Intro to federated authentication with Apple Business Essentials
You can use federated authentication to link Apple Business Essentials to the following:
Google Workspace
Microsoft Entra ID
Your identity provider (IdP)
As a result, your users can leverage their Google Workspace, Microsoft Entra ID, or IdP user name (generally their email address) and password as Managed Apple IDs. They can then use those credentials to sign in to their assigned iPhone, iPad, or Mac, and even to iCloud on the web.
Note: You can link to Google Workspace, Microsoft Entra ID, or your IdP, but only one at a time.
To use federated authentication and syncing, your Apple devices must meet the following minimum operating system requirements:
iOS 15.5
iPadOS 15.5
macOS 12.4
visionOS 1.1
There are specific instances where you might use federated authentication:
Federated authentication only
When Apple Business Essentials and Google Workspace, Microsoft Entra ID, or your IdP are linked, Managed Apple IDs are automatically created for users. They can then sign in using their existing user name (generally their email address) and password.
Federated authentication and directory syncing
You can also sync Apple Business Essentials to Google Workspace, Microsoft Entra ID, or your IdP. When you set up a directory sync connection, you can add Apple Business Essentials properties (such as roles) with user account data imported from one of those services. The services’ user account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited. If a user account is removed from one of those services, that user account can be removed from Apple Business Essentials. See the following: