About Managed Apple Accounts in Apple Business Manager
Overview
Managed Apple Accounts function much like Apple Accounts but are specifically designed for, owned, and managed by, an organization to help increase the productivity of employees and provide the services users may need. These accounts are separate from personal Apple Accounts users create for themselves. This helps to keep organizational data separate from personal data with robust management controls.
This also includes role-based administration and—in certain instances—password resets. They also provide access to iCloud and collaboration with iWork, Notes, and Reminders.
Lastly, Apple Business Manager makes it easy for organizations to create and manage these accounts at scale. Because Apple Business Manager integrates with your existing environment, you can provide Managed Apple Accounts to users using their existing organization credentials—for example, Google Workspace, Microsoft Entra ID, or your identity provider (IdP). You can then sync user accounts.
How Managed Apple Accounts are created
Managed Apple Accounts can be created for any domains using the following methods:
Create accounts manually
Configure and turn on federated authentication with Google Workspace, Microsoft Entra ID, or an identity provider (IdP)
Sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID
Sync using Open ID Connect (OIDC) or System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple Account must be unique. It also can’t be the same as other Apple Accounts that other users may already have.
How Managed Apple Accounts are used
Like personal Apple Accounts, Managed Apple Accounts can be used to sign in on dedicated or shared Apple devices and to access specific Apple services—including Shared iPad, iCloud, and collaboration with iWork, Notes, and Reminders.
Managed Apple Accounts can also be assigned a specific role. These roles define which tasks users can perform in Apple Business Manager.
As any user with the role of Administrator or any Manager, you use Managed Apple Accounts in two main ways—with user accounts and roles.
Accounts: Users with the role of Administrator can complete a range of tasks to manage user accounts. For example, you can assign roles or assign devices to users.
Roles: Roles help define what a user has access to.
For more information, see Intro to roles and privileges.
Deleted personal Apple Accounts
If a personal Apple Account goes through the formal deletion request process, it can’t ever be recreated nor can it be used as a Managed Apple Account, even if the organization has verified and captured the domain. For more information, see the Apple Support article How to delete your Apple Account.
Managed Apple Account password resets
Depending on how Managed Apple Accounts are created, password resets can be completed in Apple School Manager and Apple Business Manager or—if connected to an identity provider (IdP)—through the IdP.
If the reset is done through Apple Business Manager:
A user with a Managed Apple Account can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by a user with the role of Administrator.