Business – IT

iOS, iPadOS, and macOS have a systemwide extension framework for single sign-on to make it easy for employees to sign in to corporate apps and websites. The extension framework requires support from cloud identity providers and is configurable through MDM. And for organizations using Kerberos, a first-party extension provides password management and local password sync for internal applications.

Managed Apple IDs are created, owned, and managed by the organization and are designed for BYOD and organization-owned devices. Organizations can use Apple Business Manager to automatically create Managed Apple IDs for employees. This enables employees to collaborate with Apple apps and services as well as access corporate data in managed apps that use iCloud Drive. Managed Apple IDs can also be used alongside a personal Apple ID on employee-owned devices when organizations leverage User Enrollment.

Connect to your identity provider.

With federated authentication, IT teams can connect Apple Business Manager to Microsoft Azure Active Directory and Google Workspace (available in spring 2022), enabling employees to use their existing user names and passwords as Managed Apple IDs. Employees can access Apple services including iCloud Drive, Notes, and Reminders to collaborate using their existing credentials. And Managed Apple IDs are automatically created when users first sign in to an Apple device with their federated user name and password.

To prepare for this simplified sign-in experience:

• Verify that your business uses Microsoft Azure Active Directory or Google Workspace

• Determine the business domains you’d like to link to Apple Business Manager

• Set up the connection to Microsoft Azure Active Directory or Google Workspace in Apple Business Manager