Intro to federated authentication with Apple Business Manager
You use federated authentication to link Apple Business Manager to the following:
Google Workspace
Microsoft Azure Active Directory (Azure AD)
Your identity provider (IdP)
As a result, your users can leverage their Google Workspace, Azure AD or IdP user names (User Principal Name) and passwords as Managed Apple IDs. They can then use those credentials to sign in to their assigned iPhone, iPad or Mac, and even to iCloud on the web.
Note: You can link to Google Workspace, Azure AD or your IdP, but only one at a time.
To use federated authentication, your Apple devices must meet the following operating system requirements:
Usage | Minimum supported operating system | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Federated authentication with Microsoft Azure AD | iOS 11.3 iPadOS 13.1 macOS 10.13.4 | ||||||||||
Federated authentication with Google Workspace | iOS 15.5 iPadOS 15.5 macOS 12.4 | ||||||||||
Federated authentication with your identity provider | iOS 15.5 iPadOS 15.5 macOS 12.4 |
There are specific instances where you might use federated authentication:
Federated authentication only
When Apple Business Manager and Google Workspace, Azure AD or your IdP are linked, users who sign in to Apple Business Manager using their Google Workspace, Azure AD or your IdP user name and password have those same credentials become their Managed Apple ID automatically. If a user is removed from Google Workspace, Azure AD or your IdP, that user can be removed from Apple Business Manager.
Federated authentication and Shared iPad
When you use federated authentication with Shared iPad, the sign-in process varies depending on whether the user already exists in Apple Business Manager. To view the sign-in scenarios, see Sign in to Shared iPad.
If the user forgets their passcode, you must reset the Shared iPad passcode.