auto provisioning docs

Author: sarahsanders-docker

content/manuals/security/for-admins/domain-audit.md

@@ -1,7 +1,7 @@
 ---
 description: Learn how to audit your domains for uncaptured users.
 keywords: domain audit, security, identify users, manage users
-title: Domain audit
+title: Domain management
 aliases:
 - /docker-hub/domain-audit/
 - /admin/company/settings/domains/
@@ -11,20 +11,37 @@ weight: 50
 
 {{< summary-bar feature_name="Domain audit" >}}
 
-Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
+Domain management identifies uncaptured users in an organization. Uncaptured users
+are Docker users who have authenticated to Docker using an email address
+associated with one of your verified domains, but they're not a member of your
+organization in Docker. You can audit domains on organizations that are part of
+the Docker Business subscription. To upgrade your existing account to a Docker
+Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
 
-Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings.
+Uncaptured users who access Docker Desktop in your environment may pose a
+security risk because your organization's security settings, like Image Access
+Management and Registry Access Management, aren't applied to a user's session.
+In addition, you won't have visibility into the activity of uncaptured users.
+You can add uncaptured users to your organization to gain visibility into their
+activity and apply your organization's security settings.
 
 Domain audit can't identify the following Docker users in your environment:
 
 - Users who access Docker Desktop without authenticating
-- Users who authenticate using an account that doesn't have an email address associated with one of your verified domains
+- Users who authenticate using an account that doesn't have an email address
+associated with one of your verified domains
 
-Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
+Although domain audit can't identify all Docker users in your environment, you
+can enforce sign-in to prevent unidentifiable users from accessing Docker
+Desktop in your environment. For more details about enforcing sign-in, see
+[Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
 
 > [!TIP]
 >
-> You can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](enforce-sign-in/_index.md).
+> You can use endpoint management (MDM) software to identify the number of
+Docker Desktop instances and their versions within your environment. This can
+provide accurate license reporting, help ensure your machines use the latest
+version of Docker Desktop, and enable you to [enforce sign-in](enforce-sign-in/_index.md).
 > - [Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-discovered-apps)
 > - [Jamf](https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Application_Usage.html)
 > - [Kandji](https://support.kandji.io/support/solutions/articles/72000559793-view-a-device-application-list)
@@ -35,7 +52,9 @@ Although domain audit can't identify all Docker users in your environment, you c
 
 Before you audit your domains, review the following required prerequisites:
 
-- Your organization must be part of a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../../subscription/change.md).
+- Your organization must be part of a Docker Business subscription. To upgrade
+your existing account to a Docker Business subscription, see
+[Upgrade your subscription](../../subscription/change.md).
 - You must [add and verify your domains](./single-sign-on/configure/_index.md#step-one-add-and-verify-your-domain).
 
 > [!IMPORTANT]
@@ -59,3 +78,29 @@ Before you audit your domains, review the following required prerequisites:
 {{< /tab >}}
 {{< /tabs >}}
 
+## Auto-provisioning
+
+Auto-provisioning adds users automatically to your organization.
+
+> [!IMPORTANT]
+>
+> For domains that are part of an SSO connection, Just-in-Time (JIT) overrides auto-provisioning to add users to an organization.
+
+### Enable auto-provisioning
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to your user.
+4. Select **Enable auto-provisioning**.
+5. Optional. If enabling auto-provisioning at the company level, select an organization for the user.
+6. Select **Enable** to confirm.
+
+The **Auto-provisioning** column will update to **Enabled**.
+
+### Disable auto-provisioning
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to your user.
+4. Select **Disable auto-provisioning**.
+5. Select **Disable**.