Apple School Manager Help

Note: To see whether an Apple program is available in your country or region, see the Apple Support article Availability of Apple programs for education and business.

Overview

What is Apple School Manager?

Apple School Manager is a simple, web-based portal for IT administrators to deploy iOS, macOS, and tvOS devices all from one place. When used with your mobile device management (MDM) solution, you can configure device settings and buy and distribute apps and books. And Apple School Manager integrates with Student Information Systems (SISs) and SFTP so you can quickly create accounts with school rosters and classes.

If you’re already enrolled in the Device Enrollment Program (DEP) or the Volume Purchase Program (VPP), you may be able to upgrade your existing programs to Apple School Manager, bringing together everything needed to deploy iOS, macOS, and tvOS devices. For more information, see Upgrade to Apple School Manager.

Apple School Manager main window.

Program requirements

Before you enroll, make sure you’re using a supported browser and have the necessary information ready for setting up your account.

Supported browsers

  • Safari 9 or later on macOS

  • Google Chrome 35.0 or later

  • Microsoft Edge on Windows

Initial account

Use the name of a person when setting up the account, not the name of a role or group. This account is known as the administrator account. You can give up to four managers administrator access after your enrollment is approved.

The following information is required:

  • First and last name of the individual enrolling on behalf of the organization

    Note: This must be a legal, human name. First and last names such as “IT Coordinator” or “iPad Deployment” will be returned to you to correct the information.

  • A work email address that isn’t associated with an iTunes or iCloud account, and that hasn’t been used as an Apple ID for any other Apple service or website

    Important: Don’t use this new Apple ID with an iTunes or iCloud account, or any other Apple services or website other than Apple School Manager.

  • Work phone number

  • Role/Job title

Verification contact

This person, usually a legal representative of your organization, verifies that you have the authority to sign and bind your organization to the terms and conditions of Apple School Manager. The information given for this contact can’t be the same as for the individual submitting the enrollment. This person is contacted during the enrollment process to verify information about the initial account and the organization.

Note: During the review process, your verification contact is contacted by phone and asked to confirm information about you and your organization before your enrollment is approved. Make sure that any filters allow mail from all apple.com domains. Return any missed phone calls quickly so that the enrollment process can proceed smoothly.

The following information is required:

  • Name

  • Work email address

  • Work phone number

  • Role/Job title

Organization details

The following information is required:

  • Country or region

  • Legal name of the organization

  • Mailing address

  • Phone number

  • Website URL

  • Time zone and language

  • Organization type (K–12 or higher education)

  • Supplier information

    • An Apple customer number, if purchasing direct from Apple

      The legal name and mailing address of the organization should match those associated with the Apple customer number.

      Note: When entering your Apple customer number, leave off any leading zeros.

    • A DEP Reseller ID, if purchasing Apple devices from a participating Apple Authorized Reseller or carrier

Device eligibility

Eligible devices are available for assignment to your MDM solution through Apple School Manager. After you enroll them, you can assign and manage them using that MDM solution.

Requirements

To be eligible, devices must be running an operating system that meets the following requirements:

  • iOS 7 or later (for iOS devices)

  • OS X 10.9 or later (for Mac computers)

  • tvOS 10.2 or later (for Apple TV)

After the operating system versions are verified by your IT administrator, the following conditions must be met in order to enroll devices:

  • The device must have been ordered after March 1, 2011, whether it was purchased directly from Apple or from a participating Apple Authorized Reseller or carrier.

  • If the device was purchased directly from Apple, the purchaser must have used an enrolled and verified Apple customer number.

  • If the device was purchased directly from a participating Apple Authorized Reseller or carrier, the device must be linked to that reseller’s DEP Reseller ID. The actual date of eligibility is determined by the participating Apple Authorized Reseller or carrier sales history.

Assign purchases to an MDM Server

After new orders ship, you can search for them by serial number or order number. Or you can manually upload a comma-separated value (.csv) file. You may also choose to automatically assign eligible devices to a specific MDM server. To learn more about device assignment, see Assign devices.

