Home Explore Blog Models CI



docker
3rd chunk of `content/manuals/security/for-admins/single-sign-on/_index.md`
9fbd7ae0a0ee93a7f51aa69217603570878648275145c3a100000001000007d8


## How to set it up

SSO is configured using the following steps:
1. [Configure SSO](../single-sign-on/configure.md) by creating and verifying a domain in Docker.
2. [Create your SSO connection](../single-sign-on/connect.md) in Docker and your IdP.
3. Cross-connect Docker and your IdP.
4. Test your connection.
5. Provision users.
6. Optional. [Enforce sign-in](../enforce-sign-in/_index.md).
7. [Manage your SSO configuration](../single-sign-on/manage.md).

Once your SSO configuration is complete, a first-time user can sign in to Docker Hub or Docker Desktop using their company's domain email address. Once they sign in, they are added to your company, assigned to an organization, and if necessary, assigned to a team.

## Prerequisites

Before configuring SSO, ensure you meet the following prerequisites:
* Notify your company about the new SSO sign in procedures.
* Verify that all users have Docker Desktop version 4.4.2 or later installed.
* If your organization is planning to [enforce SSO](/manuals/security/for-admins/single-sign-on/connect.md#optional-enforce-sso), members using the Docker CLI are required to [create a Personal Access Token (PAT)](/docker-hub/access-tokens/). The PAT will be used instead of their username and password. Docker plans to deprecate signing in to the CLI with a password in the future, so using a PAT will be required to prevent issues with authentication. For more details see the [security announcement](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced).
* Ensure all your Docker users have a valid user on your IdP with the same email address as their Unique Primary Identifier (UPN).
* Confirm that all CI/CD pipelines have replaced their passwords with PATs.
* For your service accounts, add your additional domains or enable it in your IdP.

## What's next?

- Start [configuring SSO](../../for-admins/single-sign-on/configure.md) in Docker
- Explore the [FAQs](../../../security/faqs/single-sign-on/_index.md)
Title: SSO Configuration Steps and Prerequisites
Summary
The process for configuring SSO involves creating and verifying a domain, creating a SSO connection, cross-connecting Docker and your IdP, testing the connection, and provisioning users. Enforcing sign-in and managing the SSO configuration are optional steps. Prior to configuring SSO, it's important to notify your company, ensure users have the required Docker Desktop version, instruct Docker CLI users to create a Personal Access Token (PAT), ensure all users have a valid user on your IdP with the same email address as their Unique Primary Identifier (UPN), and that all CI/CD pipelines have replaced their passwords with PATs.