Skip to content

security: caveats for admin-settings.json #22441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 21, 2025
Merged

security: caveats for admin-settings.json #22441

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7ad211d
caveats for admin-settings.json
sarahsanders-docker Apr 16, 2025
41e5f57
nit:
sarahsanders-docker Apr 16, 2025
3699a46
Update content/manuals/security/for-admins/hardened-desktop/settings-…
sarahsanders-docker Apr 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion ...security/for-admins/hardened-desktop/settings-management/configure-json-file.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,23 @@ Settings Management is designed specifically for organizations who don’t give

## Prerequisites

You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Settings Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
You must [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop users authenticate with your organization.

Settings management requires a Docker Business subscription. Docker Desktop verifies the user's authentication and licensing before applying any settings from the `admin-settings.json` file. The settings file will not take effect unless both authentication and license checks pass. These checks ensure that only licensed users receive managed settings.

> [!IMPORTANT]
>
> If a user is not signed in, or their Docker ID does not belong to an organization with a Docker Business subscription, Docker Desktop ignores the `admin-settings.json` file.


## Known limitations

The `admin-settings.json` file requires users to authenticate with Docker Hub and be a member
of an organization with a Docker Business subscription. This means the file does not work in:

- Air-grapped or offline environments where Docker Desktop can't authenticate with Docker Hub.
- Restricted environments where SSO and cloud-based authentication are not permitted.


## Step one: Create the `admin-settings.json` file and save it in the correct location

Expand Down
4 changes: 4 additions & 0 deletions hugo_stats.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
"-v",
"-z-10",
".NET",
"AWS-Route-53",
"Admin-Console",
"After",
"Angular",
Expand Down Expand Up @@ -53,6 +54,8 @@
"Git-Bash-CLI",
"GitLab",
"Go",
"GoDaddy",
"Google-Cloud-DNS",
"HTTP",
"Heredocs",
"Hyper-V-backend-x86_64",
Expand Down Expand Up @@ -82,6 +85,7 @@
"Okta",
"Okta-SAML",
"Old-Dockerfile",
"Other-providers",
"PHP",
"PowerShell",
"PowerShell-CLI",
Expand Down