Introducing SSO for Docker Business

Docker single sign-on (SSO) is now available! By enabling single sign-on (SSO), organizations and large organizations can easily automate the process of joining and managing Docker users at scale. Users can authenticate with their organization’s standard identity provider (IdP). Single sign-on (SSO) is one of the most widely requested features, so we’re excited to ship it to Docker Business customers.

Do you want to enable SSO for your organization? Here are the most important things you need to know.

With SSO enabled, users can authenticate with their organization’s standard IdP.

How does SSO work in Docker?

Single sign-on (SSO) allows users to authenticate to Docker Hub and Docker Desktop using their organization’s standard identity provider (IdP) to access Docker. Not only will this make it easier for new users to quickly get started with Docker using the email their organization provides, but it will also help larger organizations expand their use of Docker in a more secure and manageable way. Docker currently supports files SAML 2.0 And Azure Active Directory IdPs for ease of implementation. Once SSO is enabled and configured for your organization, users must log into Docker Hub or Docker Desktop to start the SSO authentication process.

How is single sign-on (SSO) enabled?

Single sign-on is available to organizations with an active Docker Business subscription. This means that customers under other subscription categories (eg Team) must first upgrade to a Docker Business account. Click here to find out how to upgrade your subscription. Customers with a Docker Business subscription can visit our documentation for additional information about the enabling process.

Noticeable: When single sign-on is enabled, Docker login via partner products (eg VS Token, Jfrog, etc.) will require Personal Access Tokens (PATs).

How are users managed?

Users are managed by organizations in Docker Hub. To configure SSO, each user must already have an existing IdP account for their organization. When a user logs into Docker for the first time with their domain email address, they will be automatically added to the organization after authentication is successful. All users must authenticate with the email domain specified during SSO setup (eg company email address). Administrators can continue to invite new users to the organization using invite a member option in Docker Hub.

How do we convert existing non-SSO Docker users to SSO?

To convert existing Docker users from a non-SSO account to SSO, administrators must verify:

  • Users have a company email address and an IdP account
  • Users have the latest version of Docker Desktop (currently version 4.4.2) installed on their devices
  • Users create a Personal Access Token (PAT) to replace their passwords to allow them to sign in through the Docker CLI
  • All CI/CD pipeline automation systems have replaced their passwords with PATs
  • Users with email addresses that include the ‘+’ symbol are either added to your IdP or otherwise updated to not include the ‘+’ symbol.

For additional requirements, please refer to our documentation.

What impact can be expected when setting up users on SSO?

Single sign-on (SSO) can be enforced for users once the steps (summarized above and in our documentation) are completed. After SSO is enforced, users can start logging in with the email and password provided by their organization, after which it’s business as usual. Please note that for users who log into Docker directly from the Docker CLI or via partner products (eg VS Code, Jfrog, etc.), Personal Access Tokens (PATs) may be required.

For more instructions on how to deploy SSO within your organization, visit our documentation for more information.

Consider taking the step today to access Docker’s SSO and other key features for management and security at scale. Download our latest technical papers and watch our on-demand webinar to learn more. You can also visit our public roadmap where you can leave comments about what you want to see next for user management.

DockerCon Live 2022

Join us at DockerCon Live 2022 on Tuesday, May 10th. DockerCon Live is a free, one-day virtual event that is a unique experience for developers and development teams building the next generation of modern applications. If you want to learn how to move from code to the cloud quickly and solve your development challenges, DockerCon Live 2022 offers live content to help you build, share, and run your applications. Register today at https://www.docker.com/dockercon/


Leave a Comment