Use Managed Apple IDs in Apple School Manager
Like any Apple ID, Managed Apple IDs provide access to Apple services such as iCloud. With Managed Apple IDs, students and instructors use, for example, the Classroom app, the Schoolwork app, and collaborate using iWork and Notes—and users with the roles of Administrators and Staff can sign in to Apple School Manager.
Unlike personal Apple IDs, Managed Apple IDs are owned and managed by your school or district and are designed to meet the needs and legal requirements of education institutions—including password resets, limitations on purchasing and communications, and role-based administration. Apple School Manager makes it easy for schools to create and manage these accounts at scale.
Apple will only use information that personally identifies your users in order to:
Provide Apple School Manager and associated services enabled by you
Support your users’ use of Apple School Manager
This can include solving issues in connection with the use of Apple School Manager, specific troubleshooting or enhancing your users’ experience.
Important: A user with a Managed Apple ID can lock themselves out of their account if they enter an incorrect password more than 10 times. To reset their password, the user must contact any user with the role of Administrator, Site Manager, People Manager, or another user with password reset privileges.
How Managed Apple IDs are created
Managed Apple IDs are created after you:
Upload .csv files using the Secure File Transfer Protocol (SFTP)
Integrate with your Student Information System (SIS)
Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP)
See Intro to federated authentication.
Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.
Sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID or your IdP
Sync using System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.
How Managed Apple IDs are used
As any user with the role of Administrator or any Manager, you use Managed Apple IDs in three main ways—with accounts, roles, and classes.
Accounts: Users with the role of Administrator can complete a range of tasks within Apple School Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles include Site Manager, People Manager, Device Enrollment Manager, Manager, Instructor, Staff, and Student. These roles define which tasks users can perform in Apple School Manager with their Managed Apple ID.
When you create each account, you assign a role that defines the privileges for that account. If you’re importing from your Student Information System (SIS), the individual doing the import automatically assigns roles.
Classes: A class is a collection of instructor and student accounts. Classes have at least one instructor added when the class is created. After a class is created, it’s used with your mobile device management (MDM) solution to enable classes to appear in the Classroom app for iPad and Mac, and Shared iPad, and to simplify the experience for students using Shared iPad.
Managed Apple ID changes with Administrator roles
You can’t change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator.
Access to services using Managed Apple IDs
Access to specific services may vary when using Managed Apple IDs. See Service access with Managed Apple IDs in Apple Platform Deployment.
Edit Managed Apple IDs
In some cases, it may be necessary to change the Managed Apple ID for accounts—for example, if the domain name of the organization changes. Managers who have the “Create, edit, and delete Managed Apple IDs” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.
After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element that’s missing or empty for that user, the user’s Managed Apple ID won’t be updated. If the new format results in a Managed Apple ID that’s already in use, a number is added to the end of the new Managed Apple ID to make it unique.
There are two options when changing Managed Apple ID formats:
Change the Managed Apple ID format for all locations: This option changes the format for all new users. Existing users still use the original format.
Change the Managed Apple ID format for users: This option changes the format for all new and existing users.
Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
Create new Managed Apple IDs from SIS or SFTP accounts
Note: This doesn’t apply if federated authentication is turned on. Managed Apple IDs generated from SIS/SFTP use the domain in the Managed Apple ID Format in the SIS/SFTP Assistant. When a domain is federated, that domain doesn’t appear in the drop down.
In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.
Select your name at the bottom of the sidebar, select Preferences , select Directory Sync , then select Connect next to SIS/SFTP.
Select next to Create Accounts and Classes, then do one or both of the following:
Select Change Settings in the Students row to select what the Managed Apple ID will start with.
Select Change Settings in the Instructor row to select what the Managed Apple ID will start with.
You can also enter text, such as a period (for example, eliza.block), in the field.
Select Save.
Edit the Managed Apple ID format for SIS or SFTP accounts
Note: This doesn’t apply if federated authentication is turned on. Managed Apple IDs generated from SIS/SFTP use the domain in the Managed Apple ID Format in the SIS/SFTP Assistant. When a domain is federated, that domain doesn’t appear in the drop down.
In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.
Select your name at the bottom of the sidebar, select Preferences , select Directory Sync , then select Connect next to SIS/SFTP.
Select next to Create Accounts and Classes, then do one or both of the following:
Select Change Settings in the Students row to select what the Managed Apple ID will start with.
Select Change Settings in the Instructor row to select what the Managed Apple ID will start with.
You can also enter text, such as a period (for example, eliza.block), in the field.
Select Save.
Edit the Managed Apple ID format for a single user
In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , then edit the Managed Apple ID.
You can also enter text, such as a period (for example, eliza.block), in the field.
Select a domain from the list, then select Save.
Edit the Managed Apple ID format for multiple users
This task can be successfully completed only for users created manually.
In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for users in the search field. See How to search.
Select the users from the list.
Select Edit next to Update Managed Apple IDs, then select the Add button to select what the Managed Apple ID will start with.
You can also enter text, such as a period (for example, eliza.block), in the field.
Select a domain from the list, then select Continue.
Do one of the following:
Select Activity to view this activity.
Select Done.