Apple Business User Guide
- Welcome
-
-
-
- Intro to Configurations
-
- AirDrop configuration
- AirPlay configuration
- AirPrint configuration
- App Access configuration
- Apple Intelligence & Siri configuration
- Application Layer Firewall configuration
- Certificate configuration
- Content Caching configuration
- Custom configuration
- Data Management configuration
- Energy Saver configuration
- FileVault configuration
- Gatekeeper configuration
- iCloud configuration
- Lock Screen configuration
- Password and Screen Unlock configuration
- Software Update configuration
- VPN configuration
- Web Clip configuration
- Web Filter configuration
- Wi-Fi configuration
- Edit a configuration
- Apply Blueprints
-
- Glossary
- Document revision history
- Copyright and trademarks
Intro to users and user groups in Apple Business
Overview
User accounts in Apple Business can be created manually. They’re also created after you:
Sync with Google Workspace
Sync with Microsoft Entra ID or your identity provider (IdP) using OpenID Connect (OIDC)
Sync with your IdP using System for Cross-domain Identity Management (SCIM)
Each user account may have the following information associated with it, which can be viewed in the account list or when an account is selected:
Status
First, middle, and last name
Managed Apple Account
Roles and Organizational Units
Authentication type
User groups associated
Email address
Devices associated
Assigned plans
iCloud storage (used, available, total)
Assigned apps
Assigned settings
Person Number
Cost Center
Department
Division
When an account is copied from Google Workspace, Microsoft Entra ID, or your IdP (using SCIM) to Apple Business, the Roles attribute can be edited.
User groups
You can create a group of users in Apple Business. These are known as user groups and there are two types, Smart User Groups and User Groups. Both types can be assigned to plans and to Blueprints. A Blueprint is a group of apps and settings that, when assigned to a user group, provide it with a quick and easy way to automate the assigning of apps and device settings.
Note: Users can be a member of more than one Smart User Group and User Group. See Add user groups.
User status
A user’s status can be one of the following:
New: This user account is new, and the user hasn’t yet signed in.
Active: This user account is active, and the user has signed in at least once.
Deactivated: This user account has been deactivated, and the user is unable to use their Managed Apple Account to sign in to a device.
Locked: This user account has been locked because of too many unsuccessful sign-in attempts.
Depending on how the user account was created, you may be able to perform certain actions on that account.
Status | Actions |
|---|---|
New | Delete |
Active | Deactivate Delete |
Deactivated Note: A deactivated account is signed out of devices and can’t be signed back in. Unless the account is synced again within the next 30 days, it automatically gets removed. | Reactivate Delete |
Locked | Reset Password |