Use Managed Apple IDs in Apple Business Manager
A user can have two types of Apple IDs: a Managed Apple ID and a personal Apple ID:
A Managed Apple ID is owned and managed by your organisation — including password resets and role-based administration. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices. Apple Business Manager makes it easy for organisations to create and manage these accounts at scale.
A personal Apple ID is used to access personal data such as Photos, iMessages and other personal iCloud data when signed in to a personal device.
Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.
How Managed Apple IDs are created
Managed Apple IDs are created after you:
Configure and enable federated authentication with Google Workspace, Microsoft Entra ID or your identity provider (IdP)
See Introduction to federated authentication.
Note: If your organisation is using federated authentication, the Default Managed Apple ID Format setting does not apply.
sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID or your IdP
Sync using System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple ID must be unique. It also cannot be the same as other Apple IDs that other users may already have.
How Managed Apple IDs are used
As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways — with accounts and roles.
Accounts: users with the role of Administrator can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: after a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.
Managed Apple ID changes with Administrator roles
You cannot change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator.
Access to services using Managed Apple IDs
Access to specific services may vary when using Managed Apple IDs. See Service access with Managed Apple IDs in Apple Platform Deployment.
Edit Managed Apple IDs
In some cases, it may be necessary to change the Managed Apple ID for accounts — for example, if the domain name of the organisation changes. Managers who have the “Create, edit and delete Managed Apple IDs” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.
After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element which is missing or empty for that user, the user’s Managed Apple ID will not be updated. If the new format results in a Managed Apple ID which is already in use, a number is added to the end of the new Managed Apple ID to make it unique.
Important: Users are not notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
Edit the Managed Apple ID format for a single user
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , then edit the Managed Apple ID.
You can also enter text, such as a full stop (for example, eliza.block), in the field.
Select a domain from the list, then select Save.
Edit the Managed Apple ID format for multiple users
This task can be successfully completed only for users created manually.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for users in the search field. See How to search.
Select the users from the list.
Select Edit next to Update Managed Apple IDs, then select the Add button to select what the Managed Apple ID will start with.
You can also enter text, such as a full stop (for example, eliza.block), in the field.
Select a domain from the list, then select Continue.
Do one of the following:
Select Activity to view this activity.
Select Done.