JumpCloud Community

We recently enabled SSO with Apple Business Manager (ABM) and there were a couple of hiccups that I didn't expect.  To be clear, the issues outlined here are with ABM, not JumpCloud.  Apple needs to do better.

1. You have to capture your domain before you can enable SSO.  Once you trigger this in ABM your users will receive a (scary) message from Apple explaining that they have to convert their existing personal Apple Account to a business one in 30 days or Apple will change the email address associated with the account.  This caused quite a bit of confusion among my users and was not very well received.

2. Enabling SSO with ABM converts all your users to "managed" accounts which restricts them in certain ways.  The restriction that most affected us is the inability to access the Apple App Store.  Our users can no longer install applications on their work Apple devices (MacBook, iPad, iPhone, etc.)  You have to install everything from the MDM.  I can sort-of understand Apple's reason for this but I do wish there was a configuration to let users manage their own apps in ABM.

The suggested workaround to this issue is to create a "Self Service portal" in the MDM to provide a custom "App Store".  This alternative App Store is stocked with apps that are purchased and managed by your company.  JumpCloud doesn't have this capability (yet?) but other MDM solutions do (ie JAMF).