User experience when enabling federated auth for Managed Apple IDs

avail
New Contributor III

Hello all,

I've done a search for this but haven't quite found the info I'm after. Basically we are looking to flip the switch on federated authentication via Google for our Managed Apple IDs. We have ~70 people who are currently using their work email address for their Apple ID. 

Just want to know what their experience will be when we flip that switch. Will it just be a case of re-authenticating with their Google details or will it be more painful? 😅

Any info will be greatly appreciated!

1 ACCEPTED SOLUTION

Dr_Jones
New Contributor III
3 REPLIES 3

Dr_Jones
New Contributor III

These might be helpful 

  1. https://hcsonline.com/support/white-papers/how-to-resolve-managed-apple-id-conflicts
    1. Helpful to see what the user experience is like when someone has an iCloud account that they created with the same naming convention that you're Google Workspace has.
  2. https://support.apple.com/guide/apple-business-manager/transfer-apple-services-when-federating-axm66...
  3. https://support.apple.com/guide/apple-business-manager/federated-authentication-google-workspace-axm... 

avail
New Contributor III

Thanks @Dr_Jones those are incredibly helpful, thanks!

It's a bit of a can of worms isn't it? 😁

RobinJJ
New Contributor III

I've done this process. Users will have to logout and login since the username/email of their current account will be changed to "@icloud.com" account. Users will be the owner of these accounts. 

 

In terms of experience, it's good from an admin perspective to say "everyone just has an Apple-ID", but from a user perspective some stuff are a bit confusing. For example, managed Apple-IDs can't download applications from the Appstore. All app downloads must be downloaded from self service or deployed by IT. This isn't really "bad", but we have some users who use their account on unmanaged devices and they get confused about the whole "business owned devices" vs "personal devices", but must get it when I explain it. Another "bad" thing about users not able to download apps from the appstore is that we have like a thousand "parking-apps" in our country and I have to buy all apps in Apple Business Manager, it's OK, but can be tiresome. For example we just traveled to another country where users wanted to take an Uber or a Bolt car, so they had to call be to buy and deploy the app, not very convenient. I made that mistake once, but now I bought tons of apps in business manager.. but just something to be aware of.

 

In terms of the Apple-ID itself, it's great and easy to use and manage for users, it's not that good in terms of icloud stogare since we can't buy more even if we want to. Continuity stuff is getting better every year, so overall great. Most of our users use personal Apple-IDs on their devices however. I mainly wanted to set up managed Apple-IDs to avoid having to help users manually create their Apple-ID/iCloud account where they lose the password etc.