After you’re enrolled, you can view your organization’s DEP Customer ID and any Apple customer numbers in the Device Purchases section of your organization’s parent location. To facilitate the enrollment of your devices in Apple School Manager, do the following:

  • Provide your participating Apple Authorized Reseller or carrier with the organization’s DEP Customer ID.

  • Add their DEP Reseller ID to your list of approved suppliers.

Enroll in Apple School Manager

Enroll your organization

  1. Go to Apple School Manager.

  2. Click Enroll now.

  3. Enter and review the following organization information:

    • Your country or region

    • Your organization’s legal name

    • Address information, city, and zip code

    • Phone number

    • Website URL

      Important: This domain is used to prepopulate Managed Apple IDs. However, if your organization website URL is different from your organization registered domain name, you can change it to your organization registered domain name before you create and assign Managed Apple IDs to other users of Apple School Manager. Don’t use a domain name you created, because doing so can cause all created Managed Apple IDs to fail.

    • Organization type (K–12 or higher education)

    • Time zone and language

  4. Enter and review your information:

    • First and last name of the individual enrolling on behalf of the organization

      Note: This must be a legal, human name. First and last names such as “IT Coordinator” or “iPad Deployment” will be returned to you to correct the information.

    • A work email address that isn’t associated with an iTunes or iCloud account, and that hasn’t been used as an Apple ID for any other Apple service or website

    • Role/Job title

  5. Enter and review the verification contact information.

    Examples include your superintendent, principal, or treasurer. Apple contacts your verification contact to confirm your enrollment.

    • Name

    • Work email address

    • Role/Job title

  6. Click Continue, review the information carefully, then click Submit.

  7. Check your email for a message from Apple School Manager with the subject line “Your enrollment is in review.”

During the review process, your verification contact is contacted by phone and asked to confirm information about you and your organization before your enrollment is approved. Make sure that any filters allow mail from all apple.com domains. Return any missed phone calls quickly so the enrollment process can proceed smoothly.

Confirm enrollment and grant administrator access

After Apple speaks with your verification contact and confirms your information, that contact receives a mail message from Apple School Manager with the subject line “Thank you for verifying your organization.” The contact can then complete the following task.

  1. Open the mail message from Apple School Manager with the subject line “Thank you for verifying your organization.”

  2. Review the message and do one of the following:

    • Click the “Confirm [name of person]” button to let that person be an administrator of Apple School Manager.

      This is the name of the person who initially enrolled in Apple School Manager.

    • If you don’t want this person to be an administrator, click the “choose someone else” link, enter another person’s information, then click Submit.

  3. Your verification contact must also check the box indicating that you approve this person to accept responsibility for signing the Apple School Manager terms and conditions on behalf of your organization.

After this task is complete, the person who was selected to be the administrator receives a mail message from Apple School Manager with the subject line “Enrollment Complete.”

Complete the enrollment process

After your verification contact approves you, you’ll receive a mail message letting you know your enrollment is approved. You can then create your own Managed Apple ID and approve all the terms and conditions.

  1. Open the mail message from Apple School Manager with the subject line “Enrollment Complete.”

  2. Click the “Get Started” button in the message to open Safari or your default browser. To view a list of supported browsers, see Program requirements.

  3. Enter an email address for you to use as your Managed Apple ID.

    Important: This can be your work email address if you haven’t used it as an Apple ID before with an iTunes or iCloud account, or any other Apple services or websites. This email address becomes your Managed Apple ID.

  4. Enter a secure password, then confirm it.

  5. Confirm your name, then enter your date of birth.

  6. Enter your SMS-enabled cell phone number, then select how you would like to obtain secondary verification.

  7. Click Submit.

    Note: You’ll be required to verify both your email address and your phone number.

  8. Click the link in the mail message you received to verify your email address.

  9. Enter the SMS verification code you received on your phone, then click Verify.

  10. Accept the terms and conditions. You must accept all terms in order to proceed.

Upgrade to Apple School Manager

If you enrolled in Apple Deployment Programs on or after February 26, 2014, your organization may be able to upgrade from Apple Deployment Programs to Apple School Manager. How you enrolled determines your ability to upgrade. Upgrading includes moving all MDM servers, device orders and assignments, and management-level accounts. Apple ID for Students accounts aren’t upgraded or transferred to Apple School Manager.

