```
4. Use a MDM solution to distribute your modified `.mobileconfig` file to your macOS clients.
5. Verify that the profile is added to **Device (Managed)** profiles list (**System Settings** > **General** > **Device Management**) on your macOS clients.
## plist method (Mac only)
> [!NOTE]
>
> The `plist` method is available with Docker Desktop version 4.32 and later.
To enforce sign-in for Docker Desktop on macOS, you can use a `plist` file that defines the required settings. The following steps guide you through the process of creating and deploying the necessary `plist` file to enforce this policy:
1. Create the file `/Library/Application Support/com.docker.docker/desktop.plist`.
2. Open `desktop.plist` in a text editor and add the following content, where `myorg` is replaced with your organization’s name all lowercase:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allowedOrgs</key>
<array>
<string>myorg1</string>
<string>myorg2</string>
</array>
</dict>
</plist>
```
> [!IMPORTANT]
>
> As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, sign-in enforcement silently fails if you add more than one organization.
3. Modify the file permissions to ensure the file cannot be edited by any non-administrator users.
4. Restart Docker Desktop.
5. When Docker Desktop restarts, verify that the **Sign in required!** prompt appears.
> [!NOTE]
>
> If a `plist` and `registry.json` file both exist, the `plist` file takes precedence.
### Example deployment
The following example outlines how to create and distribute the `plist` file to enforce sign-in on Docker Desktop. There are multiple ways to deploy this configuration depending on your organization's infrastructure, security policies, and management tools.
{{< tabs >}}
{{< tab name="MDM" >}}
1. Follow the steps previously outlined to create the `desktop.plist` file.
2. Use an MDM tool like Jamf or Fleet to distribute the `desktop.plist` file to `/Library/Application Support/com.docker.docker/` on target macOS devices.
3. Through the MDM tool, set the file permissions to permit editing by administrators only.
{{< /tab >}}
{{< tab name="Shell script" >}}
1. Create a Bash script that can check for the existence of the `.plist` file in the correct directory, create or modify it as needed, and set the appropriate permissions.
Include commands in your script to:
- Navigate to the `/Library/Application Support/com.docker.docker/` directory or create it if it doesn't exist.
- Use the `defaults` command to write the required keys and values to the `desktop.plist` file. For example:
```console
$ defaults write /Library/Application\ Support/com.docker.docker/desktop.plist allowedOrgs -string "myorg"
```
- Change permissions of the `plist` file to restrict editing, using `chmod` and possibly `chown` to set the owner to root or another administrator account, ensuring it can't be easily modified by unauthorized users.
2. Before deploying the script across the organization, test it on a local macOS machine to ensure it behaves as expected. Pay attention to directory paths, permissions, and the successful application of `plist` settings.
3. Ensure that you have the capability to execute scripts remotely on macOS devices. This might involve setting up SSH access or using a remote support tool that supports macOS.
4. Use a method of remote script execution that fits your organization's infrastructure. Options include:
- SSH: If SSH is enabled on the target machines, you can use it to execute the script remotely. This method requires knowledge of the device's IP address and appropriate credentials.
- Remote support tool: For organizations using a remote support tool, you can add the script to a task and execute it across all selected machines.