ENGDOCS-2072b (docker#20094)

aevesdocker · web-flow · commit b904b7f07478 · 2024-07-15T11:02:22.000+01:00
* ENGDOCS-2072b

* final tweaks

* review edits
diff --git a/content/admin/faqs/organization-faqs.md b/content/admin/faqs/organization-faqs.md
@@ -26,7 +26,7 @@ No. Organization owners can invite users with their email address, and also assi
 
 ### Can I force my organization's members to authenticate before using Docker Desktop and are there any benefits?
 
-Yes. You can [enforce sign-in](../../security/for-admins/configure-sign-in.md) and some benefits are:
+Yes. You can [enforce sign-in](../../security/for-admins/enforce-sign-in/_index.md) and some benefits are:
 
 - Administrators can enforce features like [Image Access Management](../../security/for-admins/image-access-management.md) and [Registry Access Management](../../security/for-admins/registry-access-management.md).
  - Administrators can ensure compliance by blocking Docker Desktop usage for users who don't sign in as members of the organization.
diff --git a/content/desktop/get-started.md b/content/desktop/get-started.md
@@ -29,7 +29,7 @@ aliases:
 
 Docker recommends that you authenticate using the **Sign in** option in the top-right corner of the Docker Dashboard. 
 
-In large enterprises where admin access is restricted, administrators can [Configure registry.json to enforce sign-in](../security/for-admins/configure-sign-in.md). 
+In large enterprises where admin access is restricted, administrators can [enforce sign-in](../security/for-admins/enforce-sign-in/_index.md). 
 
 > **Tip**
 >
diff --git a/content/desktop/hardened-desktop/air-gapped-containers.md b/content/desktop/hardened-desktop/air-gapped-containers.md
@@ -23,7 +23,7 @@ You can choose:
 
 ## Configuration
 
-Assuming [enforced sign-in](../../security/for-admins/configure-sign-in.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
+Assuming [enforced sign-in](../../../security/for-admins/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
 
 ```json
 {
diff --git a/content/desktop/hardened-desktop/enhanced-container-isolation/_index.md b/content/desktop/hardened-desktop/enhanced-container-isolation/_index.md
@@ -92,7 +92,7 @@ To enable Enhanced Container Isolation as a developer:
 
 #### As an admin
 
-To enable Enhanced Container Isolation as an admin, you first need to [configure a `registry.json` file to enforce sign-in](../../../security/for-admins/configure-sign-in.md).
+To enable Enhanced Container Isolation as an admin, you first need to [enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md).
 This is because the Enhanced Container Isolation feature requires a Docker
 Business subscription and therefore your Docker Desktop users must authenticate
 to your organization for this configuration to take effect.
diff --git a/content/desktop/hardened-desktop/settings-management/_index.md b/content/desktop/hardened-desktop/settings-management/_index.md
@@ -51,7 +51,7 @@ For more details on the syntax and options admins can set, see [Configure Settin
 
 ### How do I set up and enforce Settings Management?
 
-As an administrator, you first need to [configure a registry.json to enforce sign-in](../../../security/for-admins/configure-sign-in.md). This is because the Settings Management feature requires a Docker Business subscription and therefore your Docker Desktop developers must authenticate to your organization for this configuration to take effect.
+As an administrator, you first need to [configure a registry.json to enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md). This is because the Settings Management feature requires a Docker Business subscription and therefore your Docker Desktop developers must authenticate to your organization for this configuration to take effect.
 
 Next, you must either manually [create and configure the admin-settings.json file](configure.md), or use the `--admin-settings` installer flag on [macOS](../../install/mac-install.md#install-from-the-command-line) or [Windows](../../install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location.
 
diff --git a/content/desktop/hardened-desktop/settings-management/configure.md b/content/desktop/hardened-desktop/settings-management/configure.md
@@ -15,7 +15,7 @@ Settings Management is designed specifically for organizations who don’t give
 ### Prerequisites
 
 - [Download and install Docker Desktop 4.13.0 or later](../../release-notes.md).
-- As an admin, you need to [configure a registry.json to enforce sign-in](../../../security/for-admins/configure-sign-in.md). This is because this feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
+- As an admin, you need to [configure a registry.json to enforce sign-in](../../../security/for-admins/enforce-sign-in/_index.md). This is because this feature requires a Docker Business subscription and therefore your Docker Desktop users must authenticate to your organization for this configuration to take effect.
 
 ### Step one: Create the `admin-settings.json` file and save it in the correct location
 
diff --git a/content/docker-hub/_index.md b/content/docker-hub/_index.md
@@ -49,7 +49,7 @@ GitHub and Bitbucket and push them to Docker Hub.
 {{< tab name="What administrative tasks can I perform in Docker Hub?" >}}
 * [Create and manage teams and organizations](orgs.md)
 * [Create a company](../admin/company/new-company.md)
-* [Enforce sign in](configure-sign-in.md)
+* [Enforce sign in](../security/for-admins/enforce-sign-in/_index.md)
 * Set up [SSO](../security/for-admins/single-sign-on/index.md) and [SCIM](../security/for-admins/provisioning/scim.md)
 * Use [Group mapping](group-mapping.md)
 * [Carry out domain audits](domain-audit.md)
diff --git a/content/docker-hub/release-notes.md b/content/docker-hub/release-notes.md
@@ -72,7 +72,7 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro
 
 ### Bug fixes and enhancements
 
-- In Docker Hub, you can now download a [registry.json](../security/for-admins/configure-sign-in.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
+- In Docker Hub, you can now download a [registry.json](../security/for-admins/enforce-sign-in/_index.md) file or copy the commands to create a registry.json file to enforce sign-in for your organization.
 
 ## 2022-09-19
 
diff --git a/content/security/_index.md b/content/security/_index.md
@@ -25,7 +25,7 @@ grid_admins:
   link: /desktop/hardened-desktop/air-gapped-containers/
 - title: Enforce sign-in
   description: Configure sign-in for members of your teams and organizations.
-  link: /security/for-admins/configure-sign-in/
+  link: /security/for-admins/enforce-sign-in/
   icon: passkey
 - title: Domain audit
   description: Identify uncaptured users in your organization.
diff --git a/content/security/faqs/single-sign-on/enforcement-faqs.md b/content/security/faqs/single-sign-on/enforcement-faqs.md
@@ -66,4 +66,6 @@ Enforcing SSO and enforcing sign-in to Docker Desktop are different features tha
 Enforcing SSO ensures that users sign in using their SSO credentials instead of their Docker ID. One of the benefits is that SSO enables you to better manage user credentials.
 
 Enforcing sign-in to Docker Desktop ensures that users always sign in to an
-account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/configure-sign-in.md).
+
+account that's a member of your organization. The benefits are that your organization's security settings are always applied to the user's session and your users always receive the benefits of your subscription. For more details, see [Enforce sign-in for Desktop](../../../security/for-admins/enforce-sign-in/_index.md).
+
diff --git a/content/security/faqs/single-sign-on/users-faqs.md b/content/security/faqs/single-sign-on/users-faqs.md
@@ -36,7 +36,7 @@ If users attempt to sign in through the CLI, they must authenticate using a pers
 
 ### Is it possible to force users of Docker Desktop to authenticate, and/or authenticate using their company’s domain?
 
-Yes. Administrators can force users to authenticate with Docker Desktop by provisioning a [`registry.json`](../../../security/for-admins/configure-sign-in.md) configuration file. The `registry.json` file will force users to authenticate as a user that's configured in the `allowedOrgs` list in the `registry.json` file.
