Sync user accounts from Google Workspace to Apple Business Manager
You can sync user accounts from Google Workspace into Apple Business Manager. When this occurs, you merge Apple Business Manager properties (such as roles) with user account data imported from Google Workspace. The account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited.
The initial sync takes longer to perform than subsequent cycles.
Note: Syncing user groups isn’t supported.
Before you begin
Before you sync to Google Workspace using an OIDC connection, you must do the following:
If necessary, configure and verify the domain you want to use. See Add and verify a domain. If you’ve already verified the domain you want to federate with Google Workspace, you can skip this process.
Configure, federate and enable a domain. See Use federated authentication with Google Workspace.
Have on call a Google Workspace administrator with permissions to edit Google Workspace settings.
Google Workspace user accounts and Apple Business Manager
When a user account is synced from Google Workspace to Apple Business Manager, the default role is Staff. After the sync is complete, only the Roles user attribute can be edited. This attribute is stored with the user account in Apple Business Manager and isn’t written back to Google Workspace.
Sign-in attribute
Apple Business Manager requires that the attribute used for the Managed Apple Account be unique. This is normally the user’s email address. If a user has an attribute that’s exactly the same as an existing Apple Business Manager user with the role of Administrator, no syncing is performed and the source field remains unchanged.
Person ID
When a Google Workspace user account is synced to Apple Business Manager, a Person ID is created for the Apple Business Manager user account. The Person ID is used to identify conflicting user accounts.
Important considerations if you modify the Person ID:
If you modify the Person ID for a user account previously imported from Google Workspace, that user account is no longer paired with Google Workspace.
If you modify the Person ID for a user account previously imported from Google Workspace and want to reconnect the user account, you must resolve the conflict.
Turn on Google Workspace Sync.
In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
Select your name at the bottom of the sidebar, select Preferences , then select Managed Apple Accounts .
Under Directory Sync, turn on Google Workspace Sync.