Recommendations on login for shared iPads

lizzymiller
New Contributor III

Hello-

We've recently been setting up our iOS/iPad infrastructure, and are trying to get a configuration for shared iPads ready. We are generally a microsoft org so I looked into and configured the Microsoft Authenticator app + the Microsoft Authenticator Enterprise SSO extension (or whatever it is called), and to my chagrin it still appears to be in preview mode (I think). The other solution I've been looking into is just putting the iPads in shared mode and then syncing managed AppleIDs from EntraID for users to log in. My issue with that solution is there appears to be no (easy) way to enforce that users use our managed appleID domain at login. This is really frustrating, because without a way to ensure users are using our managed AppleIDs, our org will likely have to plainly disable most features that make AppleIDs useful (and we'd like to make sure people are using only managed accounts on our devices). Does anybody have a recommendation to either serve SSO directly from EntraID or guide users to log in with their managed IDs without having somebody there literally breathing down their necks?

2 REPLIES 2

lizzymiller
New Contributor III

Update on this: it looks like iPads in shared mode only accept managed AppleIDs at login? In my testing at least, I was able to log in with a managed AppleID provisioned for me and not my personal one. I haven't found this behavior documented anywhere, but could somebody confirm/deny?

Correct, when using the Apple method of doing Shared iPads, only a Managed Apple ID or guest account can sign-in. See https://support.apple.com/guide/deployment/shared-ipad-overview-dep9a34c2ba2/web

Only other requirement is that the device must be enrolled via ADE/DEP so the Shared iPad enrollment profile can be applied during ADE enrollment.  

 

The Deployment Guide is here - https://it-training.apple.com/tutorials/deployment/dm135