Overview
Your educational institution can create Managed Apple IDs for instructors and students to use for educational purposes. Managed Apple IDs are unique to your institution and separate from Apple IDs that you can create for yourself.
dataJAR can link your current datajar.mobi instance with your Apple School manager to facilitate this functionality. In order to ensure the success of this project there are a number of required prerequisites to be met and behaviours to understand.
Uploading and syncing of School data into Apple School Manager
Apple School Manager relies on the importing of data from your local School Information System (SIS). This data includes user rosters, student and teacher lists as well as class information and registers.
Although it is possible to manually craft and upload this data, we would strongly recommended utilising an automated system for this. If your SIS does not have an option to synchronise with Apple School Manager, you will need to utilise a third party solution, such as Salamander (this would need to be completed before the dataJAR integration work).
Please Note: If possible, have your synchronisation solution prepend "SIS - " to the location name to avoid confusion with existing locations.
Updating School data in Apple School Manager and datajar.mobi
Data from your SIS will be synced into Apple School Manager on the schedule configured in your syncing solution.
Data from Active Directory is pulled into your datajar.mobi instance on demand as required.
Data from Apple School Manager is pulled into your datajar.mobi instance every 24 hours at 8am. This data can also be manually updated on request.
Federated Authentication with Microsoft Azure AD
As of early 2019, it is possible to federate a Microsoft Azure AD domain with your Apple School Manager instance. This allows you to utilise a user's Microsoft Azure AD credentials (email address and password) to log into their assigned iPad or Mac and iCloud on the web. Students can also use it to sign in on Shared iPad. This account will be automatically created in Apple School Manager with the user's email address becoming their Managed Apple ID.
There are two scenarios where this can be used:
- Federated authentication only - Users will be able to log into devices with their Microsoft Azure AD credentials as above. However, there will be no classes or roster data.
- Federated authentication with users from other sources - Users will be able to log into devices with their Microsoft Azure AD credentials as above, but data for classes and rosters will be populated from your SIS data source as discussed above.
Requirements for Federated Authentication with Microsoft Azure AD
In order to configure Federated Authentication with Microsoft Azure AD, we would require the following:
- All users must have an email address
- We will need details of the Microsoft Azure AD domain that will be used with Apple School Manager Federation
- Username and Password of a Microsoft Azure AD account that:
- Is a Global Administrator, Application Administrator, or Cloud Application Administrator account
- Has permission to add domains in Microsoft Azure AD
- Is in the domain to be federated
Managed Apple ID Username Options
As part of the user synchronisation / creation process in Apple School Manager, each account will be created an Apple ID (specifically a Managed Apple ID or MAID). By default, Apple School Manager will add "appleid." to each user's email address, for example:
This is to ensure that all Apple School Manager users do not already have an Apple ID linked to the email address at your domain. This option can be disabled, but we strongly recommended it is used, and this decision would need to be completed before the dataJAR integration work.
Linking of users in Active Directory and your School Information System
In order to link users in your Active Directory to your students and staff in Apple School Manager we need to map a value. This can either be:
- AD Username
- Email Address
These values would need to be present and correct in both your Active Directory and your SIS, as well as the data synchronised into your Apple School Manager instance.
- Example 1:
- Email address in AD: j.bloggs@domain.com
- Email address in SIS: j.bloggs@domain.com
- Mapping value: Email address
- Example 2:
- Username in AD: j.bloggs
- Username in SIS: j.bloggs
- Mapping value: Username
- Example 3:
- Email address is: j.bloggs@domain.com
- MAID: j.bloggs@appleid.domain.com
- Mapping value: Starts with Email Address
This would need to be completed before the dataJAR integration work.
Using Managed Apple IDs with Apple Shared iPads
If you wish to use the Apple Shared iPad model (sometimes called Shared Personalised iPad), each device will need to be wiped, have their changes made to your enrolment workflow and redeployed fully before they will be usable.
Students and staff will need to login with their Managed Apple ID address (not their username or email address) and the password generated in Apple School Manager (again, not their AD password or email password).
Using Managed Apple IDs with 1:1 Deployments
If you wish to use a 1:1 iPad model, users will need to login to iCloud as per the below.
Students and staff will need to login with their Managed Apple ID address (not their username or email address) and the password generated in Apple School Manager (again, not their AD password or email password).
Further Information
- About Managed Apple IDs for Education
- iCloud: About Managed Apple ID accounts
- Apple Education - IT & Deployment
- Apple School Manager - User Guide
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.