For Enrollment SSO Device Management, users can enroll a device with their Managed Apple ID:
Good to know:
Enrollment SSO handles only the enrollment flow; it does not replace the macOS login window.
When an IdP is integrated with Apple Business Manager (ABM), you can keep the Managed Apple ID identical to the user’s Google email (or its domain alias), so identity stays consistent across Google Workspace and Apple services.
To enroll an Apple device, please follow the steps after the admin sets up the Enrollment SSO on Swif.
Device management and iCloud can NOT be the same email. If the Enrollment SSO is xxx@company.com, when I later log in to iCloud with xxx@company.com, iCloud can not log in.
Option 1: Sign in at the Device Management screen with a Managed Apple ID
Go to Settings > Device Management > Sign in to a Work or School account, eg. xxx@swif.{yourdomain}
Click Continue. It opens the Swif web page and confirms the user’s Managed Apple ID, xxx@{yourappleiddomain}
Sign in with the managed Apple account password that your Admin sent to you. Or users will be redirected to IdP (Eg, Google Workspace) for authentication when an IdP is integrated with Apple Business Manager (ABM).
Click Allow for the Remote Management.
Option 2: Sign in at the Device Management screen with a Federated Managed Apple ID with IdP
Go to Settings > Device Management > Sign in to a Work or School account, eg. xxx@{yourdomain}. This can be an IdP federated work email, eg, Google Workspace account.
Confirm the Email and Team name
Redirect to IdP for SSO sign-in, eg, Google Workspace.
Allow Remote Management
Enrollment profile installed successfully
