I'm looking to simplify the enrollment process as much as possible for my users (students). I have configured Azure AD SSO and Federated Users in Apple School Manager. However, while the user is prompted for their SSO login during the enrollment, after successfully logging in they have to go through a second SSO login for their Apple ID. Is there no way to tie these together to a single login during enrollment?
Based on your question, you're trying to pass the data from your SSO to the new user account right?
As you're not skipping the account creation, you're always prompted to fill the basic info for a new user.
Perhaps you should give a try to Jamf Connect. It will allow you to use only one logging to verify the credentials of your students plus it will create an admin/local account. Plus if you enable LDAP, you will populate automatically extra info. of those users to the Jamf inventory for the proper device.
An alternative would be to use you NoMad but it would only work for AD on-premise.
No problem at all @sedwards ,
If you're using Jamf School you can skip the Apple ID with the creation a Profile > Automated Device Enrollment Profiles > Skip Apple ID (sorry for some reason I can't post an image). The integration with Azure should passthrough al the info. as they state so you can identify your students inside Jamf School
In Jamf Pro is more or less the same, Devices > PreStage Enrollments > Your PreStage > General > Skip Apple ID and iCloud.
With this process you would skip the second login. I'm not aware if there's a way to introduce the managed Apple ID of your School Manager to the iCloud account creation.
@danitree Oh is that so? I'm using JAMF Pro and yes I can skip the Apple ID part of the setup but I figured then the user would just have to manually go into settings and sign into with their managed Apple ID that point. At least keeping it in the setup scree will force the user to be signed in with their Apple ID. Am I wrong about this?
The thing is, the user will have at some point to introduce the password. In the second SSO or later in Settings.
There's actually no way to double validate such login. Imagine for example that the users in your Apple School Manager has 2FA, Azure won't help you to skip that process in the login for a managed Apple ID inside your iPad's.
Kind of pity... we've found more useful to deal with proper Scoping inside Jamf Pro + Azure LDAP than working with managed Apple ID's.