From 3265c894d521e5389e938eff26d64b31de22aa87 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 16 Jul 2025 17:10:14 -0400 Subject: [PATCH 1/7] add unassociated machines docs --- content/manuals/unassociated-machines.md | 208 +++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100644 content/manuals/unassociated-machines.md diff --git a/content/manuals/unassociated-machines.md b/content/manuals/unassociated-machines.md new file mode 100644 index 000000000000..a14444df9087 --- /dev/null +++ b/content/manuals/unassociated-machines.md @@ -0,0 +1,208 @@ +--- +title: Manage unassociated machines +description: Learn how to manage unassociated machines using the Docker Admin Console +keywords: unassociated machines, insights, manage users, enforce sign-in +sitemap: false +params: + sidebar: + group: Platform +--- + +{{< summary-bar feature_name="Unassociated machines" >}} + +Docker administrators can identify, view, and manage Docker Desktop machines +that are likely associated with their organization but aren't currently linked +to user accounts. This self-service capability helps you understand Docker +Desktop usage across your organization and streamline user onboarding without +IT involvement. + +## Prerequisites + +- Docker Business subscription +- Organization owner access to your Docker organization + +## About unassociated machines + +Unassociated machines are Docker Desktop instances that Docker has identified +as likely belonging to your organization based on usage patterns, but the users +are not signed in to Docker Desktop with an account that is part of your +organization. + +## How Docker identifies unassociated machines + +Docker uses telemetry data to identify which machines likely belong to your +organization: + +- Domain matching: Users signed in with email domains associated with your +organization +- Registry patterns: Analysis of container registry access patterns that +indicate organizational usage + +## View unassociated machines + +To see detailed information about unassociated machines: + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. + +The machine list displays: + +- Machine ID (Docker-generated identifier) +- The registry address used to predict whether a user is part of your +organization +- User email (only displays if the user is signed into Docker Desktop while +using it) +- Docker Desktop version +- Operating system (OS) +- Last activity date +- Sign-in enforced status + +You can: + +- Export the list as CSV +- Take actions on individual or multiple machines + +## Enable sign-in enforcement for unassociated machines + +> [!NOTE] +> +> Sign-in enforcement for unassociated machines is different from +the [organization-level sign-in enforcement](/security/for-admins/enforce-sign-in/) +available through `registry.json` and configuration profiles. This sign-in +enforcement only requires users to sign in so admins can identify who is +using the machine, meaning users can sign in with any email address. For more +stringent security controls that limit sign-ins to users who are already part +of your organization, see [Enforce sign-in](/security/for-admins/enforce-sign-in/). + +Sign-in enforcement helps you identify who is using unassociated machines in +your organization. When you enable enforcement, users on these machines will +be required to sign in to Docker Desktop. Once they sign in, their email +addresses will appear in the Unassociated list, allowing you to then add them +to your organization. + +> [!IMPORTANT] +> +> Sign-in enforcement only takes effect after Docker Desktop is restarted. +Users can continue using Docker Desktop until their next restart. + +### Enable for all unassociated machines + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Turn on the **Enforce sign-in** toggle. +1. In the pop-up modal, select **Require sign-in** to confirm. + +The **Sign-in required** status will update for all unassociated machines to +**Yes**. + +> [!NOTE] +> +> When you enable sign-in enforcement for all unassociated machines, any new +machines detected in the future will automatically have sign-in enforcement +enabled. Sign-in enforcement requires Docker Desktop version 4.41 or later. +Users with older versions will not be prompted to sign in and can continue +using Docker Desktop normally until they update. Their status shows +as **Pending** until they update to version 4.41 or later. + +### Enable for individual unassociated machines + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Locate the machine you want to enable sign-in enforcement for. +1. Select the **Actions** menu and choose **Turn on sign-in enforcement**. +1. In the pop-up modal, select **Require sign-in** to confirm. + +The **Sign-in required** status will update for the individual machine to +**Yes**. + +> [!NOTE] +> +> Sign-in enforcement requires Docker Desktop version 4.41 or later. Users +with older versions will not be prompted to sign in and can continue using +Docker Desktop normally until they update. Their status shows as **Pending** +until they update to version 4.41 or later. + +### What happens when users sign in + +After you enable sign-in