You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/manuals/security/faqs/general.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,13 +31,12 @@ You can configure this through SSO using your IdP. Check with your IdP if they s
31
31
32
32
### How are sessions managed and do they expire?
33
33
34
-
Docker uses tokens to manage sessions after a user signs in:
34
+
By default, Docker uses tokens to manage sessions after a user signs in:
35
35
36
36
- Docker Desktop signs you out after 90 days, or 30 days of inactivity.
37
37
- Docker Hub and Docker Home sign you out after 24 hours.
38
38
39
-
Custom settings per organization for sessions aren't supported. Currently,
40
-
Docker does not support your IdP's default session timeout for SSO users.
39
+
Docker also supports your IdP's default session timeout. You can configure this by setting a Docker session minutes SAML attribute. For more information, see [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes).
41
40
42
41
### How does Docker attribute downloads to us and what data is used to classify or verify the user is part of our organization?
Copy file name to clipboardExpand all lines: content/manuals/security/faqs/single-sign-on/faqs.md
+2-7Lines changed: 2 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,10 +65,5 @@ No. There are no specific firewall rules required for configuring SSO, as long a
65
65
66
66
### Does Docker use my IdP's default session timeout?
67
67
68
-
No. Currently, Docker does not support your IdP's default session timeout for
69
-
SSO users.
70
-
71
-
Docker's default user session timeouts are as follows:
72
-
73
-
- Docker Desktop signs you out after 90 days, or 30 days of inactivity.
74
-
- Docker Hub and Docker Home sign you out after 24 hours.
68
+
Yes, Docker supports your IdP's default session timeout using a custom SAML attribute.
69
+
Instead of relying on the standard `SessionNotOnOrAfter` element from the SAML spec, Docker uses a custom `dockerSessionMinutes` attribute to control session duration. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for more information.
Copy file name to clipboardExpand all lines: content/manuals/security/for-admins/provisioning/_index.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,6 +38,10 @@ When a user signs in through SSO, Docker obtains several attributes from your Id
38
38
-**Docker Org**: Optional. Specifies the organization the user belongs to
39
39
-**Docker Team**: Optional. Defines the team the user belongs to within the organization
40
40
-**Docker Role**: Optional. Determines the user's permission within Docker
41
+
-**Docker session minutes**: Optional. Sets the duration of a user’s session before they must re-authenticate with their identity provider (IdP). The value must be a positive integer greater than 0.
42
+
If this is attribute is not provided, by default:
43
+
- Docker Desktop signs you out after 90 days, or 30 days of inactivity.
44
+
- Docker Hub and Docker Home sign you out after 24 hours.
41
45
42
46
If your organization uses SAML for SSO, Docker retrieves these attributes from the SAML assertion message. Keep in mind that different IdPs may use different names for these attributes. The following reference table outlines possible SAML attributes used by Docker:
43
47
@@ -49,6 +53,7 @@ If your organization uses SAML for SSO, Docker retrieves these attributes from t
49
53
| Docker Org (optional) |`dockerOrg`|
50
54
| Docker Team (optional) |`dockerTeam`|
51
55
| Docker Role (optional) |`dockerRole`|
56
+
| Docker session minutes (optional) |`dockerSessionMinutes`, must be a positive integer > 0 |
Copy file name to clipboardExpand all lines: content/manuals/security/for-admins/single-sign-on/connect.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -78,9 +78,10 @@ The user interface for your IdP may differ slightly from the following steps. Re
78
78
- Name ID format: `EmailAddress`
79
79
- Application username: `Email`
80
80
- Update application on: `Create and update`
81
-
11. Select **Next**.
82
-
12. Select the **This is an internal app that we have created** checkbox.
83
-
13. Select **Finish**.
81
+
11. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
82
+
12. Select **Next**.
83
+
13. Select the **This is an internal app that we have created** checkbox.
84
+
14. Select **Finish**.
84
85
85
86
{{< /tab >}}
86
87
{{< tab name="Entra ID SAML 2.0" >}}
@@ -94,8 +95,9 @@ The user interface for your IdP may differ slightly from the following steps. Re
94
95
7. Enter the following values from Docker into their corresponding Azure fields:
95
96
- Docker Entity ID: **Identifier**
96
97
- Docker ACS URL: **Reply URL**
97
-
8. Save configuration.
98
-
9. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
98
+
8. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
99
+
9. Save configuration.
100
+
10. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
0 commit comments