You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/apple-business-manager-provision-tutorial.md
+20-15Lines changed: 20 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,6 +29,7 @@ This tutorial describes the steps you need to perform in both Apple Business Man
29
29
> * Create users in Apple Business Manager
30
30
> * Remove users in Apple Business Manager when they do not require access anymore
31
31
> * Keep user attributes synchronized between Azure AD and Apple Business Manager
32
+
> *[Single sign-on](../manage-apps/add-application-portal-setup-oidc-sso.md) to Apple Business Manager (recommended).
32
33
33
34
## Prerequisites
34
35
@@ -52,17 +53,21 @@ The scenario outlined in this tutorial assumes that you already have the followi
52
53
2. Click Settings at the bottom of the sidebar click Data Source below Organization Settings, then click Connect to Data Source.
53
54
3. Click Connect next to SCIM, carefully read the warning, click Copy, then click Close.
54
55
[The Connect to SCIM window, which provides a token and a Copy button under it.]
55
-
Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: 'https://federation.apple.com/feeds/business/scim'
56
+
Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: `https://federation.apple.com/feeds/business/scim`
56
57
57
-

58
+

58
59
59
-
> [!NOTE]
60
-
> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
60
+
> [!NOTE]
61
+
> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
61
62
62
63
## Step 3. Add Apple Business Manager from the Azure AD application gallery
63
64
64
-
Add Apple Business Manager from the Azure AD application gallery to start managing provisioning to Apple Business Manager. If you have previously setup Apple Business Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
65
+
* Add Apple Business Manager from the Azure AD application gallery to start managing provisioning to Apple Business Manager. If you have previously setup Apple Business Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially.
66
+
67
+
* To add the Apple Business Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple Business Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple Business Manager to use SCIM (System for Cross-domain Identity Management) for directory sync.
65
68
69
+
[Use federated authentication with MS Azure AD in Apple Business Manager](https://support.apple.com/en-ke/guide/apple-business-manager/axmb02f73f18/web)
70
+
66
71
## Step 4. Define who will be in scope for provisioning
67
72
68
73
The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -75,30 +80,30 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
75
80
76
81
1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.

91
96
92
-
5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple Business Manager in **Tenant URL** and **Secret Token** respectively.. Click **Test Connection** to ensure Azure AD can connect to Apple Business Manager. If the connection fails, ensure your Apple Business Manager account has Admin permissions and try again.
97
+
5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple Business Manager in **Tenant URL** and **Secret Token** respectively. Click **Test Connection** to ensure Azure AD can connect to Apple Business Manager. If the connection fails, ensure your Apple Business Manager account has Admin permissions and try again.

95
100
96
101
> [!NOTE]
97
102
>If the connection is successful, Apple Business Manager shows the SCIM connection as active. This process can take up to 60 seconds for Apple Business Manager to reflect the latest connection status.
98
103
99
104
6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.

102
107
103
108
7. Click **Save**.
104
109
@@ -125,15 +130,15 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
125
130
126
131
11. To enable the Azure AD provisioning service for Apple Business Manager, change the **Provisioning Status** to **On** in the Settings section.
127
132
128
-

133
+

129
134
130
135
12. Define the users and/or groups that you would like to provision to Apple Business Manager by choosing the desired values in **Scope** in the **Settings** section.

137
142
138
143
This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/apple-school-manager-provision-tutorial.md
+20-15Lines changed: 20 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,6 +29,7 @@ This tutorial describes the steps you need to perform in both Apple School Manag
29
29
> * Create users in Apple School Manager
30
30
> * Remove users in Apple School Manager when they do not require access anymore
31
31
> * Keep specific user attributes synchronized between Azure AD and Apple School Manager
32
+
> *[Single sign-on](../manage-apps/add-application-portal-setup-oidc-sso.md) to Apple School Manager (recommended).
32
33
33
34
## Prerequisites
34
35
@@ -52,17 +53,21 @@ The scenario outlined in this tutorial assumes that you already have the followi
52
53
2. Click Settings at the bottom of the sidebar click Data Source below Organization Settings, then click Connect to Data Source.
53
54
3. Click Connect next to SCIM, carefully read the warning, click Copy, then click Close.
54
55
[The Connect to SCIM window, which provides a token and a Copy button under it.]
55
-
Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: 'https://federation.apple.com/feeds/school/scim'
56
+
Leave this window open to copy the Tenant URL from Apple School Manager to Azure AD, which is: `https://federation.apple.com/feeds/school/scim`
56
57
57
-

58
+

58
59
59
-
> [!NOTE]
60
-
> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
60
+
> [!NOTE]
61
+
> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
61
62
62
63
## Step 3. Add Apple School Manager from the Azure AD application gallery
63
64
64
-
Add Apple School Manager from the Azure AD application gallery to start managing provisioning to Apple School Manager. If you have previously setup Apple School Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
65
+
* Add Apple School Manager from the Azure AD application gallery to start managing provisioning to Apple School Manager. If you have previously setup Apple School Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially.
66
+
67
+
* To add the Apple School Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple School Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple School Manager to use SCIM (System for Cross-domain Identity Management) for directory sync.
65
68
69
+
[Use federated authentication with MS Azure AD in Apple School Manager](https://support.apple.com/en-ke/guide/apple-school-manager/axmb02f73f18/web)
70
+
66
71
## Step 4. Define who will be in scope for provisioning
67
72
68
73
The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -75,30 +80,30 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
75
80
76
81
1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.

91
96
92
-
5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple School Manager in **Tenant URL** and **Secret Token** respectively.. Click **Test Connection** to ensure Azure AD can connect to Apple School Manager. If the connection fails, ensure your Apple School Manager account has Admin permissions and try again.
97
+
5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple School Manager in **Tenant URL** and **Secret Token** respectively. Click **Test Connection** to ensure Azure AD can connect to Apple School Manager. If the connection fails, ensure your Apple School Manager account has Admin permissions and try again.

95
100
96
101
> [!NOTE]
97
102
>If the connection is successful, Apple School Manager shows the SCIM connection as active. This process can take up to 60 seconds for Apple School Manager to reflect the latest connection status.
98
103
99
104
6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.

102
107
103
108
7. Click **Save**.
104
109
@@ -125,15 +130,15 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
125
130
126
131
11. To enable the Azure AD provisioning service for Apple School Manager, change the **Provisioning Status** to **On** in the Settings section.
127
132
128
-

133
+

129
134
130
135
12. Define the users and/or groups that you would like to provision to Apple School Manager by choosing the desired values in **Scope** in the **Settings** section.

137
142
138
143
This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
0 commit comments