One of the key challenges for K-12 schools with Apple products is management and deployment of an identification infrastructure. While Google has their solution with G-Suite, companies like Clever are also making a play to become a schools centralized identity solution.
Google offers email, document management, calendars, and works as a single sign on provider as well. Clever works directly with software as a service application vendors to sync your data between companies that don’t normally talk together. Yesterday, Apple launched their identity solution for K-12 schools with federated authentication for Microsoft Azure Active Directory.
Apple and Microsoft have become much more “friendly” in K-12 over the years. I wrote a few weeks ago how they had become the unlikeliest of friends.
The current situation has put Apple in a scenario where it’s a friend of Microsoft in education. A school who using Office 365 is not buying Chromebooks. A school who heavily relies on Office for Mac will likely not be considering G-Suite as a productivity suite. This has taken two longtime rivals (Apple and Microsoft) and made them unlikely allies in education environments.
The bottom line is that a school who uses Microsoft services is likely to be an Apple customer for hardware. With Apple’s federated authentication for Azure AD, schools now have a simple way to sync an identity management solution with Apple School Manager to generate managed Apple IDs.
You use federated authentication to link Apple School Manager to your instance of Microsoft Azure Active Directory (AD). As a result, your users can leverage their Microsoft Azure AD user names and passwords as Managed Apple IDs. They can then use their Microsoft Azure AD credentials to sign in to their assigned iPad or Mac and even iCloud on the web. Students can also use it to sign in on Shared iPad.
Microsoft Azure AD is the Identity Provider (IdP), which contains the user names and passwords for the accounts you want to use with Apple School Manager. Federated authentication uses Security Assertion Markup Language (SAML) to connect Apple School Manager to Microsoft Azure AD.
There are two main scenarios where you might use federated authentication:
Federated authentication only
When you link to Microsoft Azure AD, Managed Apple IDs are automatically created for users and they simply sign in with their current email address as their Managed Apple ID. If a user is removed from Microsoft Azure AD, that user can be removed from Apple School Manager.
Federated authentication with users from other sources
When you link to Microsoft Azure AD, Managed Apple IDsare automatically created for users, and they simply sign in with their current email address as their Managed Apple ID.
You then link to your SIS or upload files with SFTP. All information, such as classes and rosters, are updated for the users in your Microsoft Azure AD system. If a user is removed from Microsoft Azure AD, that user must be deactivated in Apple School Manager by an account with permissions to change the status of users.
From all of the technical notes I’m reading on federated authentication, Apple has been working on this for some time. They’ve got solutions for dealing with conflicts as well as adding more than one Azure AD domain.
While I was hoping to see Apple go all in on competing in this space with their own solution, Microsoft and Google do have an immense head-start. I suspect this won’t be the only news we hear this year relating to how Apple works with identity management solutions. If you are ready to get started, visit Apple’s support website.