diff --git a/content/manuals/security/for-admins/domain-audit.md b/content/manuals/security/for-admins/domain-audit.md
index ac9f13b920d5..4aa606189945 100644
--- a/content/manuals/security/for-admins/domain-audit.md
+++ b/content/manuals/security/for-admins/domain-audit.md
@@ -1,7 +1,7 @@
 ---
 description: Learn how to audit your domains for uncaptured users.
 keywords: domain audit, security, identify users, manage users
-title: Domain audit
+title: Domain management
 aliases:
 - /docker-hub/domain-audit/
 - /admin/company/settings/domains/
@@ -11,20 +11,39 @@ weight: 50
 
 {{< summary-bar feature_name="Domain audit" >}}
 
-Domain audit identifies uncaptured users in an organization. Uncaptured users are Docker users who have authenticated to Docker using an email address associated with one of your verified domains, but they're not a member of your organization in Docker. You can audit domains on organizations that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](/subscription/upgrade/).
+Domain management identifies uncaptured users in an organization. Uncaptured
+users are Docker users who have logged into Docker using an email address
+associated with one of your verified domains, but are not a member of your
+organization in Docker. To manage your organization, domain management allows
+you to:
 
-Uncaptured users who access Docker Desktop in your environment may pose a security risk because your organization's security settings, like Image Access Management and Registry Access Management, aren't applied to a user's session. In addition, you won't have visibility into the activity of uncaptured users. You can add uncaptured users to your organization to gain visibility into their activity and apply your organization's security settings.
+- Audit domains for uncaptured users
+- Auto-provision users to an organization
+
+Uncaptured users who access Docker Desktop may pose a security risk because
+your organization's security settings, like Image Access
+Management and Registry Access Management, aren't applied to a user's session.
+In addition, you won't have visibility into the activity of uncaptured users.
+You can add uncaptured users to your organization to gain visibility into their
+activity and apply your organization's security settings.
 
 Domain audit can't identify the following Docker users in your environment:
 
 - Users who access Docker Desktop without authenticating
-- Users who authenticate using an account that doesn't have an email address associated with one of your verified domains
+- Users who authenticate using an account that doesn't have an email address
+associated with one of your verified domains
 
-Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
+Although domain audit can't identify all Docker users in your environment, you
+can enforce sign-in to prevent unidentifiable users from accessing Docker
+Desktop in your environment. For more details about enforcing sign-in, see
+[Enforce sign-in for Docker Desktop](../for-admins/enforce-sign-in/_index.md).
 
 > [!TIP]
 >
-> You can use endpoint management (MDM) software to identify the number of Docker Desktop instances and their versions within your environment. This can provide accurate license reporting, help ensure your machines use the latest version of Docker Desktop, and enable you to [enforce sign-in](enforce-sign-in/_index.md).
+> You can use endpoint management (MDM) software to identify the number of
+Docker Desktop instances and their versions within your environment. This can
+provide accurate license reporting, help ensure your machines use the latest
+version of Docker Desktop, and enable you to [enforce sign-in](enforce-sign-in/_index.md).
 > - [Intune](https://learn.microsoft.com/en-us/mem/intune/apps/app-discovered-apps)
 > - [Jamf](https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Application_Usage.html)
 > - [Kandji](https://support.kandji.io/support/solutions/articles/72000559793-view-a-device-application-list)
@@ -33,9 +52,11 @@ Although domain audit can't identify all Docker users in your environment, you c
 
 ## Prerequisites
 
-Before you audit your domains, review the following required prerequisites:
+Before managing domains, review the following required prerequisites:
 
-- Your organization must be part of a Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../../subscription/change.md).
+- Your organization must be part of a Docker Business subscription. To upgrade
+your existing account to a Docker Business subscription, see
+[Upgrade your subscription](../../subscription/change.md).
 - You must [add and verify your domains](./single-sign-on/configure/_index.md#step-one-add-and-verify-your-domain).
 
 > [!IMPORTANT]
@@ -59,3 +80,38 @@ Before you audit your domains, review the following required prerequisites:
 {{< /tab >}}
 {{< /tabs >}}
 
+## Auto-provisioning
+
+Auto-provisioning adds users to your organization when they sign in with an
+email address that matches a verified domain. This relies on domain
+verification, which confirms that your organization controls the domain. Once
+a domain is verified, Docker can automatically associate matching users with
+your organization. For more information on verifying a domain, see
+[Verify your domain](/manuals/security/for-admins/single-sign-on/configure.md#step-two-verify-your-domain).
+
+This simplifies user management, helps apply organization-level security
+settings consistently, and reduces the risk of uncaptured users accessing
+Docker services without visibility or controls.
+
+> [!IMPORTANT]
+>
+> For domains that are part of an SSO connection, Just-in-Time (JIT) overrides auto-provisioning to add users to an organization.
+
+### Enable auto-provisioning
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to your user.
+4. Select **Enable auto-provisioning**.
+5. Optional. If enabling auto-provisioning at the company level, select an organization for the user.
+6. Select **Enable** to confirm.
+
+The **Auto-provisioning** column will update to **Enabled**.
+
+### Disable auto-provisioning
+
+1. Open the [Admin Console](https://app.docker.com/admin).
+2. Select **Domain management** from the left-hand navigation.
+3. Select the **Actions menu** next to your user.
+4. Select **Disable auto-provisioning**.
+5. Select **Disable**.
\ No newline at end of file