- Jamf Nation Community
- Products
- Jamf Pro
- Re: Apple Business Manager Administrator Role Fede...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Apple Business Manager Administrator Role Federated Account
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2021 11:13 AM - edited 09-22-2021 11:15 AM
We recently initiated Federated Authentication in our environment and I have noticed a strange thing - if I am trying to add an account via Apple Business Manager and I I want to set it's "Role" to Administrator - it automatically selects Authentication: "Apple". Only if I select Staff it is added as "Federated". Does it mean that Administrator "Role" account on Business Apple Manager can only be authenticated via Apple? As it requires attaching a working phone number in such case... Any insight on this would be great!
Ahoy!
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2021 03:58 PM
This is the case for a lot of applications behind an identity provider or federated login. It makes sense if you think about it. It's so if there's an issue with federation, your admins can login to fix it. Avoiding all eggs in the federated basket.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2021 04:05 PM
I see your point, the issue is - admin Apple auth account requires attaching a personal phone and what if admin is out of country and there is something urgently needs to be done with admin rights?
Ahoy!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2021 11:59 AM
In our org we create a separate admin account for each admin.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2021 05:46 PM
are those accounts using personal AppleIDs with personal cellphone attached?
Ahoy!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2021 06:11 PM
You can create Apple IDs in ABM using their work addresses (or add .appleid like Apple recommends). Distribute to all of your desired admins. Each person can use their own phone.
Maybe I’m misunderstanding your situation, but that seems to cover it?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2021 06:55 PM
"or add .appleid like Apple recommends" - could you point me please to the documentation where this is recommended?
Otherwise I think it answers my question: ABM admins can only have non-federated Apple ID accounts with personal phone MFA authentication, am I understanding this correctly?
Ahoy!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-16-2024 03:44 PM
You can add additional phone numbers to those admin accounts via appleid.apple.com. You get a new phone selector in the authentication flow (if you’re sharing those admin creds) to be able to approve MFA via that additional number.
