From 3060cac0ed10fc6adc8b9abc62700a06bada3cb4 Mon Sep 17 00:00:00 2001 From: Alexa Date: Wed, 11 Feb 2026 11:19:22 -0600 Subject: [PATCH 1/3] preliminary changes to admin landing page to be clearer about admin console, seat provisioning, and permissions/subscriptions --- content/manuals/admin/_index.md | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md index 93818c67a78b..2a9c85e79061 100644 --- a/content/manuals/admin/_index.md +++ b/content/manuals/admin/_index.md @@ -35,21 +35,33 @@ aliases: - /docker-hub/admin-overview --- -Administrators can manage companies and organizations using the -[Docker Admin Console](https://app.docker.com/admin). The Admin Console -provides centralized observability, access management, and security controls -across Docker environments. +Administrators use the [Docker Admin Console](https://app.docker.com/admin) to provision user seats, manage access tokens and SSO, and deploy Docker Desktop to their orgs. Admin Console lets you oversee and manage seats, security, and identity management from a single point of visibility. + +## Set up Docker with Admin Console + +Administrators get started with Docker by accessing the Admin Console to create a company and organizations. + +- If you're a Docker Business subscriber, you have access to both company and organization features in Admin Console. +- If you're Docker Team subscriber, you only have access to organization features in Admin Console. + +As an administrator, you act as an owner who can invite users with their email addresses, then assign them member roles to particular teams. ## Company and organization hierarchy -The [Docker Admin Console](https://app.docker.com/admin) provides administrators with centralized observability, access management, and controls for their company and organizations. To provide these features, Docker uses the following hierarchy and roles. +Admin Console gives administrators a bird's eye overview of a company and its downstream organizations. Company and organizations have a hierarchical relationship: ![Diagram showing Docker’s administration hierarchy with Company at the top, followed by Organizations, Teams, and Members](./images/docker-admin-structure.webp) +Administrators can occupy either company owner or organization owner roles, each with their own permissions and seat rules. + +- Company owners can view and edit downstream organizations, or change SSO and SCIM settings. When a company owner makes a change to the company, it affects all organizations beneath them. +- Organization owners have full admin permissions to manage members, roles, and teams within their organization, but not organizations they are not the owner to. + +When an administrator creates the first company from Admin Console, they assume both company and organization owner roles. If you're a Docker Team subscriber, you're the owner for that organization only and don't assume company owner permissions. + ### Company -A company groups multiple Docker organizations for centralized configuration. -Companies are only available for Docker Business subscribers. +If you're a Docker Business subscriber, then a company is the highest level of visibility an administrator can have. Companies have the following administrator role available: @@ -67,6 +79,8 @@ Organizations have the following administrator role available: - Organization owner: Can manage organization settings, users, and access controls. +## Seats + ### Team Teams are optional and let you group members to assign repository permissions From 4e0b4712fef1d3240290cf57090e9f9e0212e2fc Mon Sep 17 00:00:00 2001 From: Alexa Date: Wed, 11 Feb 2026 14:17:29 -0600 Subject: [PATCH 2/3] add details about user management and seats --- content/manuals/admin/_index.md | 77 +++++++++++++++++---------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md index 2a9c85e79061..d93e495dc0fe 100644 --- a/content/manuals/admin/_index.md +++ b/content/manuals/admin/_index.md @@ -35,16 +35,16 @@ aliases: - /docker-hub/admin-overview --- -Administrators use the [Docker Admin Console](https://app.docker.com/admin) to provision user seats, manage access tokens and SSO, and deploy Docker Desktop to their orgs. Admin Console lets you oversee and manage seats, security, and identity management from a single point of visibility. +Administrators start with the [Docker Admin Console](https://app.docker.com/admin) to provision user seats, manage access tokens, SSO and SCIM, and deploy Docker Desktop to their organizations. ## Set up Docker with Admin Console Administrators get started with Docker by accessing the Admin Console to create a company and organizations. -- If you're a Docker Business subscriber, you have access to both company and organization features in Admin Console. -- If you're Docker Team subscriber, you only have access to organization features in Admin Console. +- If you're a Docker Business subscriber, you have access to both company and organization features. +- If you're Docker Team subscriber, you have access to organization features in Admin Console. -As an administrator, you act as an owner who can invite users with their email addresses, then assign them member roles to particular teams. +As an administrator, you're an owner who can invite users with their email addresses, then assign them member roles to particular teams. ## Company and organization hierarchy @@ -52,60 +52,63 @@ Admin Console gives administrators a bird's eye overview of a company and its d ![Diagram showing Docker’s administration hierarchy with Company at the top, followed by Organizations, Teams, and Members](./images/docker-admin-structure.webp) -Administrators can occupy either company owner or organization owner roles, each with their own permissions and seat rules. +Administrators can occupy company owner or organization owner roles (or both), where each role has its own permissions and seat rules. -- Company owners can view and edit downstream organizations, or change SSO and SCIM settings. When a company