
About Managed Apple Accounts in Apple Business Manager
Overview
Managed Apple Accounts function much like Apple Accounts but are specifically designed for, owned and managed by, an organisation to help increase the productivity of employees and provide the services users may need. These accounts are separate from unmanaged (personal) Apple Accounts users create for themselves. This helps to keep organisational data separate from personal data with robust management controls.
This also includes role-based administration and — in certain instances — password resets. They also provide access to iCloud and collaboration with iWork, Notes and Reminders.
Lastly, Apple Business Manager makes it easy for organisations to create and manage these accounts at scale. Because Apple Business Manager integrates with your existing environment, you can provide Managed Apple Accounts to users using their existing organisation credentials — for example, Google Workspace, Microsoft Entra ID or your identity provider (IdP). You can then sync user accounts.
How Managed Apple Accounts are created
Managed Apple Accounts can be created for any domains using the following methods:
- create accounts manually. 
- Configure and turn on federated authentication with Google Workspace, Microsoft Entra ID or an identity provider (IdP) 
- Sync with Google Workspace 
- Sync using Open ID Connect (OIDC) with Microsoft Entra ID 
- Sync using Open ID Connect (OIDC) or System for Cross-domain Identity Management (SCIM) with your IdP 
Important: Keep in mind that every Managed Apple Account needs to be unique. It also can’t be the same as other Apple Accounts that other users may already have.
How Managed Apple Accounts are used
Like personal Apple Accounts, Managed Apple Accounts can be used to sign in on dedicated or shared Apple devices and to access specific Apple services, including Shared iPad, iCloud and collaboration with iWork, Notes and Reminders.
Managed Apple Accounts can also be assigned a specific role. These roles define which tasks users can perform in Apple Business Manager.
As any user with the role of Administrator or any Manager, you use Managed Apple Accounts in two main ways — with user accounts and roles.
- Accounts: Users with the role of Administrator can complete a range of tasks to manage user accounts. For example, you can assign roles or assign devices to users. 
- Roles: Roles help define what a user has access to. - For more information, see Intro to roles and privileges. 
Access with Managed Apple Accounts
Managed Apple Accounts have access to many Apple technologies, apps and services. For privacy reasons, Managed Apple Accounts are also restricted from accessing specific apps and services. For access lists, see:
Deleted personal Apple Accounts
If an unmanaged (personal) Apple Account goes through the formal deletion request process, it cannot be recreated nor can it be used as a Managed Apple Account for six years, even if the organisation has verified and captured the domain. For more information, see the Apple Support article How to delete your Apple Account.
Managed Apple Account password resets
Depending on how Managed Apple Accounts are created, password resets can be completed in Apple Business Manager or—if connected to an identity provider (IdP)—through the IdP.
If the reset is done through Apple Business Manager:
A user with a Managed Apple Account can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user needs to contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator needs to contact Apple to have the account unlocked. At that point, the user’s password can be reset by a user with the role of Administrator.