Recommendations on login for shared iPads

Question

Hello-We've recently been setting up our iOS/iPad infrastructure, and are trying to get a configuration for shared iPads ready. We are generally a microsoft org so I looked into and configured the Microsoft Authenticator app + the Microsoft Authenticator Enterprise SSO extension (or whatever it is called), and to my chagrin it still appears to be in preview mode (I think). The other solution I've been looking into is just putting the iPads in shared mode and then syncing managed AppleIDs from EntraID for users to log in. My issue with that solution is there appears to be no (easy) way to enforce that users use our managed appleID domain at login. This is really frustrating, because without a way to ensure users are using our managed AppleIDs, our org will likely have to plainly disable most features that make AppleIDs useful (and we'd like to make sure people are using only managed accounts on our devices). Does anybody have a recommendation to either serve SSO directly from EntraID or guide users to log in with their managed IDs without having somebody there literally breathing down their necks?

lizzymiller · Answer

Update on this: it looks like iPads in shared mode only accept managed AppleIDs at login? In my testing at least, I was able to log in with a managed AppleID provisioned for me and not my personal one. I haven't found this behavior documented anywhere, but could somebody confirm/deny?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded