Add and verify a domain in Apple School Manager

Domains (also known as domain names) designate the larger organization rather than an individual member. Domain names are registered and must be globally unique.

Note: The term domain in the context of this document refers to an individual FQDN (Fully Qualified Domain Name). This means that (for example) townshipschools.org and accounts.townshipschools.org are considered two different domains and must be added and managed individually in Apple School Manager.

After you sign up for Apple School Manager, you have the option to add, then verify, a domain you registered. The reason you add and verify a domain is to take advantage of Managed Apple Accounts. These accounts—similar to personal Apple Accounts—use an email address as the account name to sign in to websites, apps, and more. The Managed Apple Account name (the email address) must be globally unique. If you didn’t register a domain, you can use the reserved domain.

For more information about Managed Apple Accounts, see Use Managed Apple Accounts.

Reserved domains

A reserved domain is automatically created for any Apple School Manager organization. The reserved domain can be used if no custom domain is available. It has the following properties:

It’s based on the website entered during the sign-up process.
It doesn’t require the organization to verify the domain.
It can’t be edited or removed.

For example, if you enrolled using the website www.townshipschools.org, the reserved domain name would be townshipschools.appleaccount.com. If multiple organizations use the same domain, an incremental number is added to the name, such as townshipschools2.appleaccount.com.

Custom domains

If you own a custom domain, you can use it to create Managed Apple Accounts. To do so, the domain must be registered and verified first. The verification process helps to ensure that only the organization who has the authority to modify the domain name service (DNS) records for the domain can create Managed Apple Accounts using that domain.

After a domain is added and verified, you can choose to manage ownership of all Apple Accounts on that domain. For more information, see Manage verified domains.

Adding a custom domain

There are two ways to add custom domains to Apple School Manager:

Manually add a custom domain, then verify it.
Sync custom domains that are already verified from any identify provider (IdP) that works with Apple School Manager. For example, you can sync custom domains that are already verified in Google Workspace or Microsoft Entra ID.

A flowchart showing the two methods of adding a domain; manually with verification or through an identity provider.

Note: You should only add domains that you own. Adding a domain you don’t own results in you being unable to create Managed Apple Accounts.

Verifying a domain

After you manually add a domain, you must then verify it. Domain verification ensures that your organization—and no one else—can use the domain you entered to create Managed Apple Accounts.

For example, to use townshipschools.org as your domain, you must add a specific TXT record—a type of Domain Name System (DNS) record—to your domain name server’s zone file within 14 calendar days of beginning the verification process (which begins when you select the Verify button). This indicates that your organization has the authority to modify the domain name service (DNS) records for your domain.

Important: You have only 14 calendar days to complete the verification process or you must start over. Depending on the network configuration, it may take some time for DNS changes to appear. Make sure you’ve notified the person in your company who can write records to your DNS entries (for example, your IT or DNS administrator) so the task can be completed before the expiration.

Only domains that haven’t been verified by another company can be added. If your domain can’t be verified, additional steps must be taken to resolve which organization is associated with a disputed domain name. This is known as a domain conflict.

Connecting to an IdP to add domains

Instead of manually adding domains, they can be synced from Google Workspace or Microsoft Entra ID by connecting one of them to Apple School Manager. This allows Apple School Manager to retrieve all domains that have already been verified for use. After a successful connection, all domains appear as verified in Apple School Manager.

For more information, see Intro to federated authentication.

Domain conflicts

There are three types of domain conflicts:

Example 1: A domain that’s registered by another organization.
Example 2: A domain that’s registered by another organization and they’ve added the TXT record to verify they own the domain name.
Example 3: Another organization has existing Managed Apple Accounts using the domain.

Important: In the first two examples, Apple doesn’t intervene in domain claims.

Examples	The organization that registered the domain name	Your organization
Example 1	They registered townshipschools.org.	Your organization can choose to send contact information (the name of the person requesting to be contacted, their email address, and the name of the organization) to the organization that registered the domain name. That organization can choose whether to contact your organization to resolve the domain claim.
Example 2	They registered townshipschools.org and verified it.	Your organization can’t send anything to their organization because townshipschools.org is registered and they added the TXT record to verify they own the domain name. Therefore, your organization can’t use the domain name.
Example 3	They registered townshipschools.org and created Managed Apple Accounts using that domain.	If a different organization has Managed Apple Accounts in the domain that you want to use, Apple investigates who owns the domain and notifies you when the investigation is complete. If more than one organization has a valid claim to the domain, no organization can verify it.