Posted on 03-20-2023 07:23 AM
Happy 2023 all, yeah, I know, it's nearly the end of March and the first day of spring, but this is my first post of the year....
I'm looking for a way to have mac users, and eventually mobile users, to be forced to create an apple ID that uses their domain email address.
has anyone tried this, and/or succeeded? with a script or a profile? not by giving them the forceful "Do this or else we'll forbid you access to your account" email.....
Posted on 03-20-2023 12:56 PM
If the end user is creating the Apple ID, then they are creating a personal Apple ID, and being forced to use my work email for a personal Apple ID is a HUGE red flag. Since you have control of the email domain, you would by extension have control of the Apple ID. This seems to be a bit of a security risk.
From a managed device standpoint, unless you are in K12 EDU and want to leverage Apple Classroom & Schoolwork, it shouldn't matter what Apple ID your end users use. If you want your users to use a Managed Apple ID using your company domain, you may want to look into federated authentication and then instruct users to sign into iCloud using their Azure AD or Google Workspace credentials.
Posted on 03-21-2023 08:18 AM
I wouldn't have their password, simply their email address. I will look into federated authentication though, thanks for that!
Posted on 03-21-2023 08:24 AM
You may not have the password, but with control of the email domain, you'd have access to emails sent to the Apple ID's associated email address (potentially including password reset links). It's not total control, but it's still not a good look to be mandating what employees do with their personal Apple ID. Managed Apple ID is the preferred solution for organizations that need to provide Apple IDs for end users.
Good luck!