Use Managed Apple IDs in Apple Business Manager

A user can have two types of Apple IDs : a Managed Apple ID and a personal Apple ID :

• A Managed Apple ID is owned and managed by your organization—including password resets and role-based administration. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices. Apple Business Manager makes it easy for organizations to create and manage these accounts at scale.
• A personal Apple ID is used to access personal data such as Photos, iMessages, and other personal iCloud data when signed in to a personal device.

Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.

How Managed Apple IDs are created

Managed Apple IDs are created after you:

Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP) See Intro to federated authentication.

Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.

Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.

How Managed Apple IDs are used

As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways—with accounts and roles.

• Accounts: Users with the role of Administrator can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
• Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID .

Managed Apple ID changes with Administrator roles

You can’t change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID , then change the role back to that of Administrator.

Access to services using Managed Apple IDs

Access to specific services may vary when using Managed Apple IDs . See Service access with Managed Apple IDs in Apple Platform Deployment.

Edit Managed Apple IDs

In some cases, it may be necessary to change the Managed Apple ID for accounts—for example, if the domain name of the organization changes. Managers who have the “Create, edit, and delete Managed Apple IDs ” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.

After you change the Managed Apple ID , active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element that’s missing or empty for that user, the user’s Managed Apple ID won’t be updated. If the new format results in a Managed Apple ID that’s already in use, a number is added to the end of the new Managed Apple ID to make it unique.

Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

Edit the Managed Apple ID format for a single user

1. In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
2. Select Users in the sidebar, then select or search for a user in the search field. See How to search.
3. Select the user from the list.
4. Select the Edit button , then edit the Managed Apple ID . You can also enter text, such as a period (for example, eliza.block), in the field.
5. Select a domain from the list, then select Save.

Edit the Managed Apple ID format for multiple users

This task can be successfully completed only for users created manually.

1. In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
2. Select Users in the sidebar, then select or search for users in the search field. See How to search.
3. Select the users from the list.
4. Select Edit next to Update Managed Apple IDs , then select the Add button to select what the Managed Apple ID will start with. You can also enter text, such as a period (for example, eliza.block), in the field.
5. Select a domain from the list, then select Continue.
6. Do one of the following:
   • Select Activity to view this activity.
   • Select Done.