owner makes a change to the company, it affects all organizations beneath them. -- Organization owners have full admin permissions to manage members, roles, and teams within their organization, but not organizations they are not the owner to. +- Company owners can view and bulk edit settings and configurations for all organizations beneath them. +- Organization owners have full admin permissions to manage settings, members, roles, and teams within their organization, but not organizations they're not part of. -When an administrator creates the first company from Admin Console, they assume both company and organization owner roles. If you're a Docker Team subscriber, you're the owner for that organization only and don't assume company owner permissions. +When an administrator creates the first company from Admin Console, they assume owner roles pursuant to their subscription type. For example: + +- A Docker Business subscriber assumes owner permissions for both the first company and first organization. +- A Docker Team subscriber assumes owner permissions for the first created organization. ### Company -If you're a Docker Business subscriber, then a company is the highest level of visibility an administrator can have. +The highest level of visibility an administrator can have is at the company level. A company owner views and manages all organizations within the company and has full access to company-wide settings. + +Company owners won't occupy a seat unless one of the following is true: -Companies have the following administrator role available: +- They are added as a member of an organization under your company. +- SSO is enabled. -- Company owner: Can view and manage all organizations within the company. -Has full access to company-wide settings and inherits the same permissions as -organization owners. +If you're a Docker team subscribe who wants access to company-level permissions, you can [upgrade to Docker Business](/subscription/change/#upgrade-your-subscription). ### Organization An organization contains teams and repositories. All Docker Team and Business -subscribers must have at least one organization. +subscribers must create one organization before inviting new members to Docker. -Organizations have the following administrator role available: +Organization owners manage organization settings, users, and access controls. All organizations owners occupy at least one seat, but can occupy more than one seat if they're members or owners of multiple, separate organizations. -- Organization owner: Can manage organization settings, users, and access -controls. +## Seats and user management -## Seats +The number of seats an administrator can provision depends on their [subscription type](https://www.docker.com/pricing/). Once you've decided on a plan and created your first company or organization, you can send invitations to future members. -### Team +### Seats -Teams are optional and let you group members to assign repository permissions -collectively. Teams simplify permission management across projects -or functions. +A seat is a unit purchased with a subscription plan that extends access to users to an organization's repo. -### Member + - They give administrators granular permissions around who can contribute to a repository. + - They prevent unauthorized users from pushing to a repos they're not members of. -A member is any Docker user added to an organization. Organization and company -owners can assign roles to members to define their level of access. +For example, an organization owner takes up one seat. They can invite Docker users to an organization. Once invitees become members, organization owners can set permissions in bulk or on an individual basis to repositories affiliated with an organization. -> [!NOTE] -> -> Creating a company is optional, but organizations are required for Team and -Business subscriptions. +### Users and members -## Admin Console features +Docker uses specific terminology to define the kind of access a Docker user has: -Docker's [Admin Console](https://app.docker.com/admin) allows you to: - -- Create and manage companies and organizations -- Assign roles and permissions to members -- Group members into teams to manage access by project or role -- Set company-wide policies, including SCIM provisioning and security -enforcement +- A user is someone with a Docker ID. + - They are not necessarily affiliated with an organization. + - They do not take up seats by default. +- An invitee is a user invited to an organization. + - Invitees occupy one seat. + - This is a user state before accepting and joining an organization. +- A member is a user who accepted an invitation to an organization. +- Teams let you group members together. + - They are optional. + - They allow you to assign repository permissions in bulk. + - Teams can simplify permission management across projects +or functions. ## Manage companies and organizations From a533ec87cf06fd344283599e73bb9c65bdff6814 Mon Sep 17 00:00:00 2001 From: Alexa Date: Wed, 11 Feb 2026 14:42:21 -0600 Subject: [PATCH 3/3] inverted pyramid --- content/manuals/admin/_index.md | 53 +++++++++++++++------------------ 1 file changed, 24 insertions(+), 29 deletions(-) diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md index d93e495dc0fe..3800d0dc9586 100644 --- a/content/manuals/admin/_index.md +++ b/content/manuals/admin/_index.md @@ -42,47 +42,42 @@ Administrators start with the [Docker Admin Console](https://app.docker.com/admi Administrators get started with Docker by accessing the Admin Console to create a company and organizations. - If you're a Docker Business subscriber, you have access to both company and organization features. -- If you're Docker Team subscriber, you have access to organization features in Admin Console. - -As an administrator, you're an owner who can invite users with their email addresses, then assign them member roles to particular teams. +- If you're Docker Team subscriber, you have access to organization