This article has been archived and is no longer updated by Apple.

Verify domains in Apple Business Manager and Apple School Manager

Learn about the updated requirements to verify domains in Apple Business Manager and Apple School Manager.

This article is intended for network administrators.

Apple requires organisations to verify all existing unverified and new domains that are associated with Apple Business Manager and Apple School Manager. You must do this before creating Managed Apple IDs.

On 8 December 2021, all unverified domains were removed from Apple Business Manager and Apple School Manager organisations. Managed Apple IDs on unverified domains will be migrated to the reserved domain. End users won't be notified of this change. All roles and privileges will remain intact, including the account password and associated email address. For example, if you’re using the domain example.com and don’t verify it before December, managed Apple IDs will be renamed from person@example.com to person@examplecom.appleid.com automatically.

Administrators will not be affected.

To prevent disruption, verify your domain now or move your Managed Apple IDs to a verified domain or the reserved domain.

View domains

To determine whether you need to verify your domain, sign in to Apple Business Manager or Apple School Manager and navigate to Settings > Accounts. Domains with a green circle to the left of the name have been verified. Domains with a yellow circle need to be verified.

Domains view in Organisation settings tab of Apple Business Manager settings

Verify existing domains in Apple Business Manager.

Verify existing domains in Apple School Manager.

Remove a domain

To remove a domain that you can’t verify or don’t intend to use, sign in to Apple Business Manager or Apple School Manager and navigate to Settings > Accounts. Click Edit next to Domains, then click Remove. If there are Managed Apple IDs in the unverified or unused domain, click Update Domain Name to move the Managed Apple IDs to a verified or reserved domain. You'll need to notify these users that they'll be required to use the updated Managed Apple ID the next time they sign in.

Verified domains

Certain features require verified domains, including integrating Apple School Manager with your Student Information System (SIS), importing users with Secure File Transfer Protocol (SFTP) or enabling federated authentication. If you want to use these features, you must use a verified domain.

Verifying a top-level domain doesn't verify subdomains. For example, verifying example.com won’t verify appleid.example.com.  You'll need to verify appleid.example.com independently.

Reserved domain

A reserved domain is a domain that Apple provides.  You can use it without additional verification.  It's based on the website that you used when you enrolled in Apple Business Manager. For example, if you enrolled using the website www.example.com, the reserved domain name would be example.appleid.com. If multiple organisations use the same domain, an incremental number is added to the name, such as example2.appleid.com. The reserved domain is generated automatically and can't be edited or removed.

If you don't verify your domain

If you don't verify your domain, Shared iPad and iCloud sessions will be signed out and Managed Apple IDs on that domain will be moved to the reserved domain. End users won't be notified of this change, and it's your responsibility to inform them.

Multiple organisations

Multiple organisations can all verify the same domain if the domain was associated with Apple Business Manager before March 2020. Each organisation must verify the domain individually. Work with other Apple Business Manager administrators to make sure one organisation has verified the domain before the other organisation starts the process. If multiple organisations try to verify at the same time, it could cause errors when validating the TXT record.

Personal Apple IDs

Verifying a domain doesn't create conflicts with existing Apple IDs that use the domain. However, if the organisation enables federated authentication, users will be required to choose a new name for conflicting Apple IDs.

Published Date: