docker · akristen · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
diff --git a/content/guides/admin-user-management/onboard.md b/content/guides/admin-user-management/onboard.md
@@ -67,4 +67,4 @@ It also:
 - Ensures consistent access control policies.
 - Help you scale permissions as teams grow or change.
 
-For more information on how it works, see [Group mapping](/manuals/enterprise/security/provisioning/group-mapping.md).
+For more information on how it works, see [Group mapping](/enterprise/security/provisioning/scim/group-mapping).
diff --git a/content/manuals/admin/organization/_index.md b/content/manuals/admin/organization/_index.md
@@ -31,13 +31,11 @@ grid:
   link: /admin/organization/general-settings/
 - title: SSO and SCIM
   description: 'Set up [Single Sign-On](/security/for-admins/single-sign-on/)
-    and [SCIM](/security/for-admins/provisioning/scim/) for your organization.
-
-    '
+    and [SCIM](/security/for-admins/provisioning/scim/) for your organization.'
   icon: key
 - title: Domain management
   description: Add, verify, and audit your domains.
-  link: /security/for-admins/domain-management/
+  link: /enterprise/security/provisioning/domain-management/
   icon: domain_verification
 - title: FAQs
   description: Explore common organization FAQs.

diff --git a/content/manuals/admin/organization/general-settings.md b/content/manuals/admin/organization/general-settings.md
@@ -31,5 +31,5 @@ After configuring your organization information, you can:
 
 - [Configure single sign-on (SSO)](/manuals/enterprise/security/single-sign-on/connect.md)
 - [Set up SCIM provisioning](/manuals/enterprise/security/provisioning/scim.md)
-- [Manage domains](/manuals/enterprise/security/domain-management.md)
+- [Manage domains](/enterprise/security/provisioning/domain-management)
 - [Create a company](/manuals/admin/company/new-company.md)
diff --git a/content/manuals/admin/organization/onboard.md b/content/manuals/admin/organization/onboard.md
@@ -169,7 +169,7 @@ security posture:
 
 - [Manage Docker products](./manage-products.md) to configure access and view usage.
 - Configure [Hardened Docker Desktop](/desktop/hardened-desktop/) to improve your organization’s security posture for containerized development.
-- [Manage your domains](/manuals/enterprise/security/domain-management.md) to ensure that all Docker users in your domain are part of your organization.
+- [Manage your domains](/enterprise/security/provisioning/domain-management) to ensure that all Docker users in your domain are part of your organization.
 
 Your Docker subscription provides many more additional features. To learn more,
 see [Docker subscriptions and features](https://www.docker.com/pricing?ref=Docs&refAction=DocsAdminOnboard).
diff --git a/content/manuals/enterprise/security/_index.md b/content/manuals/enterprise/security/_index.md
@@ -34,7 +34,7 @@ grid_admins:
   icon: passkey
 - title: Domain management
   description: Identify uncaptured users in your organization.
-  link: /enterprise/security/domain-management/
+  link: /enterprise/security/provisioning/domain-management/
   icon: person_search
 - title: Docker Scout
   description: Explore how Docker Scout can help you create a more secure software supply chain.

diff --git a/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md b/content/manuals/enterprise/security/hardened-desktop/settings-management/_index.md
@@ -62,7 +62,7 @@ When multiple policies exist, Docker Desktop applies them in this order:
 
 You can create settings management policies at any time, but your organization needs to verify a domain before the policies take effect. 
 
-1. Check that you have [added and verified](/manuals/enterprise/security/domain-management.md#add-and-verify-a-domain) your organization's domain.
+1. Check that you have [added and verified](/enterprise/security/provisioning/domain-management/#add-and-verify-a-domain) your organization's domain.
 2. [Enforce sign-in](/manuals/enterprise/security/enforce-sign-in/_index.md) to
 ensure all developers authenticate with your organization.
 3. Choose a configuration method:

diff --git a/content/manuals/enterprise/security/provisioning/_index.md b/content/manuals/enterprise/security/provisioning/_index.md
@@ -18,7 +18,7 @@ grid:
   - title: "Group mapping"
     description: "Configure role-based access control using IdP groups. Perfect for strict access control requirements."
     icon: "group"
-    link: "group-mapping/"
+    link: "scim/group-mapping/"
 ---
 
