One of the main challenges for K-12 schools with Apple products is the management and implementation of an identification infrastructure. While Google has its solution with G-Suite, companies like Clever are also playing a game to become a centralized identity solution for schools.
Google offers e-mail, document management, calendars and works as a single signal on the provider. Clever works directly with the software as service application providers to synchronize data between companies that do not normally speak together. Yesterday, Apple launched its identity solution for K-12 schools with federated authentication for Microsoft Azure Active Directory.
Apple and Microsoft have become much more "friendly" in K-12 over the years. I wrote a few weeks ago how they became the most unlikely friends.
The current situation has put Apple in a scenario in which it is a friend of Microsoft in the field of education. A school that uses Office 365 is not buying Chromebooks. A school that relies heavily on Office for Mac will probably not consider G-Suite as a productivity suite. This required two longtime rivals (Apple and Microsoft) and made them unlikely allies in educational circles.
The bottom line is that a school that uses Microsoft services is likely to be an Apple customer for hardware. With Apple's federated authentication for Azure AD, schools now have an easy way to synchronize an identity management solution with Apple School Manager to generate managed Apple IDs.
Federated authentication is used to connect Apple School Manager to the Microsoft Azure Active Directory (AD) instance. As a result, users can take advantage of their Microsoft Azure AD user names and passwords like Managed Apple IDs. They can then use their Microsoft Azure AD credentials to access the appropriate iPad or Mac and even iCloud on the Web. Students can also use it to log in IPad shared.
Microsoft Azure AD is the Identity Provider (IdP), which contains the usernames and passwords for the accounts you want to use with Apple School Manager. Federated authentication uses SAMA (Security Assertion Markup Language) to connect Apple School Manager to Microsoft Azure AD.
There are two main scenarios in which you can use federated authentication:
Federated authentication only
When connecting to Microsoft Azure AD, Managed Apple IDs they are automatically created for users and simply link to their current email address like them Managed Apple ID. If a user is removed from Microsoft Azure AD, that user can be removed from Apple School Manager.
Federated authentication with users from other sources
When connecting to Microsoft Azure AD, Managed Apple IDsthey are automatically created for users and simply link to their current email address like them Managed Apple ID.
It then connects to the SIS or uploads the files with SFTP. All information, such as classes and lists, is updated for users on the Microsoft Azure AD system. If a user is removed from Microsoft Azure AD, that user must be disabled in Apple School Manager from an account with permissions to change user status.
From all the technical notes I'm reading on federated authentication, Apple has been working on it for a while. They have solutions to manage conflicts and add more than one Azure AD domain.
This news is not the first time we have seen Microsoft and Apple mentioned together with the implementation. Last October, Jamf also launched access to Azure AD on macOS.
While I was hoping to see Apple go everything inside on the competition in this space with its own solution, Microsoft and Google have a huge advantage. I suspect it will not be the only news we hear this year about how Apple works with identity management solutions. If you're ready to get started, visit the Apple support website.
Have a look at 9to5Mac on YouTube for more news on Apple: