Overview
It is possible to link your your Apple School Manager or Apple Business Manager to Azure via federation. This link allows users to have access to Management Apple IDs (MAIDs) created on-demand but using their same Azure username (email address) and password.
Requirements
In order to federate your Apple program with Azure, you will need to add a domain and link to Azure. These will require access to make changes to your domain, as well as a Microsoft Azure AD Global Administrator, Application Administrator or Cloud Application Administrator account. These will all need to be completed ahead of any dataJAR implementation.
Add your domain
You will need to add you domain and have this verified in your Apple program before you proceed. During the setup, you'll be provided with the data to add to a TXT record into your DNS. Once done, you'll have up to 14 days to complete this verification.
Full details on this process can be found below:
Add federation with Azure
Once you have your domain verified, the next step is to configure your Azure federation. During the setup, you'll need to login with a Microsoft Azure AD Global Administrator, Application Administrator or Cloud Application Administrator account and test the authentication. Once this is complete, you'll also need to test the federated authentication followed by enabling this.
Full details on this process can be found below:
Considerations for Implementation
Managed Apple ID (MAID) conflicts
Once federation is configured, the Apple program will check for any conflicts with existing Apple IDs that are already using your domain. If any are found, you will have the option to reclaim these Apple IDs for use as a MAID. If you go ahead with this process, users will have 60 days to change their Apple ID before Apple will forcibly change it to a temporary value.
Full details on this process can be found below:
Roster information (ASM only)
If you wish to utilise Apple Classroom, or otherwise utilise data from your Student Information System (SIS), this will need to be integrated separately. If you have a compatible SIS this can be integrated directly with the details in the Apple School Manager User Guide.
If not, you can use a third party solution such as Salamander (please see our article on Managed Apple ID Requirements and Considerations for reference.
One requirement is that the user's UserPrincipalName must match their email address. This must also match in LDAP and the data from the SIS in order to link the three together.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.