Transfer Apple services when federating
When you configure and turn on federated authentication in Apple Business Manager, there are several services your organisation relies on that might need to be transferred from personal Apple IDs to Managed Apple IDs. Below is a list of those services and recommended steps to ensure there’s no gap in continuity in accessing those services.
Apple Push Notification service (APNs)
APNs certificates are most commonly used by organisations to enable communication from their mobile device management (MDM) solution to managed devices. The APNs certificate associated with a personal Apple ID can be moved to a Managed Apple ID by contacting Apple. This process can take up to 10 business days. No interruption in communication between the mobile device management (MDM) solution and the devices occurs when the move to a new account is completed. See Contact Apple for help with Apple Push Notification service certificates.
Apple Developer Program
Organisations with Apple Developer Program memberships must create new accounts with the necessary roles for users’ Managed Apple IDs.
Important: Command-line services—like notarization—that use app-specific passwords won’t work with Managed Apple IDs.
Change the username of the existing developer Apple ID to another domain or subdomain that isn’t being federated. Popular personal email services will work for developer accounts.
Have the user generate a new federated Managed Apple ID. This can be done by signing in to iCloud using Settings on an iPhone or iPad, System Settings (in macOS 13 or later), or System Preferences (in macOS 12 or earlier), or during the initial setup of the device.
In the developer account, have another team member send an invite to the newly created Managed Apple ID and assign the appropriate role.
For information on transferring the developer Account Holder role to someone else on your development team, see Account Holder Role Transfer on the Apple Developer website.
Global Service Exchange (GSX)
Approved organisations that self-repair Apple products need to plan their transition. They may need to work with the Apple GSX teams, whose email addresses are listed below, along with the countries or regions they cover.
Apple GSX email address | Country or region covered | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
svc.authorize_amr@apple.com | Canada Latin America United States | ||||||||||
svc.authorize_emea@apple.com | Africa Europe India Middle East | ||||||||||
svc.authorize_apac@apple.com | Asia-Pacific countries and regions | ||||||||||
account_admin_china@apple.com | China | ||||||||||
account_admin_china@apple.com (for traditional Chinese language support, include Chinese in the email’s subject line) | Hong Kong Macao Taiwan |
Access to GSX is limited to approved domains and invited Managed Apple IDs. Before enabling federation, create at least one Managed Apple ID in an approved domain and invite that user to GSX. After personal Apple IDs are removed from the domain, Managed Apple IDs can be created using the same name; these Managed Apple IDs must be invited to GSX. If those individuals have certifications, send an email to certifications@apple.com to have those certifications moved between accounts.
If necessary, you can update account information for your organisation by signing in at https://aamt.apple.com/.
If you are asked to update your personal Apple ID, see the Apple Support article If you are asked to update your Apple ID email address.
Apple online stores
Individuals with access to their organisation’s online store must complete the conflict resolution process to update logins affected by federation. If you want to use a federated Managed Apple ID for the online store, complete the following steps:
Have the user generate a new federated Managed Apple ID. The user must sign in to iCloud using Settings on an iPhone or iPad, using System Settings (in macOS 13 or later), or System Preferences (in macOS 12 or earlier), or during the initial setup of the device.
Do one of the following:
In Apple School Manager, change the user’s role to Staff, Instructor or Manager.
In Apple Business Manager or Apple Business Essentials, change the user’s role to Staff.
Contact your dedicated Apple Account Executive and request that a new invitation be generated for the federated Managed Apple ID.
Note: If you encounter an issue, send an email to myaccess.support@apple.com or visit Contact Apple for support and service and ask for Sales.