Transfer Apple services when federating
When you configure and turn on federated authentication in Apple Business Manager, there are several services your organization relies on that might need to be transferred from personal Apple Accounts to Managed Apple Accounts. Below is a list of those services and recommended steps to ensure there’s no gap in continuity in accessing those services.
Apple Push Notification service (APNs)
APNs certificates are most commonly used by organizations to enable communication from their mobile device management (MDM) solution to managed devices. The APNs certificate associated with a personal Apple Account can be moved to a Managed Apple Account by contacting Apple. This process can take up to 10 business days. No interruption in communication between the mobile device management (MDM) solution and the devices occurs when the move to a new account is completed. See Contact Apple for help with Apple Push Notification service certificates.
Apple Developer Program
Organizations with Apple Developer Program memberships must create new accounts with the necessary roles for users’ Managed Apple Accounts.
Important: Command-line services—like notarization—that use app-specific passwords won’t work with Managed Apple Accounts.
Change the user name of the existing developer Apple Account to another domain or subdomain that isn’t being federated. Popular personal email services will work for developer accounts.
Have the user generate a new federated Managed Apple Account. This can be done by signing in to iCloud using Settings on an iPhone or iPad, System Settings (in macOS 13 or later), or System Preferences (in macOS 12 or earlier), or during the initial setup of the device.
In the developer account, have another team member send an invite to the newly created Managed Apple Account and assign the appropriate role.
For information on transferring the developer Account Holder role to someone else on your development team, see Account Holder Role Transfer on the Apple Developer website.
Global Service Exchange (GSX)
Approved organizations that self-repair Apple products need to plan their transition. They may need to work with the Apple GSX teams, whose email addresses are listed below, along with the countries or regions they cover.
Apple GSX email address | Country or region covered | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
svc.authorize_amr@apple.com | Canada Latin America United States | ||||||||||
svc.authorize_emea@apple.com | Africa Europe India Middle East | ||||||||||
svc.authorize_apac@apple.com | Asia-Pacific countries and regions | ||||||||||
account_admin_china@apple.com | China | ||||||||||
account_admin_china@apple.com (For traditional Chinese language support, include Chinese in the email’s subject line) | Hong Kong Macao Taiwan |
Access to GSX is limited to approved domains and invited Managed Apple Accounts. Before enabling federation, create at least one Managed Apple Account in an approved domain and invite that user to GSX. After personal Apple Accounts are removed from the domain, Managed Apple Accounts can be created using the same name; these Managed Apple Accounts must be invited to GSX. If those individuals have certifications, send an email to certifications@apple.com to have those certifications moved between accounts.
If necessary, you can update account information for your organization by signing in at https://aamt.apple.com/.
If you are asked to update your personal Apple Account, see the Apple Support article If you are asked to update your Apple Account email address.
Apple online stores
Individuals with access to their organization’s online store must complete the conflict resolution process to update logins affected by federation. If you want to use a federated Managed Apple Account for the online store, complete the following steps:
Have the user generate a new federated Managed Apple Account. The user must sign in to iCloud using Settings on an iPhone or iPad, using System Settings (in macOS 13 or later), or System Preferences (in macOS 12 or earlier), or during the initial setup of the device.
Do one of the following:
In Apple School Manager, change the user’s role to Staff, Instructor, or Manager.
In Apple Business Manager or Apple Business Essentials, change the user’s role to Staff.
Contact your dedicated Apple Account Executive and request that a new invitation be generated for the federated Managed Apple Account.
Note: If you encounter an issue, send an email to myaccess.store@apple.com or visit Contact Apple for support and service and ask for Sales.