Intro to users and user groups in Apple Business
Overview
Users in Apple Business can be created manually. They’re also created after you:
Sync with Google Workspace
Sync with Microsoft Entra ID or your identity provider (IdP) using Open ID Connect (OIDC)
Sync with your IdP using System for Cross-domain Identity Management (SCIM)
Each user account may have the following information associated with it, which can be viewed in the account list or when an account is selected:
Status
First, middle, and last name
Managed Apple Account
Roles and Organisational Units
Authentication type
User groups associated
Email address
Devices associated
Assigned plans
iCloud storage (used, available, total)
Assigned apps
Assigned settings
Person Number
Cost Center
Department
Division
When an account is copied from Google Workspace, Microsoft Entra ID or your IdP (using SCIM) to Apple Business, the Roles attribute can be edited.
User groups
You can create a group of users in Apple Business. These are known as user groups and there are two types, Smart User Groups and User Groups. Both types can be assigned to plans and to Blueprints. A Blueprint is a group of apps and settings that, when assigned to a user group, provide it with a quick and easy way to automate the assigning of apps and device settings.
Note: Users can also be a member of more than one Smart User Group and User Group. See Add group accounts.
User roles, organisational units and brands
When you assign a role to a user, you need to select which organisational unit they’re associated with. You can also optionally associate them with a brand. Depending on the role you assigned the user, they may have permissions to manage specific aspects of that brand. For example, you can create a custom role that has permissions to manage only brand locations. When you assign that role to a user, you can select which brands’ locations they can manage. If you want them to manage two brands, you can add another role to the user which would include the same organisational unit, but you then choose the second brand you want them to manage. See Intro to roles and permissions.
User status
A user’s status can be one of the following:
New: This user account is new, and the user hasn’t yet signed in.
Active: This user account is active, and the user has signed in at least once.
Deactivated: This user account has been deactivated and the user is unable to use their Managed Apple Account to sign in.
Locked: This user account has been locked because of too many unsuccessful sign-in attempts.
Depending on how the user account was created, you may be able to perform certain actions on that account.
Status | Actions |
|---|---|
New | Delete |
Active | Deactivate Delete |
Deactivated | Reactivate Delete |
Locked | Reset Password |