sign-in** to confirm.
+
+The **Sign-in required** status will update for the individual machine to
+**Yes**.
+
+> [!NOTE]
+>
+> Sign-in enforcement works with Docker Desktop versions 4.37 and later. If you
+enable sign-in enforcement for a user using an older version of Docker Desktop,
+their **Sign-in required** status will display as **Pending**.
+
+## Disable sign-in enforcement
 
-For specific machines:
+### Disable for all unassociated machines
 
-1. In the unassociated machines list, select individual machines.
-2. Choose Require sign-in from the actions menu.
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Turn off the **Require sign-in** toggle.
+1. In the pop-up modal, select **Turn off sign-in** to confirm.
 
-### Manually add users
+The **Sign-in required** status will update for all unassociated machines to
+**No**.
 
-To manually add users:
+### Disable for specific unassociated machines
 
-1. Go to Settings > General > Unassociated machines.
-2. Review users who have signed in (identified by email addresses).
-3. Select users to add to your organization.
-4. Choose Add to organization.
+1. Sign in to the [Admin Console](https://app.docker.com/admin) and select
+your organization.
+1. In **User management**, select **Unassociated**.
+1. Locate the machine you want to disable sign-in enforcement for.
+1. Select the **Actions** menu and choose **Turn off sign-in enforcement**.
+1. In the pop-up modal, select **Turn off sign-in** to confirm.
 
-## User experience
+The **Sign-in required** status will update for the individual machine to
+**No**.
 
-Sign in enforcement only take effect after a Docker Desktop restart. The
-following sections outline the user experience after sign in is enforced
-and Docker Desktop restarted.
+## Developer experience
+
+Sign in enforcement only takes effect after a Docker Desktop restart. The
+following sections outline the developer experience after sign in is enforced
+and Docker Desktop is restarted.
 
 ### First time sign in on enforced machine
 
-When a user opens Docker Desktop on an enforced machine:
+When a user opens Docker Desktop on an enforced machine, they see a sign-in
+prompt explaining that their organization requires authentication. After
+signing in, users can continue using Docker Desktop immediately.
 
-1. They see a customizable prompt explaining that their organization requires
-sign-in.
-2. The prompt includes information that their email will be shared with
-organization administrators.
-3. Users can continue using Docker Desktop immediately after signing in.
-4. Users are not blocked based on license availability.
+> [!NOTE]
+>
+> Sign-in enforcement only takes effect after Docker Desktop is restarted.
 
 ### After sign in
 
 Once users sign in to enforced machines:
 
 - With verified domains and auto-provisioning enabled: Users are automatically
-added to your organization.
-	- For more information on verifying a domain and enabling auto-provisioning,
-    see [Domain management](/manuals/security/for-admins/domain-management.md).
+added to your organization. For more information on verifying a domain and
+enabling auto-provisioning, see [Domain management](/manuals/security/for-admins/domain-management.md).
 - Without auto-provisioning: User emails appear in your the machines management
-view for manual review and addition.
+view for manual review and addition. To add a user to your organization,
+see [Add unassociated machines to your organization](#add-unassociated-machines-to-your-organization).
 
 ## Troubleshooting
 
diff --git a/content/manuals/security/troubleshoot/troubleshoot-unassociated-machines.md b/content/manuals/security/troubleshoot/troubleshoot-unassociated-machines.md
@@ -58,16 +58,16 @@ sign-in enforcement
 ### Solution
 
 1. Verify the user is running Docker Desktop version 4.37 or later.
-2. If not, update to the latest version.
-3. Ensure network access to Docker's authentication services:
+1. If not, have the user update to the latest version.
+1. Ensure the user has network access to Docker's authentication services:
     - https://login.docker.com
     - https://auth.docker.io
-4. Confirm the user is signing in with their work email address.
+1. Confirm the user is signing in with their work email address.
 
 If issues persist, temporarily disable enforcement for that specific machine
 while troubleshooting.
 
-## Machine remains in unassociated list after user signs in
+## Machine is in unassociated list after user signs in
 
 ### Possible causes
 
@@ -82,18 +82,19 @@ while troubleshooting.
 
 ### Solution
 
-Recommended solution:
+**Recommended solution**:
 
-1. Check if the user appears in your organization's member list
-2. If not visible, go to Settings > General > Unassociated machines
-3. Look for the machine showing an email address
-4. Select the machine and choose Add to organization
+1. In the [Admin Console](https://app.docker.com/admin), navigate to **User management** > **Members**
+and check if the user appears in your organization's member list.
+1. If not visible, go to **User management** > **Unassociated**.
+1. Look for the machine and verify the email address.
+1. Select the **Actions** menu and select **Add to organization**.
 
