Transferring Apple services when using federated authentication with Apple School Manager
When enabling federation within Apple School Manager there are several services your organization relies on that might need to be transferred from personal Apple IDs to Managed Apple IDs. Below is a list of those services and recommended steps to ensure there is no gap in continuity in accessing those services.
Apple Push Notification service (APNs)
APNs certificates are most commonly used by organizations to enable communication from their mobile device management (MDM) solution to managed devices. The APNs certificate associated with a personal Apple ID can be moved to a Managed Apple ID by contacting Apple. This process can take up to 10 business days. No interruption in communication between the MDM solution and the devices occurs when the move to a new account is completed. See Contact Apple for help with Apple Push Notification service certificates.
Global Service Exchange (GSX)
Approved organizations that self-repair Apple products need to plan their transition. They may need to work with the Apple GSX teams, whose email addresses are listed below, along with the countries or regions they cover.
Apple GSX email address
Country or region covered
Asia-Pacific countries and regions
firstname.lastname@example.org (for traditional Chinese language support, include Chinese in the email’s subject line)
Access to GSX is limited to approved domains and invited Managed Apple IDs. Before enabling federation, create at least one Managed Apple ID in an approved domain and invite that user to GSX. After personal Apple IDs are removed from the domain, Managed Apple IDs can be created using the same name; these Managed Apple IDs must be invited to GSX. If those individuals have certifications, send an email to email@example.com to have those certifications moved between accounts.
If necessary, you can update account information for your organization by signing in at http://aamt.apple.com/.
If you are asked to update your personal Apple ID, see the Apple Support article If you are asked to update your Apple ID email address.
Apple Online Store
Individuals with access to their organization’s online store must complete the conflict resolution process to update logins affected by federation. If you want to use a federated Managed Apple ID for the online store, complete the following steps:
Have the user generate a new federated Managed Apple ID. The user must sign in to iCloud using Settings on an iPhone or iPad, using System Preferences on Mac, or during the initial setup of the device.
Do one of the following:
In Apple School Manager, change the user’s role to Staff, Instructor, or Manager.
In Apple Business Manager, change the user’s role to Staff.
Contact your dedicated Apple Account Executive and request that a new invitation be generated for the federated Managed Apple ID.