Skip to content

security: move domain audit #23064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 10, 2025
Merged

security: move domain audit #23064

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3b64c71
security: move domain audit
sarahsanders-docker Jul 10, 2025
14f9018
Update content/manuals/security/for-admins/domain-management.md
sarahsanders-docker Jul 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions content/manuals/security/for-admins/domain-management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,48 @@
**Delete domain**.
1. To confirm, select **Delete domain** in the pop-up modal.

## Audit domains

{{< summary-bar feature_name="Domain audit" >}}

The domain audit feature identifies uncapture users in an organization.

Check failure on line 110 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'uncapture'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'uncapture'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 110, "column": 37}}}, "severity": "ERROR"}
Uncaptured users are Docker users who have authenticated to Docker

Check failure on line 111 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'Uncaptured'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'Uncaptured'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 111, "column": 1}}}, "severity": "ERROR"}
using an email address associated with one of your verified domains,
but they're not a member of your Docker organization.

### Known limitations

Domain audit can't identify the following Docker users:

- Users who access Docker Desktop without authenticating
- Users who authenticate using an account that doesn't have an
email address associated with one of your verified domains.

Although domain audit can't identify all Docker users,
you can enforce sign-in to prevent unidentifiable users from accessing
Docker Desktop in your environment. For more information,
see [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in.md).

### Audit your domain for uncaptured users

Check failure on line 128 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'uncaptured'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'uncaptured'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 128, "column": 27}}}, "severity": "ERROR"}

1. Sign in to [Docker Home](https://app.docker.com) and choose your
company.
1. Select **Admin Console**, then **Domain management**.
1. In **Domain audit**, select **Export Users** to export a CSV file
of uncaptured users.

Check failure on line 134 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'uncaptured'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'uncaptured'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 134, "column": 4}}}, "severity": "ERROR"}

The CSV file contains the following columns:

- Name: Name of the Docker user
- Username: Docker ID of the Docker user
- Email: Email address of the Docker user

### Invite uncaptured users

Check failure on line 142 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'uncaptured'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'uncaptured'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 142, "column": 12}}}, "severity": "ERROR"}

You can invite all unacptured users to your organization using the exported

Check failure on line 144 in content/manuals/security/for-admins/domain-management.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'unacptured'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'unacptured'?", "location": {"path": "content/manuals/security/for-admins/domain-management.md", "range": {"start": {"line": 144, "column": 20}}}, "severity": "ERROR"}
CSV file. For more information on bulk inviting users, see
[Manage organization members](/manuals/admin/organization/members.md).

## Auto-provisioning

You must add and verify a domain before enabling auto-provisioning. This
Expand Down
3 changes: 3 additions & 0 deletions data/summary.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,9 @@ Docker Scout Mount Permissions:
Domain management:
subscription: [Business]
for: Administrators
Domain audit:
subscription: [Business]
for: Administrators
Enforce sign-in:
subscription: [Team, Business]
for: Administrators
Expand Down