Change a user’s domain information using Apple Business Manager
In Apple Business Manager, changes to a user’s domain information account require the user to sign out and sign in again with their new password.
Important: If a user’s password is changed in Google Workspace, Microsoft Entra ID or your IdP, Apple Business Manager invalidates the current session with that user. The user must sign in again with their new password to continue using federated authentication for access.
Change a federated user’s role
When you successfully complete your federated authentication, all users from your domain have the role of Staff. You may want to change roles for Content Managers and Device Enrolment Managers. If you change the role to Administrator or People Manager, that user’s authentication changes from Federated (they use their Google Workspace, Microsoft Entra ID or IdP password) to Apple. They still retain the Managed Apple Account and email address they had when federated authentication was completed.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the role, then select Save.
Change a user’s email to a federated domain
If you’ve successfully linked Apple Business Manager to your Google Workspace, Microsoft Entra ID or IdP domain, you can change an existing account so that its email address and Managed Apple Account are identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the email address, select OK to also change the Managed Apple Account to match the email address, then select Save.
That user can now sign in with their Managed Apple Account and their domain password.
Edit the Managed Apple Account to a federated domain for a user
If you’ve successfully linked Apple Business Manager to your Google Workspace, Microsoft Entra ID or IdP domain, you can change a nonfederated account so that its Managed Apple Account and email address are identical. An exception is that a user with the role of Administrator and People Manager can’t use the same account for both.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.
Edit the Managed Apple Account to a federated domain for multiple users
Important: Users aren’t notified when their Managed Apple Account is changed, so you must notify them as soon as you make the change.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for users in the search field. See How to search.
Select the users from the list.
Select Edit next to Update Managed Apple Accounts, then do one of the following:
Change the Managed Apple Account’s unique user name structure.
Change the domain name structure.
Change both.
Change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.
Do one of the following:
Select Activity to view this activity.
Select Done.
Change a user’s email to an unfederated domain
If you want users to use an email address different from the one in their Google Workspace, Microsoft Entra ID or IdP domain account, you can change it. You must make their email address and Managed Apple Account identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in with an account whose role can make changes to other accounts, then select Accounts in the sidebar.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the email address, select OK to match the Managed Apple Account, then select Save.
Notify the user that they have a new Managed Apple Account.
Edit the Managed Apple Account to an unfederated domain for a user
If you don’t want users to use the Managed Apple Account in their Google Workspace, Microsoft Entra ID or IdP domain account, you can change it. You must make their Managed Apple Account and email address identical. An exception is that an account with a role of Administrator or People Manager can’t use the same address for both.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.
Notify the user that they have a new Managed Apple Account.
Edit the Managed Apple Account to an unfederated domain for multiple users
Important: Users aren’t notified when their Managed Apple Account is changed, so you must notify them as soon as you make the change.
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Select Users in the sidebar, then select or search for users in the search field. See How to search.
Select the users from the list.
Select Edit next to Update Managed Apple Accounts, then do one of the following:
Change the Managed Apple Account’s unique user name structure.
Change the domain name structure.
Change both.
Change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.
Do one of the following:
Select Activity to view this activity.
Select Done.