ENGDOCS-2245

Author: aevesdocker

content/guides/admin-set-up/_index.md

@@ -0,0 +1,46 @@
+---
+title: Set up your company for success with Docker
+linkTitle: Admin set up 
+summary: Get the most out of Docker by streamlining workflows, standardizing development environments, and ensuring smooth deployments across your company
+description: Learn how to onboard your company and take advantage of all of the Docker products and features. 
+levels: [intermediate]
+params:
+  featured: true
+  image: 
+  resource_links:
+    - title: Overview of Administration in Docker
+      url: /admin/
+    - title: Single sign-on
+      url: /security/for-admins/single-sign-on/
+    - title: Enforce sign-in
+      url: /security/for-admins/enforce-sign-in/
+    - title: Roles and permissions
+      url: /security/for-admins/roles-and-permissions/
+    - title: Settings Management
+      url: /security/for-admins/hardened-desktop/settings-management/
+    - title: Registry Access Management
+      url: /security/for-admins/hardened-desktop/registry-access-management/
+    - title: Image Access Management
+      url: /security/for-admins/hardened-desktop/image-access-management/
+---
+
+Docker's tools provide a scalable, secure platform that empowers your developers to create, ship, and run applications faster. As an administrator, you have the ability to streamline workflows, standardize development environments, and ensure smooth deployments across your organization.
+
+By configuring Docker products to suit your company’s needs, you can optimize performance, simplify user management, and maintain control over resources. Whether you’re managing Docker Desktop, Docker Hub, or Docker Build Cloud, this guide will help you set up and configure Docker products to maximize productivity and success for your team whilst meeting compliance and security policies
+
+## What you’ll learn
+
+- The importance of signing in to the company's Docker organization for access to usage data and enhanced functionality.
+- How to standardize Docker Desktop versions and settings to create a consistent baseline for all users, while allowing flexibility for advanced developers.
+- Strategies for implementing Docker’s security configurations to meet company IT and software development security requirements without hindering developer productivity.
+
+## Who’s this for?
+
+- Administrators responsible for managing Docker environments within their organization
+- IT leaders looking to streamline development and deployment workflows
+- Teams aiming to standardize application environments across multiple users
+- Organizations seeking to optimize their use of Docker products for greater scalability and efficiency
+
+## Tools integration
+
+Okta, Entra ID SAML 2.0, Azure Connect (OIDC), MDM solutions like Intune

content/guides/admin-set-up/comms-and-info-gathering.md

@@ -0,0 +1,27 @@
+---
+title: Communication and information gathering
+description: Gather your company's requirements from key stakeholders and communicate to your developers.
+weight: 10
+---
+
+
+Docker user communication
+You may already have Docker Desktop users in your company.  Some of the steps in this process may cause changes in how they use Docker Desktop.  It’s recommended that you send out a communication up front to the users letting them know that as part of the subscription onboarding process you will be upgrading existing Docker Desktop users to a supported version of the product, reviewing settings to help user productivity, and requiring users to sign in to the company’s Docker org with their business email so they are using the subscription.
+
+MDM team communication
+Device management solutions like Intune and Jamf are a standard way to distribute software across enterprises.  There is typically a MDM team that manages this tool.  We recommend talking with that team early in the process to understand their requirements and lead time on distributing changes.  The Docker configurations can include both JSON files and/or registry key/plist entries that will be distributed to developer machines.  It is recommended to use MDM tooling to both distribute configuration files, and ensure their contents don’t change.
+
+Identify Organizations
+Some companies may have more than one Docker organization created.  These organizations may have been created for specific purposes, or may not be needed anymore.  If you suspect your company has more than one organization, it's recommended you survey your teams to see if they have their own organizations.  You can also contact your Docker CS representative to get a list of organizations with users whose emails match your domain name.
+
+Baseline configuration discussions
+Docker offers a significant number of configuration parameters that can be preset, including enforcing sign in for Docker Desktop users.  The Docker organization owner and the development lead should review the settings to determine which of those settings to configure to create the company’s baseline configuration.  There are also settings for the free trials of other Docker products included in the subscription.  The list of configurations that can be preset is located here.
+
+Security configuration discussions
+Docker offers a number of security related features that have configuration parameters that can be preset.  The infosec representative, Docker organization owner, and the development lead should review those features to determine which they want to enable as part of the company’s baseline configuration.  The list of security related features is located here.
+
+Meet with the Docker implementation team
+The Docker Implementation Team can help you step through setting up your organization, configuring SSO, enforcing sign in, and configuring Docker.  You can reach out to set up a meeting by emailing [email protected]
+
+SSO domain verification
+The SSO process has multiple steps involving different teams, so it's recommended that the process is started right away.  The first step is domain verification.  This step ensures that the person setting up SSO actually controls the domain they are requesting.  The detailed steps to verify a domain are located here.  Your DNS team will need to be involved in this step.

