Use Managed Apple IDs in Apple Business Manager
A user can have two types of Apple IDs: a Managed Apple ID and a personal Apple ID:
A Managed Apple ID is owned and managed by your organisation — including password resets and role-based administration. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices. Apple Business Manager makes it easy for organisations to create and manage these accounts at scale.
A personal Apple ID is used to access personal data such as Photos, iMessages and other personal iCloud data when signed in to a personal device.
Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.
How Managed Apple IDs are created
Managed Apple IDs are created after you:
create accounts manually.
use federated authentication with Google Workspace or Microsoft Azure Active Directory (Azure AD)
See Introduction to federated authentication.
Note: If your organisation is using federated authentication, the Default Managed Apple ID Format setting does not apply.
use SCIM with Azure AD
sync with Google Workspace
Important: Keep in mind that every Managed Apple ID must be unique. It also cannot be the same as other Apple IDs that other users may already have.
How Managed Apple IDs are used
As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways — with accounts and roles.
Accounts: users with the role of Administrator can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: after a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.
Managed Apple ID changes with Administrator roles
You cannot change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator.
Edit Managed Apple IDs
In some cases, it may be necessary to change the Managed Apple ID for accounts — for example, if the domain name of the organisation changes. Managers who have the “Create, edit and delete Managed Apple IDs” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.
After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element which is missing or empty for that user, the user’s Managed Apple ID will not be updated. If the new format results in a Managed Apple ID which is already in use, a number is added to the end of the new Managed Apple ID to make it unique.
Important: Users are not notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
Edit the Managed Apple ID format for a single user
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for a user in the search field. See How to search.
Select the user from the list.
Tap the Edit button , then edit the Managed Apple ID.
You can also enter text, such as a full stop (for example, amy.frost), in the field.
Select a domain from the list, then tap Save.
Edit the Managed Apple ID format for multiple users
This task can be successfully completed only for users created manually.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Tap Users in the sidebar, then search for users in the search field. See How to search.
Select the users from the list.
Tap Edit next to Update Managed Apple IDs to select what the Managed Apple ID will start with.
You can also enter text, such as a full stop (for example, amy.frost), in the field.
Select a domain from the list, then tap Continue.
Do one of the following:
Tap Activity to view this activity.
Tap Done.
Service access with Managed Apple IDs
Because Managed Apple IDs are owned by the organisation, certain features are disabled.
Note: Not all of these services are available in all countries or regions.
Services | Supported operating system | Description |
---|---|---|
Apple Pay | iOS iPadOS macOS | The user cannot use Apple Pay. |
Continuity | macOS | The user cannot access the following services:
|
Find My | iOS iPadOS macOS Web | The app appears, but the user cannot use it. |
Freeform | iOS iPadOS macOS | Users can’t see collaborator cursors or the collaborator list and updates from other participants appear in batches. |
Home | iOS iPadOS macOS | The user cannot add HomeKit devices to the Home app. |
Media services | iOS iPadOS macOS Web | The user cannot access the following services:
|
News Publisher | macOS Web | The user cannot use News Publisher to manage channels in Apple News. |
Specific iCloud features | iOS iPadOS macOS Web | The user cannot access the following services:
Allows browsing but not purchasing, paid or free, in:
|