ContextQMD
Back to Docker

Manage unassociated machines

content/manuals/unassociated-machines/_index.md

18.09-release8.0 KB
Original Source

{{% restricted title="About unassociated machines" %}} Unassociated machines is a private feature that may not be available to all accounts. {{% /restricted %}}

Docker administrators can identify, view, and manage Docker Desktop machines that are likely associated with their organization but aren't currently linked to user accounts. This self-service capability helps you understand Docker Desktop usage across your organization and streamline user onboarding without IT involvement.

Prerequisites

  • Docker Business or Team subscription
  • Organization owner access to your Docker organization

About unassociated machines

Unassociated machines are Docker Desktop instances that Docker has identified as likely belonging to your organization based on usage patterns, but the users are not signed in to Docker Desktop with an account that is part of your organization.

How Docker identifies unassociated machines

Docker uses telemetry data to identify which machines likely belong to your organization:

  • Domain matching: Users signed in with email domains associated with your organization
  • Registry patterns: Analysis of container registry access patterns that indicate organizational usage

View unassociated machines

To see detailed information about unassociated machines:

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.

The machine list displays:

  • Machine ID (Docker-generated identifier)
  • The registry address used to predict whether a user is part of your organization
  • User email (only displays if the user is signed into Docker Desktop while using it)
  • Docker Desktop version
  • Operating system (OS)
  • Last activity date
  • Sign-in enforced status

You can:

  • Export the list as CSV
  • Take actions on individual or multiple machines

Enable sign-in enforcement for unassociated machines

[!NOTE]

Sign-in enforcement for unassociated machines is different from the organization-level sign-in enforcement available through registry.json and configuration profiles. This sign-in enforcement only requires users to sign in so admins can identify who is using the machine, meaning users can sign in with any email address. For more stringent security controls that limit sign-ins to users who are already part of your organization, see Enforce sign-in.

Sign-in enforcement helps you identify who is using unassociated machines in your organization. When you enable enforcement, users on these machines will be required to sign in to Docker Desktop. Once they sign in, their email addresses will appear in the Unassociated list, allowing you to then add them to your organization.

You can enable sign-in enforcement using two methods:

  • For all unassociated machines in your organization
  • For individual unassociated machines

[!IMPORTANT]

Sign-in enforcement only takes effect after Docker Desktop is restarted. Users can continue using Docker Desktop until their next restart.

Enable sign-in enforcement for all unassociated machines

To enable sign-in enforcement for all unassociated machines:

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Turn on the Enforce sign-in toggle.
  4. In the pop-up modal, select Require sign-in to confirm.

The Sign-in required status will update for all unassociated machines to Yes.

[!NOTE]

When you enable sign-in enforcement for all unassociated machines, any new machines detected in the future will automatically have sign-in enforcement enabled. Sign-in enforcement requires Docker Desktop version 4.41 or later. Users with older versions will not be prompted to sign in and can continue using Docker Desktop normally until they update. Their status shows as Pending until they update to version 4.41 or later.

Enable sign-in enforcement for individual unassociated machines

To enable sign-in enforcement for individual unassociated machines:

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Locate the machine you want to enable sign-in enforcement for.
  4. Select the Actions menu and choose Turn on sign-in enforcement.
  5. In the pop-up modal, select Require sign-in to confirm.

The Sign-in required status will update for the individual machine to Yes.

[!NOTE]

Sign-in enforcement requires Docker Desktop version 4.41 or later. Users with older versions will not be prompted to sign in and can continue using Docker Desktop normally until they update. Their status shows as Pending until they update to version 4.41 or later.

What happens when users sign in

After you enable sign-in enforcement:

  1. Users must restart Docker Desktop. Enforcement only takes effect after restart.
  2. When users open Docker Desktop, they see a sign-in prompt. They must sign in to continue using Docker Desktop.
  3. User email addresses appear in the Unassociated list.
  4. You can add users to your organization.

Users can continue using Docker Desktop immediately after signing in, even before being added to your organization.

Add unassociated machines to your organization

When users in your organization use Docker without signing in, their machines appear in the Unassociated list. You can add these users to your organization in two ways:

  • Automatic addition:
    • Auto-provisioning: If you have verified domains with auto-provisioning enabled, users who sign in with a matching email domain will automatically be added to your organization. For more information on verifying domains and auto-provisioning, see Domain management.
    • SSO user provisioning: If you have SSO configured with Just-in-Time provisioning, users who sign in through your SSO connection will automatically be added to your organization.
  • Manual addition: If you don't have auto-provisioning or SSO set up, or if a user's email domain doesn't match your configured domains, their email will appear in the Unassociated list where you can choose to add them directly.

[!NOTE]

If you add users and do not have enough seats in your organization, a pop-up will appear prompting you to Get more seats.

Add individual users

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Locate the machine you want to add to your organization.
  4. Select the Actions menu and choose Add to organization.
  5. In the pop-up modal, select Add user.

Bulk add users

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Use the checkboxes to select the machines you want to add to your organizations.
  4. Select the Add to organization button.
  5. In the pop-up modal, select Add users to confirm.

Disable sign-in enforcement

Disable for all unassociated machines

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Turn off the Enforce sign-in toggle.
  4. In the pop-up modal, select Turn off sign-in requirement to confirm.

The Sign-in required status will update for all unassociated machines to No.

Disable for specific unassociated machines

  1. Sign in to the Admin Console and select your organization.
  2. In User management, select Unassociated.
  3. Locate the machine you want to disable sign-in enforcement for.
  4. Select the Actions menu and choose Turn off sign-in enforcement.
  5. In the pop-up modal, select Turn off sign-in requirement to confirm.

The Sign-in required status will update for the individual machine to No.