enforcement: + +1. Users must restart Docker Desktop. Enforcement only takes effect after +restart. +1. When users open Docker Desktop, they see a sign-in prompt. They must sign +in to continue using Docker Desktop. +1. User email addresses appear in the **Unassociated** list. +1. You can add users to your organization. + +Users can continue using Docker Desktop immediately after signing in, even +before being added to your organization. + +## Add unassociated machines to your organization + +When users in your organization use Docker without signing in, their machines +appear in the **Unassociated** list. You can add these users to your +organization in two ways: + +- Automatic addition: + - Auto-provisioning: If you have verified domains with auto-provisioning + enabled, users who sign in with a matching email domain will automatically + be added to your organization. For more information on verifying domains and + auto-provisioning, see [Domain management](/manuals/security/for-admins/domain-management.md). + - SSO user provisioning: If you have SSO configured with + [Just-in-Time provisioning](/manuals/security/for-admins/provisioning/just-in-time.md), + users who sign in through your SSO connection will automatically be added + to your organization. +- Manual addition: If you don't have auto-provisioning or SSO set up, or if a +user's email domain doesn't match your configured domains, their email will +appear in the **Unassociated** list where you can choose to add them directly. + +> [!NOTE] +> +> If you add users and do not have enough seats in your organization, a +pop-up will appear prompting you to **Get more seats**. + +### Add individual users + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Locate the machine you want to add to your organization. +1. Select the **Actions** menu and choose **Add to organization**. +1. In the pop-up modal, select **Add user**. + +### Bulk add users + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Use the **checkboxes** to select the machines you want to add to your +organizations. +1. Select the **Add to organization** button. +1. In the pop-up modal, select **Add users** to confirm. + +## Disable sign-in enforcement + +### Disable for all unassociated machines + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Turn off the **Enforce sign-in** toggle. +1. In the pop-up modal, select **Turn off sign-in requirement** to confirm. + +The **Sign-in required** status will update for all unassociated machines to +**No**. + +### Disable for specific unassociated machines + +1. Sign in to the [Admin Console](https://app.docker.com/admin) and select +your organization. +1. In **User management**, select **Unassociated**. +1. Locate the machine you want to disable sign-in enforcement for. +1. Select the **Actions** menu and choose **Turn off sign-in enforcement**. +1. In the pop-up modal, select **Turn off sign-in requirement** to confirm. + +The **Sign-in required** status will update for the individual machine to +**No**. From 62e5ce10b4b5632888525d6b15c2913aee5831df Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 16 Jul 2025 17:30:18 -0400 Subject: [PATCH 2/7] fix links --- content/manuals/unassociated-machines.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/content/manuals/unassociated-machines.md b/content/manuals/unassociated-machines.md index a14444df9087..a8162cfe0738 100644 --- a/content/manuals/unassociated-machines.md +++ b/content/manuals/unassociated-machines.md @@ -8,8 +8,6 @@ params: group: Platform --- -{{< summary-bar feature_name="Unassociated machines" >}} - Docker administrators can identify, view, and manage Docker Desktop machines that are likely associated with their organization but aren't currently linked to user accounts. This self-service capability helps you understand Docker @@ -68,12 +66,12 @@ You can: > [!NOTE] > > Sign-in enforcement for unassociated machines is different from -the [organization-level sign-in enforcement](/security/for-admins/enforce-sign-in/) +the [organization-level sign-in enforcement](/enterprise/security/enforce-sign-in/) available through `registry.json` and configuration profiles. This sign-in enforcement only requires users to sign in so admins can identify who is using the machine, meaning users can sign in with any email address. For more stringent security controls that limit sign-ins to users who are already part -of your organization, see [Enforce sign-in](/security/for-admins/enforce-sign-in/). +of your organization, see [Enforce sign-in](/enterprise/security/enforce-sign-in/). Sign-in enforcement helps you identify who is using unassociated machines in your organization. When you enable enforcement, users on these machines will @@ -149,9 +147,9 @@ organization in two ways: - Auto-provisioning: If you have verified domains with auto-provisioning enabled, users who sign in with a matching email domain will automatically be added to your organization. For more information on verifying domains and - auto-provisioning, see [Domain management](/manuals/security/for-admins/domain-management.md). + auto-provisioning, see [Domain management](/manuals/enterprise/security/domain-management.md). - SSO user provisioning: If you have SSO configured with - [Just-in-Time provisioning](/manuals/security/for-admins/provisioning/just-in-time.md), + [Just-in-Time provisioning](/manuals/enterprise/security/provisioning/just-in-time.md), users who sign in through your SSO connection will automatically be added to your organization. - Manual addition: If you don't have auto-provisioning or SSO set up, or if a From 74160849805cadd298ae98c566767be23708a740 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 16 Jul 2025 17:32:49 -0400 Subject: [PATCH 3/7] add private feature tag --- content/manuals/unassociated-machines.