After upgrading, your Apple Deployment Programs account names are changed in Apple School Manager as follows:

  • Program Agent is called Administrator.

  • Administrators are called managers.

    • The accounts used to buy licenses of apps and books from the Volume Purchase Program become Content Managers with the continued ability to buy apps and books.

    • The accounts used to manage MDM servers become device managers.

    For more information about roles, see Role privileges.

Updated terms and conditions

When terms and conditions are updated, an administrator must sign in and accept those updated terms and conditions. Most of the functionality in Apple School Manager is blocked until the updated terms and conditions are accepted.

Important: If you are unable to accept the terms and conditions, contact your administrator immediately. The administrator must sign in to Apple School Manager and accept the new terms and conditions before full functionality will be available.

Get Support

You can get support for Apple School Manager through various Apple resources:

View activity

Apple School Manager is compatible with several Student Information Systems (SISs), one or more mobile device management (MDM) servers, and can be managed by several different people. It’s important that you know how to view all activity, regardless of where the activity originates.

Note: Some activities or status messages can be viewed only by managers with the correct privileges.

You can view the following activities. They are categorized by activity, status, and date-created events.

Activity

You can select all that apply.

  • Email New Sign-Ins

  • Create New Sign-Ins

  • Email New Verification Codes

  • Create New Verification Codes

  • Update Managed Apple IDs

  • Set Password Policies

  • Assign Roles

  • Delete Accounts

  • Deactivate Accounts

  • Reactivate Accounts

  • Restore Accounts

  • Change Class Location

  • Add Students To Classes

  • Create Classes

  • Delete Classes

  • Disconnect from Source

  • Updates

Status

You can select all that apply.

  • In-Progress

  • Successfully Completed

  • Completed with Issues

  • Completed with Server Errors

  • Manually Stopped

Date Created

Select only one.

  • Within last 24 hours

  • Within last 7 days

  • Within last 30 days

  1. Click Activity in the sidebar.

  2. If applicable, click Filter in the search bar and choose from the following:

    • Activity

    • Status

    • Date Created

  3. After you’ve chosen from the initial list, you can further restrict your search by selecting from the second filter.

  4. Click an activity to view the information and download the log file to your computer for additional information.

Use Setup Assistant

What is Setup Assistant?

When you first sign in, Apple School Manager provides a simple Setup Assistant that makes it easy to get going. With Setup Assistant you can:

  • Add managers

  • Connect to your Student Information System (SIS)

  • Use the Secure File Transfer Protocol (SFTP) to import account information

  • Find students, staff, and classes

  • Choose the Managed Apple ID format for all your users

Setup Assistant appears when the administrator or manager first signs in to Apple School Manager. If they close Setup Assistant, they can click their name in the upper-right corner and select Setup Assistant from the pop-up menu to open it again.

Find students, staff, and classes

Find people in your Student Information System (SIS)

Use Apple School Manager to securely integrate with your Student Information System (SIS). After you’ve authenticated and connected your SIS, specific information—such as management, staff, instructor, student names, and classes—is copied into Apple School Manager. You can then assign roles to your staff, instructors, and students and set their initial passwords. Apple School Manager periodically updates changes from your SIS. At no time is data written back to your SIS.

When you connect your district’s SIS to Apple School Manager, it provides a unique ID for everyone in your organization (including school management, staff, instructors, and students). Apple School Manager also tracks changes to classes and instructors throughout the year. So, for example, if a student joins two weeks into the year, a Managed Apple ID tied to the student’s instructor is ready and waiting.

If you’re connecting to a Student Information System (SIS) or importing users with Secure File Transfer Protocol (SFTP), and using federated authentication, users must have an email address. See About federated authentication.

Before you connect to your SIS, you may want to decide how to create your Managed Apple IDs. For more information, see Create Managed Apple IDs.