 {{< summary-bar feature_name="SSO" >}}

diff --git a/content/manuals/enterprise/security/provisioning/auto-provisioning.md b/content/manuals/enterprise/security/provisioning/auto-provisioning.md
@@ -0,0 +1,53 @@
+---
+title: Auto-provisioning
+linkTitle: Auto-provisioning
+description: Learn how Just-in-Time provisioning works with your SSO connection.
+keywords: user provisioning, just-in-time provisioning, JIT, autoprovision, Docker Admin, admin, security
+weight: 10
+aliases:
+ - /security/for-admins/provisioning/just-in-time/
+---
+
+Auto-provisioning automatically adds users to your organization when they sign in with email addresses that match your verified domains. You must verify a domain before enabling auto-provisioning.
+
+> [!IMPORTANT]
+>
+> For domains that are part of an SSO connection, Just-in-Time (JIT) provisioning takes precedence over auto-provisioning when adding users to an organization.
+
+### Overview
+
+When auto-provisioning is enabled for a verified domain:
+
+- Users who sign in to Docker with matching email addresses are automatically added to your organization.
+- Auto-provisioning only adds existing Docker users to your organization, it doesn't create new accounts.
+- Users experience no changes to their sign-in process.
+- Company and organization owners receive email notifications when new users are added.
+- You may need to [manage seats](/manuals/subscription/manage-seats.md) to accommodate new users.
+
+### Enable auto-provisioning
+
+Auto-provisioning is configured per domain. To enable it:
+
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your company or organization.
+1. Select **Admin Console**, then **Domain management**.
+1. Select the **Actions menu** next to the domain you want to enable
+auto-provisioning for.
+1. Select **Enable auto-provisioning**.
+1. Optional. If enabling auto-provisioning at the company level, select an
+organization.
+1. Select **Enable** to confirm.
+
+The **Auto-provisioning** column will update to **Enabled** for the domain.
+
+### Disable auto-provisioning
+
+To disable auto-provisioning for a user:
+
+1. Sign in to [Docker Home](https://app.docker.com) and select
+your organization. If your organization is part of a company, select the company
+and configure the domain for the organization at the company level.
+1. Select **Admin Console**, then **Domain management**.
+1. Select the **Actions menu** next to your domain.
+1. Select **Disable auto-provisioning**.
+1. Select **Disable** to confirm.
diff --git a/.../enterprise/security/domain-management.md → ...ecurity/provisioning/domain-management.md b/.../enterprise/security/domain-management.md → ...ecurity/provisioning/domain-management.md
@@ -1,8 +1,8 @@
 ---
-title: Manage domains
+title: Add and manage domains
 description: Add, verify, and manage domains to control user access and enable auto-provisioning in Docker organizations
 keywords: domain management, domain verification, auto-provisioning, user management, DNS, TXT record, Admin Console
-weight: 55
+weight: 40
 aliases:
  - /security/for-admins/domain-management/
  - /docker-hub/domain-audit/
@@ -79,56 +79,8 @@ your domain name.
 {{< /tab >}}
 {{< /tabs >}}
 