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/manuals/unassociated-machines.md b/content/manuals/unassociated-machines.md index a8162cfe0738..b3a6779be7d7 100644 --- a/content/manuals/unassociated-machines.md +++ b/content/manuals/unassociated-machines.md @@ -5,9 +5,14 @@ keywords: unassociated machines, insights, manage users, enforce sign-in sitemap: false params: sidebar: - group: Platform + group: Enterprise --- +{{% restricted title="About unassociated machines" %}} +Unassociated machines is a private feature. Your Docker +Account Executive must enable the feature for you. +{{% /restricted %}} + Docker administrators can identify, view, and manage Docker Desktop machines that are likely associated with their organization but aren't currently linked to user accounts. This self-service capability helps you understand Docker From ddf9d7ffe4ec052908f4dd38525186f7fdfab09e Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 16 Jul 2025 17:34:05 -0400 Subject: [PATCH 4/7] change file structure --- .../_index.md.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename content/manuals/{unassociated-machines.md => unassociated-machines/_index.md.md} (100%) diff --git a/content/manuals/unassociated-machines.md b/content/manuals/unassociated-machines/_index.md.md similarity index 100% rename from content/manuals/unassociated-machines.md rename to content/manuals/unassociated-machines/_index.md.md From b099b662a901d25fc229b1f7b0bfdc067236dbda Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Wed, 16 Jul 2025 17:36:59 -0400 Subject: [PATCH 5/7] fix file name --- content/manuals/unassociated-machines/{_index.md.md => _index.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename content/manuals/unassociated-machines/{_index.md.md => _index.md} (100%) diff --git a/content/manuals/unassociated-machines/_index.md.md b/content/manuals/unassociated-machines/_index.md similarity index 100% rename from content/manuals/unassociated-machines/_index.md.md rename to content/manuals/unassociated-machines/_index.md From a05803b38fae96896b67258a7738f18c28633145 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Thu, 17 Jul 2025 09:35:19 -0400 Subject: [PATCH 6/7] unlist attributes --- content/manuals/unassociated-machines/_index.md | 2 ++ layouts/index.robots.txt | 1 + 2 files changed, 3 insertions(+) diff --git a/content/manuals/unassociated-machines/_index.md b/content/manuals/unassociated-machines/_index.md index b3a6779be7d7..fa25d711abce 100644 --- a/content/manuals/unassociated-machines/_index.md +++ b/content/manuals/unassociated-machines/_index.md @@ -3,6 +3,8 @@ title: Manage unassociated machines description: Learn how to manage unassociated machines using the Docker Admin Console keywords: unassociated machines, insights, manage users, enforce sign-in sitemap: false +pagefind_exclude: true +noindex: true params: sidebar: group: Enterprise diff --git a/layouts/index.robots.txt b/layouts/index.robots.txt index 3e9a658fdf96..c3391753ff39 100644 --- a/layouts/index.robots.txt +++ b/layouts/index.robots.txt @@ -6,6 +6,7 @@ {{- if hugo.IsProduction -}} User-agent: * +Disallow: /unassociated-machines/ Sitemap: {{ "sitemap.xml" | absURL }} From 9d58e04ab32271181518509e0a7ce86e7c9e7c98 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Thu, 17 Jul 2025 09:49:25 -0400 Subject: [PATCH 7/7] headings --- content/manuals/unassociated-machines/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/unassociated-machines/_index.md b/content/manuals/unassociated-machines/_index.md index fa25d711abce..033e29f007af 100644 --- a/content/manuals/unassociated-machines/_index.md +++ b/content/manuals/unassociated-machines/_index.md @@ -91,7 +91,7 @@ to your organization. > Sign-in enforcement only takes effect after Docker Desktop is restarted. Users can continue using Docker Desktop until their next restart. -### Enable for all unassociated machines +### Enable sign-in enforcement for all unassociated machines 1. Sign in to the [Admin Console](https://app.docker.com/admin) and select your organization. @@ -111,7 +111,7 @@ Users with older versions will not be prompted to sign in and can continue using Docker Desktop normally until they update. Their status shows as **Pending** until they update to version 4.41 or later. -### Enable for individual unassociated machines +### Enable sign-in enforcement for individual unassociated machines 1. Sign in to the [Admin Console](https://app.docker.com/admin) and select your organization.