Configure federated authentication with Microsoft Azure AD for Apple Business Manager
Steps to configure federated authentication
There are four main steps to link Apple Business Manager to Microsoft Azure AD:
Start the federated authentication process.
Connect to your identity provider by linking Apple Business Manager to Microsoft Azure AD.
Verify your Azure AD domain ownership.
Turn on and test federated authentication.
Start the federated authentication process
In Apple Business Manager
, sign in with an account that has the role of Administrator, Site Manager, or People Manager.Tap Settings at the bottom of the sidebar, then tap Accounts
below Organization Settings.Tap Edit in the Federated Authentication section, then tap Connect.
Note: Only domains that haven’t been claimed by another organization can be added.
Connect to your identity provider
This task allows Microsoft Azure AD to trust Apple Business Manager.
Important: You must have the user name and password of the Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account before you complete this task.
Tap “Sign in to Microsoft Azure,” enter a Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account, then tap Next.
Enter the password for the account, then tap Sign In.
Carefully read the application agreement, then tap Accept.
You are consenting to Microsoft giving Apple access to information found in Microsoft Azure AD.
Enter the domain name you want to use, then tap Continue.
In some cases you may not be able to add your domain. Common reasons are:
The Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account used doesn’t have permission to add domains in Microsoft Azure AD.
The user name or password from the domain that you chose to federate is incorrect.
The account isn’t in the domain that you chose to federate.
Verify your Microsoft Azure AD domain ownership
This task allows Apple Business Manager to trust Microsoft Azure AD.
Tap Open Microsoft Sign In, then enter your user name and password.
Enter a Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account that exists in the domain, then tap Next.
Enter the password for the account, tap Sign In, tap Done, then tap Done.
In some cases you may not be able to sign in to your domain. Here are some common reasons:
The user name or password from the domain that you chose to federate is incorrect.
The account isn’t in the domain that you chose to federate.
When sign-in is successful, Apple Business Manager checks for user name conflicts with this domain. The user name conflict check must be complete before you can use federated authentication with this domain.
Note: After you successfully link Apple Business Manager to Microsoft Azure AD, you can change the role of an account to another role. For example, you may want to change the role of an account to a Manager role.