Enforce sign-in for Docker Desktop

Subscription: Team Business
For: Administrators

By default, users can access Docker Desktop without signing in to your organization. When users don't sign in as organization members, they miss out on subscription benefits and can bypass security features configured for your organization.

You can enforce sign-in using several methods, depending on your setup:

This page provides an overview of how sign-in enforcement works.

How sign-in enforcement works

When Docker Desktop detects a registry key, .plist file, or registry.json file:

  • A Sign in required! prompt appears, requiring users to sign in as organization members to use Docker Desktop.
  • If users sign in with accounts that aren't organization members, they're automatically signed out and can't use Docker Desktop. They can select Sign in to try again with a different account.
  • When users sign in with organization member accounts, they can use Docker Desktop normally.
  • When users sign out, the Sign in required! prompt reappears and they can no longer use Docker Desktop unless they sign back in.
Note

Enforcing sign-in for Docker Desktop doesn't affect Docker CLI access. CLI access is only restricted for organizations that enforce single sign-on (SSO).

Enforcing sign-in versus enforcing single sign-on (SSO)

Enforcing Docker Desktop sign-in and enforcing SSO are different features that serve different purposes:

EnforcementDescriptionBenefits
Enforce sign-in onlyUsers must sign in before using Docker DesktopEnsures users receive the benefits of your subscription and ensures security features are applied. In addition, you gain insights into users’ activity.
Enforce single sign-on (SSO) onlyIf users sign in, they must sign in using SSOCentralizes authentication and enforces unified policies set by the identity provider.
Enforce bothUsers must sign in using SSO before using Docker DesktopEnsures users receive the benefits of your subscription and ensures security features are applied. In addition, you gain insights into users’ activity. It also centralizes authentication and enforces unified policies set by the identity provider.
Enforce neitherIf users sign in, they can use SSO or their Docker credentialsLets users access Docker Desktop without barriers, at the cost of reduced security and insights.

Next steps