Managed Apple IDs - ethan's notes

[[Apple Business Manager]] makes it easy to create a unique Managed Apple IDs for each user in your organization. Managed Apple IDs are unique to your organization, and separate from personal Apple IDs you can create for yourself. # Features ## Pros - [[Single Sign On (SSO)]] so users do not have to worry about AppleID creation or remembering the password. - Companies have more control over the devices and this can offer more security. - Increased visibility into what accounts exist and their use (employee turnover) ## Cons - Less available services for users - App Store - HomeKit - Apple Pay - Find My - FaceTime/iMessage (by default) # SCIM and Federated Authentication When using the Federated Authentication setup, the Managed Apple ID's are created the first time a user authenticates using an [[Entra ID|Entra ID]] (UPN/Email), this provisioning method is also called Just-In-Time (JIT). The second method allows user accounts to be provisioned/imported from [[Entra ID]] with [[System for Cross-domain Identity Management (SCIM)]], an open standard protocol that is managing identity data in cross-domain environments and it enables the automatic import of users from the supported Identity Provider ([[Entra ID]]). While both methods (the Federated Authentication and SCIM) automatically provision on behalf of users the Managed Apple ID's, only SCIM automates the provisioning and de-provisioning of the accounts using the Azure AD Provisioning service. A valued benefit is as the anchor point is created in the form of an Enterprise Application. [[Microsoft Entra Conditional Access]] controls can then be leveraged to enforce [[Multi Factor Authentication (MFA)|MFA]] or session controls for example.^[[UEMAuthority comments on What will we win with turning on SCIM? (reddit.com)](https://www.reddit.com/r/applebusinessmanager/comments/v0vu24/what_will_we_win_with_turning_on_scim/iaiztpb/)] # Resources [Overview of Managed Apple IDs for Business](https://www.apple.com/business/docs/site/Overview_of_Managed_Apple_IDs_for_Business.pdf) [Managed Apple IDs: Right for Your Business? (jamf.com)](https://www.jamf.com/blog/managed-apple-ids-in-business/)