Note: During the summer break, many SISs won’t return any data, because they’re scoped to fetch only current information. This is expected behavior from your SIS. If you want current data in Apple School Manager, manually sync the data before you make any changes.

Connect to a Student Information System (SIS)

  1. If this is your first sign-in, Setup Assistant appears. If Setup Assistant doesn’t appear, click your name in the upper-right corner, then choose Setup Assistant.

  2. Click Add next to Find Students, Staff, and Classes and select Student Information System (SIS).

  3. Choose your SIS from the pop-up menu, then click Connect.

  4. Because each SIS handles its data and security differently, follow the detailed instructions shown in the window for the SIS you selected.

  5. Enter any required information, then click Connect.

  6. Wait for the copy process to complete.

    Depending on the connection speed and the amount of data being copied, this process could take some time.

  7. Review any errors that occur. You’ll need to correct these in your SIS system.

    To review errors in detail, see Read a log file.

  8. Click “Review [name of SIS] data” to view the data being added.

  9. Make sure the data looks correct, then click Confirm.

    Important: Don’t edit information on an account after connecting Apple School Manager to your SIS. Doing so results in the account being considered a local account and it’s no longer associated with your SIS.

After you link Apple School Manager to your SIS, you’ll see the name of the SIS and what was imported—for example, the number and type of users, the number of classes, and locations. You can also adjust the view individual window to display additional users.

Note: Apple School Manager receives updates every 24 hours from your SIS, so when a new student is added to the SIS, Apple School Manager automatically creates an account and a Managed Apple ID for that student. You can then share that student’s account credentials with each student.

View and edit SIS information

If you are the administrator, you can view and edit the URL, key, and secret associated with your SIS connection.

  1. Click Locations in the sidebar, then select a location.

  2. Click Settings at the bottom of the sidebar, select Data Source below Institution Settings, then select the data source that contains the SIS information you want to review for the selected location.

  3. Click Edit to edit the URL, key, and secret for the SIS you’re connected to, then click Save.

Import accounts with SFTP

You can use Setup Assistant and the Secure File Transfer Protocol (SFTP) to upload all the .csv files to Apple School Manager. You may want to do this for the following reasons:

  • Your Student Information System (SIS) isn’t currently supported by Apple School Manager but may be supported in the future.

  • You don’t have a SIS but want to import the exact same information from the system you currently use.

When you set up SFTP in Setup Assistant, Apple School Manager gives you .csv template files and the access information for a private SFTP server. You can open the files in a spreadsheet app (such as Numbers).

Before you upload your templates, you may want to decide how to create your Managed Apple IDs. For more information, see Create Managed Apple IDs.

Note: SFTP upload requires a third-party app on macOS. If you don’t have an SFTP client installed, you can find one in the Mac App Store.

Creating an SFTP connection to upload your data need only be done after and requires a role with the “Configure organization” privilege. Depending on your SFTP app, future uploads can take place automatically after the zipped file is placed in a folder.

You can then assign roles to your staff, instructors, and students. Any time you upload new files, that information is automatically added to and updated in Apple School Manager. At no time is data written back to your SIS or other systems.

After you’ve made the initial connection, Apple School Manager expects updates to include every .csv file, even if nothing has changed with a particular file. For example, if you have new students to add but no new staff, classes, or rosters, you must still upload those files.

Important: Before you export your data, read Template information, Best practices for merging data, and Students template to understand how to properly configure your .csv files with the appropriate information.

Add users with an SFTP app to Apple School Manager:

  1. If this is your first sign-in, Setup Assistant appears. If Setup Assistant doesn’t appear, click your name in the upper-right corner, then choose Setup Assistant.

  2. Click Add next to Find Students, Staff, and Classes, then select Set Up SFTP.

    Apple School Manager will generate a URL, user name, and password to use when uploading files. Use this information to configure your SFTP app.

  3. Click Download Templates to download the template files to your computer.

  4. Read the instructions for using templates in the Filling Out Data Files section, which explains in detail the formatting requirements and expected contents of each file. You can also find this information here in the Students template section.