+Yes. Admins can [force users to authenticate with Docker Desktop](../../for-admins/enforce-sign-in/_index.md) using a registry key, `.plist` file, or `registry.json` file. 
 
 Once SSO enforcement is set up on their Docker Business organization or company on Hub, when the user is forced to authenticate with Docker Desktop, the SSO enforcement will also force users to authenticate through SSO with their IdP (instead of authenticating using their username and password).
 
@@ -51,7 +51,7 @@ Yes, you can convert existing users to an SSO account. To convert users from a n
 - Each user has created a PAT to replace their passwords to allow them to sign in through Docker CLI.
 - Confirm that all CI/CD pipelines automation systems have replaced their passwords with PATs.
 
-For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/configure-sign-in.md).
+For detailed prerequisites and instructions on how to enable SSO, see [Configure Single Sign-on](../../../security/for-admins/single-sign-on/configure/_index.md).
 
 ### What impact can users expect once we start onboarding them to SSO accounts?
 
diff --git a/content/security/for-admins/domain-audit.md b/content/security/for-admins/domain-audit.md
@@ -17,7 +17,7 @@ Domain audit can't identify the following Docker users in your environment:
 - Users who access Docker Desktop without authenticating
 - Users who authenticate using an account that doesn't have an email address associated with one of your verified domains
 
-Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](configure-sign-in.md).
+Although domain audit can't identify all Docker users in your environment, you can enforce sign-in to prevent unidentifiable users from accessing Docker Desktop in your environment. For more details about enforcing sign-in, see [Configure registry.json to enforce sign-in](../for-admins/enforce-sign-in/_index.md).
 
 > **Tip**
 >
diff --git a/content/security/for-admins/enforce-sign-in/_index.md b/content/security/for-admins/enforce-sign-in/_index.md
@@ -0,0 +1,45 @@
+---
+description: Understand what happens when you force users to sign in to Docker Desktop
+toc_max: 2
+keywords: authentication, registry.json, configure, enforce sign-in, docker desktop, security,
+title: Enforce sign-in for Docker Desktop
+aliases:
+- /docker-hub/configure-sign-in/
+- /security/for-admins/configure-sign-in/
+---
+
+By default, members of your organization can use Docker Desktop without signing
+in. When users don’t sign in as a member of your organization, they don’t
+receive the [benefits of your organization’s
+subscription](../../../subscription/core-subscription/details.md) and they can circumvent [Docker’s
+security features](../../../desktop/hardened-desktop/_index.md) for your organization.
+
+There are multiple ways you can enforce sign-in, depending on your companies' set up and preferences:
+- [Registry key method (Windows only)](methods.md#registry-key-method-windows-only){{< badge color=violet text="Early Access" >}}
+- [`.plist` method (Mac only)](methods.md#plist-method-mac-only){{< badge color=violet text="Early Access" >}}
+- [`registry.json` method (All)](methods.md#registryjson-method-all)
+
+## How is sign-in enforced?
+
+When Docker Desktop starts and it detects a registry key, a `.plist` file or `registry.json` file, the
+following occurs:
+
+- A **Sign in required!** prompt appears requiring the user to sign
+  in as a member of your organization to use Docker Desktop. ![Enforce Sign-in
+  Prompt](../../images/enforce-sign-in.png?w=400)
+- When a user signs in to an account that isn’t a member of your organization,
+  they are automatically signed out and can’t use Docker Desktop. The user
+  can select **Sign in** and try again.
+- When a user signs in to an account that is a member of your organization, they
+ can use Docker Desktop.
+- When a user signs out, the **Sign in required!** prompt appears and they can
+  no longer use Docker Desktop.
+
+> **Enforce sign-in versus enforce SSO**
+>
+> Enforcing sign-in ensures that users are required to sign in to use Docker Desktop.
+> If your organization is also using single sign-on (SSO), you can optionally enforce SSO.
+> This means that your users must use SSO to sign in, instead of a username and password.
+> When you enforce sign-in and enforce SSO, your users must sign in and must use SSO to do so.
+> See [Enforce SSO](/security/for-admins/single-sign-on/connect#optional-enforce-sso) for details on how to enable this for your SSO connection.
+{ .tip }
diff --git a/content/security/for-admins/enforce-sign-in/methods.md b/content/security/for-admins/enforce-sign-in/methods.md
diff --git a/content/security/for-admins/image-access-management.md b/content/security/for-admins/image-access-management.md
diff --git a/content/security/for-admins/registry-access-management.md b/content/security/for-admins/registry-access-management.md
diff --git a/data/toc.yaml b/data/toc.yaml
diff --git a/layouts/shortcodes/admin-org-onboarding.md b/layouts/shortcodes/admin-org-onboarding.md

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ aliases:`
`29`	`29`
`30`	`30`	`Docker recommends that you authenticate using the Sign in option in the top-right corner of the Docker Dashboard.`
`31`	`31`
`32`		`-In large enterprises where admin access is restricted, administrators can [Configure registry.json to enforce sign-in](../security/for-admins/configure-sign-in.md).`
	`32`	`+In large enterprises where admin access is restricted, administrators can [enforce sign-in](../security/for-admins/enforce-sign-in/_index.md).`
`33`	`33`
`34`	`34`	`> Tip`
`35`	`35`	`>`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ You can choose:`
`23`	`23`
`24`	`24`	`## Configuration`
`25`	`25`
`26`		-Assuming [enforced sign-in](../../security/for-admins/configure-sign-in.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
	`26`	+Assuming [enforced sign-in](../../../security/for-admins/enforce-sign-in/_index.md) and [Settings Management](settings-management/_index.md) are enabled, add the new proxy configuration to the `admin-settings.json` file. For example:
`27`	`27`
`28`	`28`	```json
`29`	`29`	`{`