features. ## Company and organization hierarchy -Admin Console gives administrators a bird's eye overview of a company and its downstream organizations. Company and organizations have a hierarchical relationship: +Admin Console gives administrators a bird's eye view of who has access to Docker. There are two levels of visibility, company and organizations, and they have a hierarchical relationship: ![Diagram showing Docker’s administration hierarchy with Company at the top, followed by Organizations, Teams, and Members](./images/docker-admin-structure.webp) -Administrators can occupy company owner or organization owner roles (or both), where each role has its own permissions and seat rules. - -- Company owners can view and bulk edit settings and configurations for all organizations beneath them. -- Organization owners have full admin permissions to manage settings, members, roles, and teams within their organization, but not organizations they're not part of. - -When an administrator creates the first company from Admin Console, they assume owner roles pursuant to their subscription type. For example: +### Company -- A Docker Business subscriber assumes owner permissions for both the first company and first organization. -- A Docker Team subscriber assumes owner permissions for the first created organization. +The highest level of visibility an administrator can have is at the company level. A company owner views and manages all organizations within the company and has full access to company-wide settings. -### Company +### Organization -The highest level of visibility an administrator can have is at the company level. A company owner views and manages all organizations within the company and has full access to company-wide settings. +An organization contains teams and repositories. Organization owners manage organization settings, users, and access controls. -Company owners won't occupy a seat unless one of the following is true: +- All Docker Team and Business +subscribers must create one organization before inviting new members to Docker. +- All organizations owners occupy one seat, but can occupy more than one seat if they're members or owners of multiple, separate organizations. +- Unlike a company, an organization is discrete from other organizations and cannot inherit permissions in bulk from other organizations. -- They are added as a member of an organization under your company. -- SSO is enabled. +If you're a Docker team subscriber who wants access to company-level permissions, you can [upgrade to Docker Business](/subscription/change/#upgrade-your-subscription). -If you're a Docker team subscribe who wants access to company-level permissions, you can [upgrade to Docker Business](/subscription/change/#upgrade-your-subscription). +## Seats and user management -### Organization +The number of seats an administrator can provision depends on their [subscription type](https://www.docker.com/pricing/). Administrators can act as company or organization owners who can invite users with their email addresses, then assign them member roles to particular teams. -An organization contains teams and repositories. All Docker Team and Business -subscribers must create one organization before inviting new members to Docker. +### Company and organization owners -Organization owners manage organization settings, users, and access controls. All organizations owners occupy at least one seat, but can occupy more than one seat if they're members or owners of multiple, separate organizations. +Administrators can occupy company owner or organization owner roles (or both), where each role has its own permissions and seat rules. -## Seats and user management +- Company owners can view and bulk edit settings and configurations for all organizations beneath them. +- Company owners won't occupy a seat unless SSO is enabled, or they're a member of an organization within the company. +- Organization owners have full admin permissions to manage settings, members, roles, and teams within their organization, but not organizations they're not part of. -The number of seats an administrator can provision depends on their [subscription type](https://www.docker.com/pricing/). Once you've decided on a plan and created your first company or organization, you can send invitations to future members. +When an administrator creates the first company or organization from Admin Console, they assume owner roles for the company and/or the organization by default. ### Seats @@ -91,18 +86,18 @@ A seat is a unit purchased with a subscription plan that extends access to users - They give administrators granular permissions around who can contribute to a repository. - They prevent unauthorized users from pushing to a repos they're not members of. -For example, an organization owner takes up one seat. They can invite Docker users to an organization. Once invitees become members, organization owners can set permissions in bulk or on an individual basis to repositories affiliated with an organization. +For example, an organization owner takes up one seat. They can invite Docker users to an organization. Once invitees become members, organization owners can set permissions to members of their company or organization. ### Users and members -Docker uses specific terminology to define the kind of access a Docker user has: +Docker uses specific terminology to define user access: - A user is someone with a Docker ID. - - They are not necessarily affiliated with an organization. - - They do not take up seats by default. + - They're not necessarily affiliated with an organization. + - They do not occupy a seat by default. - An invitee is a user invited to an organization. - Invitees occupy one seat. - - This is a user state before accepting and joining an organization. + - It behaves as a user state before accepting and joining an organization. - A member is a user who accepted an invitation to an organization. - Teams let you group members together. - They are optional.