Intro to Managed Apple Accounts in Apple Business
Overview
Managed Apple Accounts are specifically designed for, owned and managed by, an organisation to help increase the productivity of employees and provide the services users need. Using Managed Apple Accounts helps to keep organisational data separate from personal data that users with unmanaged (personal) Apple Accounts create for themselves.
Apple Business makes it easy for organisations to create and manage these accounts at scale. Because Apple Business integrates with your existing environment, you can provide Managed Apple Accounts to users using their existing organisation credentials – for example, Google Workspace, Microsoft Entra ID or your identity provider (IdP). You can then sync user accounts.
What domains can be used to create Managed Apple Accounts?
There are two types of domains you can use to create Managed Apple Accounts: reserved and custom. See Intro to domain management.
How are Managed Apple Accounts created?
Managed Apple Accounts can be created for any domains using the following methods:
create accounts manually.
Configure and turn on federated authentication with Google Workspace, Microsoft Entra ID or an IdP
Sync with Google Workspace
Sync using Open ID Connect (OIDC) with Microsoft Entra ID
Sync using OIDC or System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple Account needs to be unique. It also can’t be the same as other Apple Accounts that other users may already have.
How are Managed Apple Accounts used?
Managed Apple Accounts provide access to specific services, such as:
iCloud services
Continuity between devices
Business services
Apple Developer programs and services
Collaboration and communication services
For a complete list, see Service access with Managed Apple Accounts.
Managed Apple Accounts also use role-based administration (which tasks users can perform in Apple Business) and – in certain instances – password resets.
What happens if a personal Apple Account is deleted?
If an unmanaged (personal) Apple Account goes through the formal deletion request process, it cannot be recreated nor can it be used as a Managed Apple Account for six years, even if the organisation has verified and captured the domain. For more information, see the Apple Support article How to delete your Apple Account.
How do Managed Apple Account password resets work?
Depending on how Managed Apple Accounts are created, password resets can be completed in Apple Business or – if connected to an identity provider (IdP) – through the IdP.
If the reset is done through Apple Business, a user with a Managed Apple Account can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user needs to contact any user whose role has permissions to create, edit and delete Managed Apple Accounts. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Organisation Administrator needs to contact Apple to have the account unlocked. At that point, the user’s password can be reset by a user with the role of Organisation Administrator.
Users with the role of Organisation Administrator can reset their own password or the password of another Organisation Administrator. See Organisation Administrator password resets.