Apple Business Manager Administrator Role Federated Account

Contributor II

We recently initiated Federated Authentication in our environment and I have noticed a strange thing - if I am trying to add an account via Apple Business Manager and I I want to set it's "Role" to Administrator - it automatically selects Authentication: "Apple". Only if I select Staff it is added as "Federated". Does it mean that Administrator "Role" account on Business Apple Manager can only be authenticated via Apple? As it requires attaching a working phone number in such case... Any insight on this would be great!


Contributor III

This is the case for a lot of applications behind an identity provider or federated login. It makes sense if you think about it. It's so if there's an issue with federation, your admins can login to fix it. Avoiding all eggs in the federated basket.

I see your point, the issue is - admin Apple auth account requires attaching a personal phone and what if admin is out of country and there is something urgently needs to be done with admin rights?


In our org we create a separate admin account for each admin. 

are those accounts using personal AppleIDs with personal cellphone attached?


You can create Apple IDs in ABM using their work addresses (or add .appleid like Apple recommends). Distribute to all of your desired admins. Each person can use their own phone. 

Maybe I’m misunderstanding your situation, but that seems to cover it? 

"or add .appleid like Apple recommends" - could you point me please to the documentation where this is recommended?

Otherwise I think it answers my question: ABM admins can only have non-federated Apple ID accounts with personal phone MFA authentication, am I understanding this correctly?