Change a user’s domain information using Apple Business Manager
In Apple Business Manager, changes to a user’s domain information account require the user to sign out and sign in again with their new password.
Important: If a user’s password is changed in Azure AD, Apple Business Manager invalidates the current session with that user. The user must sign in again with their new password to continue using federated authentication for access.
Change a federated user’s role
When you successfully complete your federated authentication, all users from your domain have the role of Staff. You may want to change roles for Content Managers, Device Enrollment Managers, and Staff. If you change the role to Administrator or People Manager, that user’s authentication changes from Federated (they use their Google Workspace or Azure AD password) to Apple. They still retain the Managed Apple ID and email address they had when federated authentication was completed.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , change the role, then tap Save.
Change a user’s email to a federated domain
If you’ve successfully linked Apple Business Manager to your Google Workspace or Azure AD domain, you can change an existing account so that its email address and Managed Apple ID are identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , change the email address, tap OK to also change the Managed Apple ID to match the email address, then tap Save.
That user can now sign in with their Managed Apple ID and their domain password.
Edit the Managed Apple ID to a federated domain for a user
If you’ve successfully linked Apple Business Manager to your Google Workspace or Azure AD domain, you can change a nonfederated account so that its Managed Apple ID and email address are identical. An exception is that a user with the role of Administrator and People Manager can’t use the same account for both.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , change the Managed Apple ID, tap OK to also change the email address to match the Managed Apple ID, then tap Save.
Edit the Managed Apple ID to a federated domain for multiple users
Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for accounts in the search field. See How to search.
Select the users from the list.
Tap Edit next to Update Managed Apple IDs, then do one of the following:
Change the Managed Apple ID’s unique user name structure.
Change the domain name structure.
Change both.
Change the Managed Apple ID, tap OK to also change the email address to match the Managed Apple ID, then tap Save.
Do one of the following:
Tap Activity to view this activity.
Tap Done.
Change a user’s email to an unfederated domain
If you want users to use an email address different from the one in their Azure AD domain account, you can change it. You must make their email address and Managed Apple ID identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in with an account whose role can make changes to other accounts, then tap Accounts in the sidebar.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , change the email address, tap OK to match the Managed Apple ID, then tap Save.
Notify the user that they have a new Managed Apple ID.
Edit the Managed Apple ID to an unfederated domain for a user
If you don’t want users to use the Managed Apple ID in their Azure AD domain account, you can change it. You must make their Managed Apple ID and email address identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , change the Managed Apple ID, tap OK to also change the email address to match the Managed Apple ID, then tap Save.
Notify the user that they have a new Managed Apple ID.
Edit the Managed Apple ID to an unfederated domain for multiple users
Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for accounts in the search field. See How to search.
Select the users from the list.
Tap Edit next to Update Managed Apple IDs, then do one of the following:
Change the Managed Apple ID’s unique user name structure.
Change the domain name structure.
Change both.
Change the Managed Apple ID, tap OK to also change the email address to match the Managed Apple ID, then tap Save.
Do one of the following:
Tap Activity to view this activity.
Tap Done.