Use Managed Apple Accounts in Apple Business Essentials
Managed Apple Accounts are designed to increase the productivity of employees and provide the services users may need. These accounts are designed specifically for organizations and separate from personal Apple Accounts users create for themselves. This helps to keep organizational data separate from personal data with robust management controls.
Unlike personal Apple Accounts, Managed Apple Accounts are owned and managed by an organization—including password resets and role-based administration. They also provide access to iCloud for collaboration with iWork and Notes—and backup on iPhone and iPad devices. Apple Business Essentials makes it easy for organizations to create and manage these accounts at scale.
Important: A user with a Managed Apple Account can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Essentials user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by a user with the role of Administrator.
How Managed Apple Accounts are created
Managed Apple Accounts are created after you:
Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP)
See Intro to federated authentication.
Note: If your organization is using federated authentication, the Default Managed Apple Account Format setting doesn’t apply.
Sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID
Sync using Open ID Connect (OIDC) or System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple Account must be unique. It also can’t be the same as other Apple Accounts that other users may already have.
How Managed Apple Accounts are used
As any user with the role of Administrator or any Manager, you use Managed Apple Accounts in two main ways—with accounts and roles.
Accounts: Users with the role of Administrator can complete a range of tasks within Apple Business Essentials to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: After a Managed Apple Account is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Essentials with their Managed Apple Account.
Managed Apple Account changes with Administrator roles
Only users with the role of Administrator can modify another user with the role of Administrator, including their own account.
Access to services using Managed Apple Accounts
Access to specific services may vary when using Managed Apple Accounts. See Service access with Managed Apple Accounts in Apple Platform Deployment.