Apple School Manager and Federated Authentication with Microsoft Azure AD

James RidsdaleApple, Management

You can now use federated authentication to link Apple School Manager to your instance of Microsoft Azure Active Directory (AD). As a result, your users can leverage their Microsoft Azure AD user names and passwords as Managed Apple IDs. They can then use their Microsoft Azure AD credentials to sign in to their assigned iPad or Mac and even iCloud on the web. Students can also use it to sign in on Shared iPad.

There are two scenarios where this can be used:

  • Federated authentication only
    Users will be able to log into devices with their Microsoft Azure AD credentials as above, however there will be no classes or roster data.
  • Federated authentication with users from other sources
    Users will be able to log into devices with their Microsoft Azure AD credentials as above, but data for classes and rosters will be populated from your SIS data source as discussed above.

 

 

Requirements for Federated Authentication with Microsoft Azure AD

In order to configure Federated Authentication with Microsoft Azure AD, you would require the following: 

  • All users must have an email address
  • We will need details of the Microsoft Azure AD domain that will be used with Apple School Manager Federation
  • Username and Password of a Microsoft Azure AD account that:
    • Is a Global Administrator, Application Administrator, or Cloud Application Administrator account
    • Has permission to add domains in Microsoft Azure AD
    • Is in the domain to be federated

Further information

Following on from Apple’s Special Event which is to be held on the 25th March 2019, our very own Ben Toms will be going into detail on these new features on the 26th March 2019 at the much anticipated Mac Admin & Developer Conference which will be in London. Ben will be covering Modern deployment workflows for education.