Integrating with Azure AD
You use federated authentication to link Apple School Manager or Apple Business Manager to your instance of Microsoft Azure Active Directory (Azure AD). As a result, your users can leverage their Azure AD user names (User Principal Name) and passwords as Managed Apple IDs. They can then use their Azure AD credentials to sign in to iCloud on their assigned iPad or Mac and even to iCloud on the web. Students and employees can also use it to sign in on Shared iPad.
Azure AD is the identity provider (IdP) that authenticates the user for Apple School Manager and Apple Business Manager and issues authentication tokens. Because Apple School Manager and Apple Business Manager support Azure AD, other IdPs that connect to Azure AD—like Active Directory Federation Services (AD FS)—will also work. Federated authentication uses Security Assertion Markup Language (SAML) to connect Apple School Manager and Apple Business Manager to Azure AD.
System for Cross-domain Identity Management (SCIM)
The SCIM standard allows an organization to merge Apple School Manager and Apple Business Manager properties (such as SIS user name, grade levels, and roles) over account data imported from Azure AD. When an organization imports users with SCIM, the account information is added as read-only in Apple School Manager and Apple Business Manager until they disconnect from SCIM, in which case the accounts become manual accounts and attributes in these accounts can then be edited. Changes made to accounts in Azure AD sync to Apple School Manager and Apple Business Manager accounts every 20 to 40 minutes.