Intro to Microsoft Azure AD with Apple Business Manager
In Apple Business Manager, you can link to Microsoft Azure Active Directory (Azure AD) to allow users to sign in with their Azure AD username and password.
Multiple domains can be federated, but they must be from the same single public tenant. If you are attempting to federate a domain you have already verified but another organisation has already federated the identical domain, you must contact that organisation to determine who has the authority to federate the domain. See About domain conflicts.
Important: Federated authentication requires that a user’s User Principal Name (UPN) match their email address. User Principal Name aliases and Alternate IDs are not supported.
Azure AD is the Identity Provider (IdP) that authenticates the user for Apple Business Manager and issues authentication tokens. Because Apple Business Manager supports Azure AD, other IdPs that connect to Azure AD — such as Active Directory Federation Services (AD FS) — will also work with Apple Business Manager.
Federated authentication and directory sync
To add the Apple Business Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple Business Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple Business Manager to use SCIM (System for Cross-domain Identity Management) for directory sync. See Review SCIM requirements.