Starting with Docker Desktop 4.4.2 we’re excited to introduce a new authentication flow that will take you through the browser to sign in, simplifying the experience and allowing users to get all the benefits of autofill from whatever browser password manager they may use. Gone are the days of going to your browser, opening your password manager, finding your Docker password, copying, and then returning back to the dashboard or command line to paste it in (maybe I’m alone here, but I can never remember my passwords on my own!).
As part of this authentication change, we’ve also introduced Single Sign-on for users with a business subscription that enables benefits such as automated and secure onboarding of developers into the Docker platform, easy user management for managers and admins, and seamless authentication for Docker users. Read our blog to learn more about SSO.
Getting Started with the new Authentication Flow
On versions 4.4.2 and above, when users click on “Sign in” from the Docker Dashboard or the Docker Menu, they will be redirected to their default browser.
Once in the browser, you will be prompted to enter your Docker ID. This will take you through the appropriate flow. If your organization has Single Sign-on enabled, you will get redirected to your Identity Provider.
For the standard authentication pattern, users will then be sent to a screen to fill in their username and password. Then click “continue”.
Once you have successfully signed in you will get asked if you want to be taken back to the Docker Dashboard. You can choose to always allow opening Docker to reduce the number of steps in the future.
You’ll be returned to the Docker Dashboard, ready to continue working!
It’s important to note that the command line interface (CLI) login flow and logging into Docker in other tools, such as Visual Studio Code, will continue to work as they do today. You can choose to use a personal access token (PAT) for these flows.
Just update to or download 4.4.2+ to get all the benefits of a simplified sign in experience.
Introduced a fix for CVE-2021-45449
Docker Desktop version 4.3.0 and 4.3.1 have a bug that may log sensitive information (access token or password) on the user’s machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. Additionally, these logs may be included when users upload diagnostics, meaning access tokens and passwords might have been shared with Docker. We have deleted all potentially sensitive diagnostic files from our data storage and will continue to delete diagnostics reported from the affected versions on an ongoing basis. This vulnerability has been fixed in version 4.3.2 or higher. Learn more on our security page.
Chat with us!
We’d love to get your input on our work through user interview sessions. During these live feedback sessions we will often show work-in-progress features or ideas to get your input on, or ask you more about how you use Docker to discover any pain points when working with the product. We use these insights to help prioritize our roadmap and improve the user experience. Each session is typically 30 minutes to an hour. If you would like to take part in one of our user research studies please sign up and we will reach out to you when we have something to research or test.
We’re also working on two of your highest voted items: improving Mac filesystem performance, and implementing Docker Desktop for Linux. For filesystem performance, we’ve been releasing experimental builds using VirtioFS, and we’d love your input on how it works for you: check out the roadmap item for the latest build. For Docker Desktop for Linux, we will have some experimental builds soon, so be sure to follow that roadmap item for news.
What else would you like us to focus on? Have your say by adding a thumbs-up emoji to your highest priorities on the roadmap, or create a new roadmap ticket if your idea isn’t yet there. We can’t wait to hear from you.
DockerCon Live 2022
Join us for DockerCon Live 2022 on Tuesday, May 10. DockerCon Live is a free, one day virtual event that is a unique experience for developers and development teams who are building the next generation of modern applications. If you want to learn about how to go from code to cloud fast and how to solve your development challenges, DockerCon Live 2022 offers engaging live content to help you build, share and run your applications. Register today at https://www.docker.com/dockercon/
This syndicated content is provided by Docker and was originally posted at https://www.docker.com/blog/seamless-sign-in-with-docker-desktop-4-4-2/