Use Managed Apple Accounts in Apple School Manager
Managed Apple Accounts are designed to increase the productivity of teachers and students and provide the services users may need. These accounts are designed specifically for schools and separate from personal Apple Accounts users create for themselves. This helps to keep school data separate from personal data with robust management controls.
Unlike personal Apple Accounts, Managed Apple Accounts are owned and managed by an organization—including password resets and role-based administration. Users can access iCloud for collaboration with iWork and Notes—and users with the roles of Administrator, Managers, Staff, and Instructors can sign in to the Apple School Manager web portal. They also allows students and instructors to use, for example, the Classroom app and the Schoolwork app. Lastly, Apple School Manager makes it easy for schools to create and manage these accounts at scale.
Apple uses only information that personally identifies your users in order to:
Provide Apple School Manager and associated services enabled by you
Support your users’ use of Apple School Manager
This can include solving issues in connection with the use of Apple School Manager, specific troubleshooting or enhancing your users’ experience.
Important: A user with a Managed Apple Account can lock themselves out of their account if they enter an incorrect password more than 10 times. To reset their password, the user must contact any user with the role of Administrator, Site Manager, People Manager, or another user with password reset privileges.
How Managed Apple Accounts are created
Managed Apple Accounts are created after you:
Upload .csv files using the Secure File Transfer Protocol (SFTP)
Integrate with your Student Information System (SIS)
Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP)
See Intro to federated authentication.
Note: If your organization is using federated authentication, the Default Managed Apple Account Format setting doesn’t apply.
Sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID
Sync using Open ID Connect (OIDC) or System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple Account must be unique. It also can’t be the same as other Apple Accounts that other users may already have.
How Managed Apple Accounts are used
As any user with the role of Administrator or any Manager, you use Managed Apple Accounts in three main ways—with accounts, roles, and classes.
Accounts: Users with the role of Administrator can complete a range of tasks within Apple School Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: After a Managed Apple Account is created for a user, roles can then be assigned for the user. These roles include Site Manager, People Manager, Device Enrollment Manager, Manager, Instructor, Staff, and Student. These roles define which tasks users can perform in Apple School Manager with their Managed Apple Account.
When you create each account, you assign a role that defines the privileges for that account. If you’re importing from your Student Information System (SIS), the individual doing the import automatically assigns roles.
Classes: A class is a collection of instructor and student accounts. Classes have at least one instructor added when the class is created. After a class is created, it’s used with your mobile device management (MDM) solution to enable classes to appear in the Classroom app for iPad and Mac, and Shared iPad, and to simplify the experience for students using Shared iPad.
Managed Apple Account changes with Administrator roles
Only users with the role of Administrator can modify another user with the role of Administrator, including their own account.
Access to services using Managed Apple Accounts
Access to specific services may vary when using Managed Apple Accounts. See Service access with Managed Apple Accounts in Apple Platform Deployment.
Create new Managed Apple Accounts from SIS or SFTP accounts
Note: This doesn’t apply if federated authentication is turned on. Managed Apple Accounts generated from SIS/SFTP use the domain in the Managed Apple Account Format in the SIS/SFTP Assistant. When a domain is federated, that domain doesn’t appear in the drop down.
In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.
Select your name at the bottom of the sidebar, select Preferences , select Directory Sync , then select Connect next to SIS/SFTP.
Select next to Create Accounts and Classes, then do one or both of the following:
Select Change Settings in the Students row to select what the Managed Apple Account will start with.
Select Change Settings in the Instructor row to select what the Managed Apple Account will start with.
You can also enter text, such as a period (for example, eliza.block), in the field.
Select Save.