-Alternative solution:
+**Alternative solution**:
 
-1. Enable auto-provisioning for your verified domains
-2. Ask the user to sign in again with their work email address
-3. The user will be automatically added to your organization
+1. Enable [auto-provisioning](/manuals/security/for-admins/domain-management.md#auto-provisioning) for your verified domains.
+2. Ask the user to sign in again with their work email address.
+3. The user will be automatically added to your organization.
 
 ## Unassociated machines count seems inaccurate
 
@@ -113,16 +114,17 @@ Alternative solution:
 
 Review the machine list to identify patterns:
 
-- Multiple recent activities from the same machine ID may indicate sharing
-- Consider the registry access patterns shown in the details
-- For shared machines, enforce sign-in and add users as they authenticate
+- Multiple recent activities from the same machine ID may indicate sharing.
+- Consider the registry access patterns show in the **Unassociated** page of
+the Admin Console.
+- For shared machines, enforce sign-in and add users as they authenticate.
 - For air-gapped environments, consider implementing centralized Docker Desktop
-configuration
+configuration.
 
 > [!NOTE]
 >
 > Docker achieves approximately 97% accuracy in machine identification.
-A ~3% variance is expected and normal."
+A ~3% variance is expected and normal.
 
 ## Sign-in enforcement not working for some machines
 
@@ -132,26 +134,22 @@ A ~3% variance is expected and normal."
 - Users haven't restarted Docker Desktop since enforcement was enabled
 - Network issues preventing the enforcement check
 
-### Affected environments
-
-- Docker Desktop versions before 4.37
-- All operating systems
-
 ### Steps to replicate
 
-1. Enable sign-in enforcement for a machine
-2. User opens Docker Desktop
-
-- Expected result: Sign-in prompt appears
-- Actual result: No prompt, Docker Desktop works normally
+1. Enable sign-in enforcement for a machine.
+1. User opens Docker Desktop.
+1. View the result:
+    - Expected result: Sign-in prompt appears
+    - Actual result: No prompt, Docker Desktop works normally
 
 ### Solution
 
-1. Verify the machine is running Docker Desktop 4.37 or later
-2. Ask the user to restart Docker Desktop completely
-3. Check that the machine ID matches the one in your enforcement list
-4. If the issue persists, disable and re-enable enforcement for that specific
-machine
+1. Verify the machine is running Docker Desktop 4.37 or later. If not,
+have the user upgrade to the latest version.
+1. Ask the user to restart Docker Desktop completely.
+1. Check that the machine ID matches the one in your enforcement list.
+1. If the issue persists, disable and re-enable enforcement for that specific
+machine.
 
 ## Auto-provisioning not working after sign-in enforcement
 
@@ -168,19 +166,20 @@ machine
 
 ### Solution
 
-Recommended solution:
+**Recommended solution**:
 
 Verify domain auto-provisioning is enabled:
 
-1. Go to Settings > Security > Domain management
-2. Ensure the user's email domain is verified and auto-provisioning is enabled
+1. In the [Admin Console](https://app.docker.com/admin), select **Domain management**
+and confirm auto-provisioning is enabled.
+1. Ensure the user's email domain is associated with your verified domain.
 
 Check organization seat usage:
 
-1. If at capacity, purchase additional seats or remove inactive users
-2. Manually add the user if auto-provisioning cannot be enabled
+1. If at capacity, purchase additional seats or remove inactive users.
+1. Manually add the user if you can't enable auto-provisioning.
 
-Alternative solution:
+**Alternative solution**:
 
-1. Set up Single Sign-On (SSO) for automatic user provisioning
-2. Enable Just-in-Time (JIT) provisioning through your SSO configuration
+1. Set up [Single Sign-On (SSO)](/manuals/security/for-admins/single-sign-on/_index.md).
+1. Enable [Just-in-Time (JIT)](/manuals/security/for-admins/provisioning/just-in-time.md) provisioning through your SSO configuration.
diff --git a/data/summary.yaml b/data/summary.yaml
@@ -230,6 +230,10 @@ SSO:
   for: Administrators
 Synchronized file sharing:
   subscription: [Pro, Team, Business]
+Unassociated machines:
+  subscription: [Business]
+  for: Administrators
+  requires: Docker Desktop [4.37](/manuals/desktop/release-notes.md) and later
 USB/IP support:
   requires: Docker Desktop [4.35.0](/manuals/desktop/release-notes.md#4350) and later
   for: Docker Desktop for Mac, Linux, and Windows with the Hyper-V backend
