Starting with Docker Desktop 4.4.2, we’re excited to introduce a new authentication flow that takes you across the browser to sign in, simplifying the experience and allowing users to get all the benefits of autofill from any browser password manager they might be using. Gone are the days of going to your browser, opening a password manager, finding your Docker password, copying, and then going back to the dashboard or command line to paste it in (I may be alone here, but I can’t remember the passwords myself!).
As part of this authentication change, we’ve also introduced single sign-on for users with a commercial subscription that enables features like automated and secure setup for developers in the Docker platform, easy user management for admins and administrators, and seamless authentication for Docker users. Read our blog to learn more about SSO.
Getting started with the new authentication flow
In 4.4.2 and later, when users click “Sign in” from the Docker Dashboard or Docker menu, they will be redirected to their default browser.
Once in the browser, you will be asked to enter your Docker ID. This will take you through the appropriate flow. If your organization has enabled single sign-on, you will be redirected to your identity provider.
For a standard authentication pattern, users will then be sent to a screen to fill in their username and password. Then click Continue.
Once you have logged in successfully, you will be asked if you want to be taken back to the Docker Dashboard. You can choose to always allow Docker to open to reduce the number of steps in the future.
You’ll be returned to the Docker Dashboard, ready to keep working!
It is important to note that the CLI and Docker login flow in other tools, such as Visual Studio Code, will continue to function as they do today. You can choose to use a Personal Access Token (PAT) for these streams.
Simply update to or download 4.4.2+ to take advantage of all the benefits of a simplified login experience.
File a fix for CVE-2021-45449
Docker Desktop 4.3.0 and 4.3.1 contain a bug that could log sensitive information (access token or password) on a user’s machine during login. This only affects users if they are using Docker Desktop 4.3.0 and 4.3.1 and the user is logged in on 4.3.0 and 4.3.1. Access to this data requires access to the user’s local files. Additionally, these logs may be included when users upload diagnostic data, which means that access tokens and passwords may have been shared with Docker. We have deleted all potentially sensitive diagnostic files from our data storage and will continue to delete reported diagnostics from affected versions on an ongoing basis. This vulnerability has been fixed in version 4.3.2 or higher. Learn more on our security page.
Chat with us!
We would love to get your input into our work through user interview sessions. During these live feedback sessions, we’ll often show features or ideas in action for your input, or ask you more about how you can use Docker to spot any weaknesses when working with the product. We use these insights to help prioritize our roadmap and improve user experience. Each session usually takes 30 minutes to an hour. If you would like to participate in one of our user research studies, please sign up and we will contact you when we have something to research or test.
We’re also working on two of the most voted items: Mac file system performance optimization and Docker Desktop for Linux. As for file system performance, we’ve launched beta builds with VirtioFS, and we’re happy to show you how it works for you: Check the roadmap item for the latest version. For Docker Desktop for Linux, we’ll have some beta builds soon, so be sure to follow this roadmap item for news.
What else do you want us to focus on? Have your say by adding a cool emoji to your top priority on the roadmap, or create a new roadmap card if your idea isn’t there yet. We can’t wait to hear from you.
DockerCon Live 2022
Join us at DockerCon Live 2022 on Tuesday, May 10th. DockerCon Live is a free, one-day virtual event that is a unique experience for developers and development teams building the next generation of modern applications. If you want to learn how to move from code to the cloud quickly and solve your development challenges, DockerCon Live 2022 offers live content to help you build, share, and run your applications. Register today at https://www.docker.com/dockercon/