Intro to Microsoft Azure AD with Apple School Manager
In Apple School Manager, you can link to Microsoft Azure Active Directory (Azure AD) to allow users to sign in with their Azure AD username and password.
Multiple domains can be federated, but they must be from the same single public tenant. If you’re attempting to federate a domain you’ve already verified but another organisation has already federated the identical domain, you must contact that organisation to determine who has the authority to federate the domain. See About domain conflicts.
Important: Federated authentication requires that a user’s User Principal Name (UPN) match their email address. User Principal Name aliases and Alternate IDs aren’t supported.
Azure AD is the Identity Provider (IdP) that authenticates the user for Apple School Manager and issues authentication tokens. Because Apple School Manager supports Azure AD, other IdPs that connect to Azure AD – like Active Directory Federation Services (AD FS) – will also work with Apple School Manager.
Federated authentication and directory sync
To add the Apple School Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple School Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple School Manager to use SCIM (System for Cross-domain Identity Management) for directory sync. See Review SCIM requirements.