Intro to Managed Apple Accounts in Apple Business
Overview
Managed Apple Accounts are specifically designed for, owned, and managed by, an organization to help increase the productivity of employees and provide the services users need. Using Managed Apple Accounts helps to keep organizational data separate from personal data that users with unmanaged (personal) Apple Accounts create for themselves.
Apple Business makes it easy for organizations to create and manage these accounts at scale. Because Apple Business integrates with your existing environment, you can provide Managed Apple Accounts to users using their existing organization credentials—for example, Google Workspace, Microsoft Entra ID, or your identity provider (IdP). You can then sync user accounts.
What domains can be used to create Managed Apple Accounts?
There are two types of domains you can use to create Managed Apple Accounts: reserved and custom. See Intro to domain management.
How are Managed Apple Accounts created?
Managed Apple Accounts can be created for any domains using the following methods:
Create accounts manually
Configure and turn on federated authentication with Google Workspace, Microsoft Entra ID, or an IdP
Sync with Google Workspace
Sync using OpenID Connect (OIDC) with Microsoft Entra ID
Sync using OIDC or System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple Account needs to be unique. It also can’t be the same as an Apple Account another user may already have.
How are Managed Apple Accounts used?
Managed Apple Accounts provide access to specific services, such as:
iCloud services
Continuity between devices
Business services
Apple Developer programs and services
Collaboration and communication services
For a complete list, see Service access with Managed Apple Accounts.
Managed Apple Accounts also use role-based administration (which tasks users can perform in Apple Business) and—in certain instances—password resets.
What happens if a personal Apple Account is deleted?
If an unmanaged (personal) Apple Account goes through the formal deletion request process, it can’t be recreated nor can it be used as a Managed Apple Account for six years, even if the organization has verified and captured the domain. For more information, see the Apple Support article How to delete your Apple Account.
How do Managed Apple Account password resets work?
Depending on how Managed Apple Accounts are created, password resets can be completed in Apple Business or—if connected to an IdP—through them.
If the reset is done through Apple Business, a user with a Managed Apple Account can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity. To reset their password, the user needs to contact a user whose role has permissions to create, edit, and delete Managed Apple Accounts. For users locked due to suspected fraudulent activities, an Apple Business user with the role of Organization Administrator needs to contact Apple to have the account unlocked. At that point, the user’s password can be reset by a user with the role of Organization Administrator.
Users with the role of Organization Administrator can reset their own password or the password of another Organization Administrator. See Organization Administrator password resets.