-## Configure auto-provisioning
-
-Auto-provisioning automatically adds users to your organization when they sign in with email addresses that match your verified domains. You must verify a domain before enabling auto-provisioning.
-
-> [!IMPORTANT]
->
-> For domains that are part of an SSO connection, Just-in-Time (JIT) provisioning takes precedence over auto-provisioning when adding users to an organization.
-
-### How auto-provisioning works
-
-When auto-provisioning is enabled for a verified domain:
-
-- Users who sign in to Docker with matching email addresses are automatically added to your organization.
-- Auto-provisioning only adds existing Docker users to your organization, it doesn't create new accounts.
-- Users experience no changes to their sign-in process.
-- Company and organization owners receive email notifications when new users are added.
-- You may need to [manage seats](/manuals/subscription/manage-seats.md) to accommodate new users.
-
-### Enable auto-provisioning
-
-Auto-provisioning is configured per domain. To enable it:
-
-1. Sign in to [Docker Home](https://app.docker.com) and select
-your company or organization.
-1. Select **Admin Console**, then **Domain management**.
-1. Select the **Actions menu** next to the domain you want to enable
-auto-provisioning for.
-1. Select **Enable auto-provisioning**.
-1. Optional. If enabling auto-provisioning at the company level, select an
-organization.
-1. Select **Enable** to confirm.
-
-The **Auto-provisioning** column will update to **Enabled** for the domain.
-
-### Disable auto-provisioning
-
-To disable auto-provisioning for a user:
-
-1. Sign in to [Docker Home](https://app.docker.com) and select
-your organization. If your organization is part of a company, select the company
-and configure the domain for the organization at the company level.
-1. Select **Admin Console**, then **Domain management**.
-1. Select the **Actions menu** next to your domain.
-1. Select **Disable auto-provisioning**.
-1. Select **Disable** to confirm.
-
 ## Audit domains for uncaptured users
 
-{{< summary-bar feature_name="Domain audit" >}}
-
 Domain audit identifies uncaptured users. Uncaptured users are Docker users who have authenticated using an email address associated with your verified domains but aren't members of your Docker organization.
 
 ### Limitations

diff --git a/content/manuals/enterprise/security/provisioning/just-in-time.md b/content/manuals/enterprise/security/provisioning/just-in-time.md
@@ -3,7 +3,7 @@ description: Learn how Just-in-Time provisioning works with your SSO connection.
 keywords: user provisioning, just-in-time provisioning, JIT, autoprovision, Docker Admin, admin, security
 title: Just-in-Time provisioning
 linkTitle: Just-in-Time
-weight: 10
+weight: 30
 aliases:
  - /security/for-admins/provisioning/just-in-time/
 ---
@@ -84,6 +84,6 @@ Users are provisioned with JIT by default. If you enable SCIM, you can disable J
 