content/guides/admin-set-up/deploy.md

@@ -0,0 +1,13 @@
+---
+title: Deploy 
+description: Deploy your Docker setup across your company.
+weight: 40
+---
+
+Enforce SSO
+CAUTION: This step will affect any existing users signing into your Docker organization.  Please communicate with your users and carefully read and follow the list of instructions in the admin UI before confirming this step!  Enforcing SSO means that anyone who has a Docker profile with an email address that matches your verified domain MUST log in using your SSO connection.  Make sure the Identity provider groups associated with your SSO connection cover all the developer groups that you want to have access to the Docker Subscription.
+
+Deploy configuration settings and enforce sign in to users
+CAUTION: This step will affect all existing users of Docker Desktop.  Please communicate with your users before taking this step, and ensure IT and MDM teams are ready for any unexpected issues to arise.  Have the MDM team deploy the configuration files for Docker to all users.  
+
+Congratulations, you have successfully completed the admin implementation process for Docker!  

content/guides/admin-set-up/finalize-plans-and-setup.md

@@ -0,0 +1,23 @@
+---
+title: Finalize plans and begin setup
+description:
+weight: 20
+---
+
+Create SSO Connection
+Once the domain is verified, the next step is to create the SSO connection.  This will involve your identity provider team to configure the identity groups and help set up the SSO connection.  Note that this step of creating the SSO connection will not affect the Docker Desktop user experience, and you will be able to test before enforcing SSO for all users.  The steps in the process are located here.  
+
+Finalize baseline configuration settings
+Come to agreement between your Docker organization owner and your Development lead on the settings to be configured as part of the Docker baseline.  This should include the enforce sign in configuration for your Docker organization.
+
+Manage Organizations
+If you have more than one organization, it’s recommended that you either consolidate them into one organization or use the account hierarchy feature to manage multiple organizations.  Please work with the CS and implementation teams to make this happen.
+
+Finalize security configuration settings
+Come to agreement between your Infosec representative, Docker organization owner, and Development lead on the security features/settings to be preset as part of your Docker baseline configuration.
+
+Send finalized settings files to MDM team
+Once all of the settings have been entered to the files that need to be distributed, pass the files to your MDM team to package up.  It’s highly recommended that the next step in week 3 is a test distribution to a small number of Docker Desktop users to verify the functionality works as expected.
+
+Set up free tier Docker product entitlements included in the subscription
+Set up the cloud builder for free monthly minutes in Docker Build Cloud, and up to three repositories to monitor via Docker Scout.  Please note that your free entitlements stop when your limits are exceeded so there is no fear of a surprise cost overage.  The instructions on setting up the cloud builder are located on build.docker.com and there is a video walkthrough here, and the instructions on adding a repository for scout monitoring is here for Docker Hub repositories, and here for integration to other image registries.

content/guides/admin-set-up/testing.md

@@ -0,0 +1,23 @@
+---
+title: Testing
+description: Test your Docker setup.
+weight: 30
+---
+
+Ensure supported version of Docker Desktop
+CAUTION: This step could affect the experience for users on older versions of Docker Desktop.  Existing users may have older versions of Docker Desktop that are no longer supported or are out of date.  It is highly recommended that everyone update to a supported version.  We recommend using a MDM solution to manage the version of Docker Desktop for users.  Users may also get Docker Desktop directly from Docker or through a company software portal.  In any of these cases it's important that the users are upgraded to a supported Docker Desktop version.
+
+SSO and SCIM testing
+If you want to use SCIM for further automation of provisioning and deprovisioning of users, there are some additional configurations required by your identity provider team.  Please see here for a list of settings.  Once all of the configuration is done, it is time for testing of the SSO connection, group mapping, provisioning, and SCIM (if configured).  SSO testing can be done by logging into Docker Desktop or Docker Hub with the email address associated with a Docker account that also belongs to the domain that was verified.  Users that log in using their Docker usernames will continue to be unaffected by the SSO/SCIM setup. NOTE: Some users may need CLI based logins to Docker Hub, and for this they will need a personal access token (PAT).  Please see here for more details. 
+
+Test Registry/Image Access Management
+CAUTION: This step will affect any existing users signing into your Docker organization.  Please communicate with your users before completing this step.  If you are planning to use Registry Access Management (RAM) and/or Image Access Management (IAM), configure the settings in the Docker admin portal.  Please see here for RAM details, and here for the video walkthrough.  Please see here for the IAM details, and here for the video walkthrough.
+
+Deploy settings and enforce sign in to test group
+Deploy the Docker settings and enforce sign in to a small group of test users via MDM.  Have this group test their developer workflows with containers using Docker Desktop and Hub to confirm all settings and enforce sign in are working as expected.  
+
+Test Build Cloud capabilities
+Have one of your Docker Desktop testers connect to the cloud builder you created and do a build.  See here for more details.
+
+Verify Scout monitoring of repositories
+Check the scout.docker.com portal to verify the data and trending for the repositories enabled.