Add and verify a domain in Apple Business Manager
Domains (also known as domain names) designate the larger organisation rather than an individual member. Domain names are registered and must be globally unique.
Note: The term domain in the context of this document refers to an individual FQDN (Fully Qualified Domain Name). This means that (for example) betterbag.com and accounts.betterbag.com are considered two different domains and must be added and managed individually in Apple Business Manager.
After you sign up for Apple Business Manager, you have the option to add, then verify, a domain you registered. The reason you add and verify a domain is to take advantage of Managed Apple Accounts. These accounts—similar to personal Apple Accounts—use an email address as the account name to sign in to websites, apps and more. The Managed Apple Account name (the email address) must be globally unique. If you didn’t register a domain, you can use the reserved domain.
See Use Managed Apple Accounts.
Reserved domains
A reserved domain is automatically created for any Apple Business Manager organisation. The reserved domain can be used if no custom domain is available. It has the following properties:
It’s based on the website entered during the sign-up process.
It doesn’t require the organisation to verify the domain.
It can’t be edited or removed.
For example, if you enrolled using the website www.betterbag.com, the reserved domain name would be betterbag.appleaccount.com. If multiple organisations use the same domain, an incremental number is added to the name, such as betterbag2.appleaccount.com.
Custom domains
If you own a custom domain, you can use it to create Managed Apple Accounts. To do so, the domain must be registered and verified first. The verification process helps to ensure that only the organisation who has the authority to modify the domain name service (DNS) records for the domain can create Managed Apple Accounts using that domain.
After a domain is added and verified, you can choose to manage ownership of all Apple Accounts on that domain. See Manage verified domains.
Adding a custom domain
There are two ways to add custom domains to Apple Business Manager:
Manually add a custom domain, then verify it.
Sync custom domains that are already verified from any identify provider (IdP) that works with Apple Business Manager. For example, you can sync custom domains that are already verified in Google Workspace or Microsoft Entra ID.
Note: You should only add domains that you own. Adding a domain you don’t own results in you being unable to create Managed Apple Accounts.
Verifying a domain
After you manually add a domain, you must then verify it. Domain verification ensures that your organisation—and no one else—can use the domain you entered to create Managed Apple Accounts.
For example, to use betterbag.com as your domain, you must add a specific TXT record—a type of Domain Name System (DNS) record—to your domain name server’s zone file within 14 calendar days of beginning the verification process (which begins when you select the Verify button). This indicates that your organisation has the authority to modify the domain name service (DNS) records for your domain.
Important: You have only 14 calendar days to complete the verification process or you must start over. Depending on the network configuration, it may take some time for DNS changes to appear. Make sure you’ve notified the person in your company who can write records to your DNS entries (for example, your IT or DNS administrator) so the task can be completed before the expiration.
Only domains that haven’t been verified by another company can be added. If your domain can’t be verified, additional steps must be taken to resolve which organisation is associated with a disputed domain name. This is known as a domain conflict.
Connecting to an IdP to add domains
Instead of manually adding domains, they can be synced from Google Workspace or Microsoft Entra ID by authenticating one of them to Apple Business Manager. This allows Apple Business Manager to retrieve all domains that have already been verified for use. After a successful connection, all domains appear as verified in Apple Business Manager.
Domain conflicts
There are three types of domain conflicts:
Example 1: A domain that’s registered by another organisation.
Example 2: A domain that’s registered by another organisation and they’ve added the TXT record to verify they own the domain name.
Example 3: Another organisation has existing Managed Apple Accounts using the domain.
Important: In the first two examples, Apple doesn’t intervene in domain claims.
Examples | The organisation that registered the domain name | Your organisation | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Example 1 | They registered betterbag.com. | Your organisation can choose to send contact information (the name of the person requesting to be contacted, their email address and the name of the organisation) to the organisation that registered the domain name. That organisation can choose whether to contact your organisation to resolve the domain claim. | |||||||||
Example 2 | They registered betterbag.com and verified it. | Your organisation can’t send anything to their organisation because betterbag.com is registered and they added the TXT record to verify they own the domain name. Therefore, your organisation can’t use the domain name. | |||||||||
Example 3 | They registered betterbag.com and created Managed Apple Accounts using that domain. | If a different organisation has Managed Apple Accounts in the domain that you want to use, Apple investigates who owns the domain and notifies you when the investigation is complete. If more than one organisation has a valid claim to the domain, no organisation can verify it. |
Add and verify a domain
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Select your name at the bottom of the sidebar, select Preferences , then select Managed Apple Accounts .
In the Domains section, select Add Domain, then enter the domain you want to use.
Do one of the following:
If you entered a domain that’s registered and verified by another organisation, you must enter a different domain to continue.
If you entered a domain that’s registered to another organisation but not verified, you can select “I agree to share my contact information above,” then select Submit. See Domain conflicts.
Select Add domain, then complete the rest of the steps in this task.
Select Verify next to the domain.
A TXT record appears and you receive an email saying that the domain you selected is now attempting to be verified. You have 14 calendar days to complete the verification process. The TXT record contains a string with random characters at the end. For example:
“apple-domain-verification=RaNdOmLeTtErSaNdNuMbErS.”
Select the Copy button.
If you’re using one of the following services, see their documentation for pasting a TXT record into a zone file or contact your DNS administrator:
GoDaddy: Add a TXT record.
Microsoft Entra ID: Add a TXT or MX record to verify you own the domain.
NameCheap: How do I add TXT/SPF/DKIM/DMARC records for my domain?
Network Solutions: How Do I Manage DNS and Advanced DNS Records?
Select “Text (TXT) Records or Sender Policy Framework (SPF) Records.”
If you have a different domain registrar, contact them for information on how to add a TXT record to your DNS zone file.
After you’ve added the DNS TXT record successfully, finalise the verification process.
Note: Only domains that haven’t been claimed by another organisation can be added. See Domain conflicts.
Finalise the verification process
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select your name at the bottom of the sidebar, select Preferences , then select Managed Apple Accounts .
Locate the domain whose TXT record was added, then select Check Now.
If the TXT record has been correctly entered into the DNS zone file, the shown record and Copy button should change to Verified ownership.
If the TXT record has been incorrectly entered into the DNS zone file, the Check Now button won’t change.
After a domain has been successfully verified you can remove the TXT record from the zone file if necessary.