Use Managed Apple IDs in Apple School Manager

Use Managed Apple IDs in Apple School Manager

Like any Apple ID, Managed Apple IDs provide access to Apple services such as iCloud. With Managed Apple IDs, students and instructors use, for example, the Classroom app, the Schoolwork app, and collaborate using iWork and Notes—and users with the roles of Administrators and Staff can sign in to Apple School Manager.

Unlike personal Apple IDs, Managed Apple IDs are owned and managed by your school or district and are designed to meet the needs and legal requirements of education institutions—including password resets, limitations on purchasing and communications, and role-based administration. Apple School Manager makes it easy for schools to create and manage these accounts at scale.

Important: A user with a Managed Apple ID can lock themselves out of their account if they enter an incorrect password more than 10 times. To reset their password, the user must contact any user with the role of Administrator, Site Manager, People Manager, or another user with password reset privileges.

How Managed Apple IDs are created

Managed Apple IDs are created after you:

  • Create accounts manually

  • Use federated authentication with Google Workspace or Microsoft Azure Active Directory (Azure AD)

    See Intro to federated authentication.

    Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.

  • Use SCIM with Azure AD

    See Review SCIM requirements.

  • Sync with Google Workspace

  • Import accounts from your Student Information System (SIS)

  • Import .csv files using the Secure File Transfer Protocol (SFTP)

Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.

How

Managed Apple IDs

are used

As any user with the role of Administrator or any Manager, you use Managed Apple IDs in three main ways—with accounts, roles, and classes.

  • Accounts: Users with the role of Administrator can complete a range of tasks within Apple School Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.

  • Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles include Site Manager, People Manager, Device Enrollment Manager, Manager, Instructor, Staff, and Student. These roles define which tasks users can perform in Apple School Manager with their Managed Apple ID.

    When you create each account, you assign a role that defines the privileges for that account. If you’re importing from your Student Information System (SIS), the individual doing the import automatically assigns roles.

  • Classes: A class is a collection of instructor and student accounts. Classes have at least one instructor added when the class is created. After a class is created, it’s used with your mobile device management (MDM) solution to enable classes to appear in the Classroom app for iPad and Mac, and Shared iPad, and to simplify the experience for students using Shared iPad.

Managed Apple ID changes with Administrator roles

You can’t change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator.

Edit Managed Apple IDs

In some cases, it may be necessary to change the Managed Apple ID for accounts—for example, if the domain name of the organization changes. Managers who have the “Create, edit, and delete Managed Apple IDs” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.

After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element that’s missing or empty for that user, the user’s Managed Apple ID won’t be updated. If the new format results in a Managed Apple ID that’s already in use, a number is added to the end of the new Managed Apple ID to make it unique.

There are two options when changing Managed Apple ID formats:

  • Change the Managed Apple ID format for all locations: This option changes the format for all new users. Existing users still use the original format.

  • Change the Managed Apple ID format for users: This option changes the format for all new and existing users.

Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

Create new Managed Apple IDs from SIS or SFTP accounts

Note: This doesn’t apply if federated authentication is turned on.

  1. In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.

  2. Click your name at the bottom of the sidebar, click Preferences , click Directory Sync , then click Connect next to SIS/SFTP.

  3. Click next to Create Accounts and Classes, then do one or both of the following:

    • Click Change Settings in the Students row to select what the Managed Apple ID will start with.

    • Click Change Settings in the Instructor row to select what the Managed Apple ID will start with.

    You can also enter text, such as a period (for example, amy.frost), in the field.

  4. Click Save.

Edit the Managed Apple ID format for SIS or SFTP accounts

Note: This doesn’t apply if federated authentication is turned on.

  1. In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.

  2. Click your name at the bottom of the sidebar, click Preferences , click Directory Sync , then click Connect next to SIS/SFTP.

  3. Click next to Create Accounts and Classes, then do one or both of the following:

    • Click Change Settings in the Students row to select what the Managed Apple ID will start with.

    • Click Change Settings in the Instructor row to select what the Managed Apple ID will start with.

    You can also enter text, such as a period (for example, amy.frost), in the field.

  4. Click Save.

Edit the Managed Apple ID format for a single user

  1. In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.

  2. Click Users in the sidebar, then search for a user in the search field. See How to search.

  3. Select the user from the list.

  4. Click the Edit button , then edit the Managed Apple ID.

    You can also enter text, such as a period (for example, amy.frost), in the field.

  5. Select a domain from the list, then click Save.

Edit the Managed Apple ID format for multiple users

This task can be successfully completed only for users created manually.

  1. In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or People Manager.

  2. Click Users in the sidebar, then search for users in the search field. See How to search.

  3. Select the users from the list.

  4. Click Edit next to Update Managed Apple IDs, then click the Add button to select what the Managed Apple ID will start with.

    You can also enter text, such as a period (for example, amy.frost), in the field.

  5. Select a domain from the list, then click Continue.

  6. Do one of the following:

    • Click Activity to view this activity.

    • Click Done.

Service access with Managed Apple IDs

Because Managed Apple IDs are for education purposes only, certain features are disabled to protect the personal information of students and instructors.

Note: Not all of these services are available in all countries or regions.

Services

Supported operating system

Description

Apple Pay

iOS

iPadOS

macOS

The user can’t use Apple Pay.

Continuity

macOS

The user can’t access the following services:

  • Sidecar

  • Markup

  • Sketch

  • Camera

  • Universal Control

Education services and programs

Web

Accounts with the role of Student can’t use the following:

  • Apple Push Notification Certificate web portal

  • Apple Teacher Learning Center

  • AppleSeed for IT

  • Global Service Exchange (GSX)

Find My

iOS

iPadOS

macOS

Web

The app appears, but the user can’t use it.

Freeform

iOS

iPadOS

macOS

Users can’t see collaborator cursors or the collaborator list and updates from other participants appear in batches.

Home

iOS

iPadOS

macOS

The user can’t add HomeKit devices to the Home app.

Media services

iOS

iPadOS

macOS

Web

The user can’t access the following services:

  • Apple One

  • Apple Arcade

  • Apple Music

  • Apple Music radio

  • Apple Fitness+

  • Apple News+

  • Apple TV+

News Publisher

macOS

Web

The user can’t use News Publisher to manage channels in Apple News.

Specific iCloud features

iOS

iPadOS

macOS

Web

The user can’t access the following services:

  • iCloud Mail

  • iCloud Family Sharing

  • iMessage (allow in iCloud)

  • iCloud+ services: (Private Relay, Hide My Email, Custom Email domain, Advanced Data Protection)

  • iCloud Keychain (although keychain items are saved and restored on Shared iPad devices)

Allows browsing but not purchasing, paid or free in:

  • App Store

  • iTunes Store

  • Apple Books

Published Date: March 1, 2023

Bài viết liên quan
Bài Mới Nhất
Alternate Text Gọi ngay