Fix issue #24065: add SSO certificate expiration workarounds#24446
Fix issue #24065: add SSO certificate expiration workarounds#24446
Conversation
Assisted-By: docker-agent
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
![docker-agent[bot]](https://avatars.githubusercontent.com/in/2787757?s=60&v=4){kind=small}
content/manuals/enterprise/security/single-sign-on/FAQs/idp-faqs.md
Outdated
Show resolved
Hide resolved
Remove **Term**: Description format from workarounds list and use simple descriptive bullets instead, as per STYLE.md guidelines. Assisted-By: docker-agent
|
Thank you for catching the style violation. You're correct that the "Term - Description" format reads like marketing copy and doesn't align with our documentation standards. I've converted the list to simple descriptive bullets that are more direct and appropriate for technical documentation. The content now follows our style guide's guidance on list formatting. |
|
/review |
|
|
||
| If your certificate expires, contact your identity provider to retrieve a new X.509 certificate. Then update the certificate in the [SSO configuration settings](/manuals/enterprise/security/single-sign-on/manage.md#manage-sso-connections) in the Docker Admin Console. | ||
|
|
||
| ### Workarounds if users are locked out |
There was a problem hiding this comment.
Inconsistent heading hierarchy
The subsection 'Workarounds if users are locked out' uses a level-3 heading (###) which is inconsistent with the FAQ page structure. All other content uses level-2 headings (##) for each FAQ question.
This makes the new section appear subordinate when it's actually a distinct set of workarounds that deserve equal visibility. Consider making this a level-2 heading like the other FAQs.
|
|
||
| - Contact Docker Support to help you regain access to update the certificate | ||
| - Sign in with your Docker username and password to access the Admin Console (if SSO enforcement is not turned on) | ||
| - Maintain a dedicated administrator account (sometimes called a "break-glass" or "guest user" account) that is not subject to SSO for emergency access |
There was a problem hiding this comment.
Misplaced content: preventive measure listed as lockout workaround
The bullet point 'Maintain a dedicated administrator account...' is a recommendation for future action, not a workaround for an existing lockout. This doesn't fit the subsection heading 'Workarounds if users are locked out'.
The first two bullets are appropriate reactive measures for an existing lockout. However, maintaining a break-glass account is preventive advice - you can't create this account after you're already locked out. This bullet belongs in a prevention/best practices section, not under emergency workarounds.
The following sentence about monitoring certificates is correctly placed as prevention advice, but mixing prevention with workarounds creates confusion about when to take each action.
1 participant
Enhances the SSO certificate expiration FAQ with practical workarounds for locked-out users.
Changes:
This helps administrators handle certificate expiration scenarios more effectively.
Fixes #24065