 ## Next steps
 
-- Configure [SCIM provisioning](/manuals/enterprise/security/provisioning/scim.md) for advanced user management.
-- Set up [group mapping](/manuals/enterprise/security/provisioning/group-mapping.md) to automatically assign users to teams.
-- Review [Troubleshoot provisioning](/manuals/enterprise/troubleshoot/troubleshoot-provisioning.md).
+- Configure [SCIM provisioning](/enterprise/security/provisioning/scim/) for advanced user management.
+- Set up [group mapping](/enterprise/security/provisioning/scim/group-mapping) to automatically assign users to teams.
+- Review [Troubleshoot provisioning](/enterprise/security/provisioning/troubleshoot-provisioning/).
diff --git a/content/manuals/enterprise/security/provisioning/scim/_index.md b/content/manuals/enterprise/security/provisioning/scim/_index.md
@@ -0,0 +1,59 @@
+---
+title: SCIM overview
+linkTitle: SCIM
+weight: 20
+description: Learn how System for Cross-domain Identity Management works and how to set it up.
+keywords: SCIM, SSO, user provisioning, de-provisioning, role mapping, assign users
+aliases:
+  - /security/for-admins/scim/
+  - /docker-hub/scim/
+  - /security/for-admins/provisioning/scim/
+---
+
+{{< summary-bar feature_name="SSO" >}}
+
+Automate user management for your Docker organization using System for
+Cross-domain Identity Management (SCIM). SCIM automatically provisions and
+de-provisions users, synchronizes team memberships, and keeps your Docker
+organization in sync with your identity provider.
+
+This page shows you how to automate user provisioning and de-provisioning for
+Docker using SCIM.
+
+## Prerequisites
+
+Before you begin, you must have:
+
+- SSO configured for your organization
+- Administrator access to Docker Home and your identity provider
+
+## How SCIM works
+
+SCIM automates user provisioning and de-provisioning for Docker through your
+identity provider. After you enable SCIM, any user assigned to your
+Docker application in your identity provider is automatically provisioned and
+added to your Docker organization. When a user is removed from the Docker
+application in your identity provider, SCIM deactivates and removes them from
+your Docker organization.
+
+In addition to provisioning and removal, SCIM also syncs profile updates like
+name changes made in your identity provider. You can use SCIM alongside Docker's
+default Just-in-Time (JIT) provisioning or on its own with JIT disabled.
+
+SCIM automates:
+
+- Creating users
+- Updating user profiles
+- Removing and deactivating users
+- Re-activating users
+- Group mapping
+
+> [!NOTE]
+>
+> SCIM only manages users provisioned through your identity provider after
+> SCIM is enabled. It cannot remove users who were manually added to your Docker
+> organization before SCIM was set up.
+>
+> To remove those users, delete them manually from your Docker organization.
+> For more information, see
+> [Manage organization members](/manuals/admin/organization/members.md).
-> [!NOTE]
->
-> SCIM only manages users provisioned through your identity provider after
-> SCIM is enabled. It cannot remove users who were manually added to your Docker
-> organization before SCIM was set up.
->
-> To remove those users, delete them manually from your Docker organization.
-> For more information, see
-> [Manage organization members](/manuals/admin/organization/members.md).
+> [!NOTE]
+>
+> SCIM only manages users provisioned through your identity provider.
+> It cannot remove users who were manually added to your Docker organization.
+>
+> To remove manually added users, delete them manually from your Docker
+> organization. For more information, see
+> [Manage organization members](/manuals/admin/organization/members.md).
-> [!NOTE]
->
-> SCIM only manages users provisioned through your identity provider after
-> SCIM is enabled. It cannot remove users who were manually added to your Docker
-> organization before SCIM was set up.
->
-> To remove those users, delete them manually from your Docker organization.
-> For more information, see
-> [Manage organization members](/manuals/admin/organization/members.md).
+> [!NOTE]
+>
+> SCIM only manages users provisioned through your identity provider.
+> It cannot remove users who were manually added to your Docker organization.
+>
+> To remove manually added users, delete them manually from your Docker
+> organization. For more information, see
+> [Manage organization members](/manuals/admin/organization/members.md).
diff --git a/...se/security/provisioning/group-mapping.md → ...curity/provisioning/scim/group-mapping.md b/...se/security/provisioning/group-mapping.md → ...curity/provisioning/scim/group-mapping.md
@@ -7,8 +7,8 @@ aliases:
 - /admin/organization/security-settings/group-mapping/
 - /docker-hub/group-mapping/
 - /security/for-admins/group-mapping/
-- /security/for-admins/provisioning/group-mapping/
-weight: 30
+- /security/for-admins/provisioning/scim/group-mapping/
+weight: 20
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -19,7 +19,7 @@ This page explains how group mapping works, and how to set up group mapping.
 
 > [!TIP]
 >
-> Group mapping is ideal for adding users to multiple organizations or multiple teams within one organization. If you don't need to set up multi-organization or multi-team assignment, SCIM [user-level attributes](scim.md#set-up-role-mapping) may be a better fit for your needs.
+> Group mapping is ideal for adding users to multiple organizations or multiple teams within one organization. If you don't need to set up multi-organization or multi-team assignment, SCIM [user-level attributes](provision-scim.md#set-up-role-mapping) may be a better fit for your needs.
 
 ## Prerequisites
 
@@ -125,7 +125,7 @@ The next time you sync your groups with Docker, your users will map to the Docke
 
 ## Configure group mapping with SCIM
 
-Use group mapping with SCIM for more advanced user lifecycle management. Before you begin, make sure you [set up SCIM](./scim.md#enable-scim) first.
+Use group mapping with SCIM for more advanced user lifecycle management. Before you begin, make sure you [set up SCIM](./provision-scim.md#enable-scim) first.
 
 {{< tabs >}}
 {{< tab name="Okta" >}}
@@ -190,4 +190,4 @@ Once complete, a user who signs in to Docker through SSO is automatically added
 
 > [!TIP]
 >
-> [Enable SCIM](scim.md) to take advantage of automatic user provisioning and de-provisioning. If you don't enable SCIM users are only automatically provisioned. You have to de-provision them manually.
+> [Enable SCIM](provision-scim.md) to take advantage of automatic user provisioning and de-provisioning. If you don't enable SCIM users are only automatically provisioned. You have to de-provision them manually.