Change a user’s domain information using Apple School Manager

In Apple School Manager, changes to a user’s domain information account require the user to sign out and sign in again with their new password.

Important: If a user’s password is changed in Google Workspace, Microsoft Entra ID, or your IdP, Apple School Manager invalidates the current session with that user. The user needs to sign in again with their new password to continue using federated authentication for access.

Change a federated user’s role

When you successfully complete your federated authentication, all users from your domain have the role of Student. You may want to change roles for Content Managers and Device Enrollment Managers. If you change the role to Administrator, Site Manager, or People Manager, that user’s authentication changes from Federated (they use their Google Workspace, Microsoft Entra ID, or IdP password) to Apple. They still retain the Managed Apple Account and email address they had when federated authentication was completed.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the role, then select Save.

Change a user’s email to a federated domain

If you’ve successfully linked Apple School Manager to your Google Workspace, Microsoft Entra ID, or IdP domain, you can change an existing account so that its email address and Managed Apple Account are identical. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the email address, select OK to also change the Managed Apple Account to match the email address, then select Save.
That user can now sign in with their Managed Apple Account and their domain password.

Edit the Managed Apple Account to a federated domain for a user

If you’ve successfully linked Apple School Manager to your Google Workspace, Microsoft Entra ID, or IdP domain, you can change a nonfederated account so that its Managed Apple Account and email address are identical. An exception is that a user with the role of Administrator, Site Manager, or People Manager can’t use the same account for both.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.

Edit the Managed Apple Account to a federated domain for multiple users

Important: Users aren’t notified when their Managed Apple Account is changed, so you need to notify them as soon as you make the change.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for users in the search field. See How to search.
Select the users from the list.
Select Edit next to Update Managed Apple Accounts, then do one of the following:
- Change the Managed Apple Account’s unique user name structure.
- Change the domain name structure.
- Change both.
Change the Managed Apple Account, select OK to also change the email address to match the Managed Apple Account, then select Save.
Do one of the following:
- Select Activity to view this activity.
- Select Done.

Change a user’s email to an unfederated domain

If you want users to use an email address different from the one in their Google Workspace, Microsoft Entra ID, or IdP domain account, you can change it. Unlike federated accounts, unfederated accounts can have an email address different from the Managed Apple Account. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the email address, then select Save.
Notify the user that they have a new Managed Apple Account.

Edit the Managed Apple Account to an unfederated domain for a user

If you don’t want users to use the Managed Apple Account in their Google Workspace, Microsoft Entra ID, or IdP domain account, you can change it. Unlike federated accounts, unfederated accounts can have a Managed Apple Account different from the email address. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

In Apple School Manager , sign in with a user who has the role of Administrator, Site Manager, or People Manager.
Select Users in the sidebar, then select or search for a user in the search field. See How to search.
Select the user from the list.
Select the Edit button , change the domain for the Managed Apple Account to an unfederated domain or the reserved domain, then select Save.
Notify the user that they have a new Managed Apple Account.

Edit the Managed Apple Account to an unfederated domain for multiple users