---
description: Learn about the different ways you can force your developers to sign in to Docker Desktop
keywords: authentication, registry.json, configure, enforce sign-in, docker desktop, security, .plist. registry key, mac, windows
title: Ways to enforce sign-in for Docker Desktop
tags: [admin]
linkTitle: Methods
---
{{< summary-bar feature_name="Enforce sign-in" >}}
This page outlines the different methods for enforcing sign-in for Docker Desktop.
## Registry key method (Windows only)
> [!NOTE]
>
> The registry key method is available with Docker Desktop version 4.32 and later.
To enforce sign-in for Docker Desktop on Windows, you can configure a registry key that specifies your organization's allowed users. The following steps guide you through creating and deploying the registry key to enforce this policy:
1. Create the registry key. Your new key should look like the following:
```console
$ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Docker\Docker Desktop
```
2. Create a multi-string value `allowedOrgs`.
> [!IMPORTANT]
>
> As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails.
3. Use your organization's name, all lowercase as string data. If you're adding more than one organization, make sure they are all on their own line. Don't use any other separators such as spaces or commas.
4. Restart Docker Desktop.
5. When Docker Desktop restarts, verify that the **Sign in required!** prompt appears.
In some cases, a system reboot may be necessary for enforcement to take effect.
> [!NOTE]
>
> If a registry key and a `registry.json` file both exist, the registry key takes precedence.
### Example deployment via Group Policy
The following example outlines how to deploy a registry key to enforce sign-in on Docker Desktop using Group Policy. There are multiple ways to deploy this configuration depending on your organization's infrastructure, security policies, and management tools.
1. Create the registry script. Write a script to create the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Docker\Docker Desktop` key, add the `allowedOrgs` multi-string, and then set the value to your organization’s name.
2. Within Group Policy, create or edit a Group Policy Objective (GPO) that applies to the machines or users you want to target.
3. Within the GPO, navigate to **Computer Configuration** and select **Preferences**.
4. Select **Windows Settings** then **Registry**.
5. To add the registry item, right-click on the **Registry** node, select **New**, and then **Registry Item**.
6. Configure the new registry item to match the registry script you created, specifying the action as **Update**. Make sure you input the correct path, value name (`allowedOrgs`), and value data (your organization names).
7. Link the GPO to an Organizational Unit (OU) that contains the machines you want to apply this setting to.
8. Test the GPO on a small set of machines first to ensure it behaves as expected. You can use the `gpupdate /force` command on a test machine to manually refresh its group policy settings and check the registry to confirm the changes.
9. Once verified, you can proceed with broader deployment. Monitor the deployment to ensure the settings are applied correctly across the organization's computers.
## Configuration profiles method (Mac only)
{{< summary-bar feature_name="Config profiles" >}}
Configuration profiles are a feature of macOS that let you distribute
configuration information to the Macs you manage. It is the safest method to
enforce sign-in on macOS because the installed configuration profiles are
protected by Apples' System Integrity Protection (SIP) and therefore can't be
tampered with by the users.
1. Save the following XML file with the extension `.mobileconfig`, for example
`docker.mobileconfig`:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">