  5. Open the templates, add your data in the columns, then save the files with a .csv extension.

  6. When your files are filled out, create a zip archive of all six files (in Finder select the files, then go to the File menu and choose Compress 6 Items).

  7. Open your SFTP app and create a new SFTP connection. This process will differ with each app.

  8. Enter the URL, user name, and password generated by Apple School Manager.

  9. After the connection is made, locate and open the dropbox folder, then drag in your zipped file.

  10. In Apple School Manager, click Continue and wait for the file to upload.

    If your upload contains errors, you can review a log identifying the files and lines that contain errors. Correct any errors in the data files, then upload a new zipped file. You don’t need to remove the previous file from the Apple SFTP server.

    After you successfully upload your file, you’ll see what was imported—for example, the number and type of users, the number of classes, and locations. You can also adjust the window to display additional users.

  11. To review any of the information, click Review SFTP Data.

View and edit SFTP information

You can view all your SFTP connections for your location, view and reset the SFTP password, and disconnect your SFTP connection from Apple School Manager.

  1. Click Locations in the sidebar, then select a location.

  2. Click Settings at the bottom of the sidebar, select Data Source below Institution Settings, then select the data source that contains the SFTP information you want to review for the selected location.

  3. If necessary, edit the password used for the SFTP connection, then click Save.

About .csv templates

Template information

Apple provides six templates to use when adding data to your location. They are:

  • Students: Contains student account info.

  • Staff: Contains staff account info, such as instructors.

  • Courses: Defines courses.

  • Classes: Contains course, instructor (staff) info.

  • Rosters: Contains class, student, and location info.

  • Locations: Contains location info.

Matrix of filenames and required information.
Prepare templates

When preparing a template, the following criteria must be met:

  • If you edit the templates, replace the example data with your own. Don’t change the contents of the header row in each file. Don’t create duplicate columns in any file.

  • In every template, each row must represent a unique value. For example, within the students.csv file, each row must be a unique student. Certain values for that student can be empty. Literal values—for instance, a line break or quotation mark within a name—must be escaped with a backslash (\). Here’s an example: \". Any identifiers entered must be alphanumeric and can include a hyphen (-).

  • If your value contains a space ( ) or a comma (,), use straight quotation marks (") around it. If your value doesn’t have any of these special characters, don’t use quotation marks. If you don’t use quotes where they are needed, or you use curly quotes, you’ll get errors in the upload process.

  • The values in your files must be separated with commas (,) or semicolons (;), regardless of how you created the file. Don’t use spaces or tabs between a comma or semicolon and the next value. Each file must be encoded as UTF-8 and use the UNIX newline (\n).

  • For the students.csv and staff.csv files, person_id must be unique for all locations.

  • The names of the .csv files should match the original filename exactly.

  • All files must be compressed into one zipped (.zip) archive file to be uploaded.

  • No file may be placed within a folder in the zipped archive file.

  • All foreign-key references to other .csv files must be defined in the referenced file.

For more information, go to the Apple Support article Use SFTP to upload student, staff, and class data to Apple School Manager.

Best practices for merging data

If you plan to merge .csv data with SIS data, follow the best practices shown on this page.

There is generally one field in your SIS or other system that contains a unique value for each person, class, course, location, or roster. This unique value is important if records are ever merged. For example, if you have a student in your SIS and that student’s unique value is 123abc, then no other user can have that value. In the case of most SISs, that value can’t be changed.

If you import data using a different value and then attempt to connect your SIS to Apple School Manager to merge the data, any records with conflicting unique values result in new accounts being created for new values, even if the record is the same.

When you download and enter information in the templates, you enter two pieces of information that appear to be similar:

  • person_id: When you add accounts, you add a person ID that can’t be edited after the account is imported. The person ID is also used to identify the instructors and students when you create a class template.

  • person_number: This is a number than can be edited with Apple School Manager. The person number is similar to a badge number or student number. This number is used by your mobile device management (MDM) solution to merge your accounts with a supported directory service.

You may also need to enter data for the roster_id. This value must be unique for every row in every roster template for every location in an organization. For example, if a rosters template has 600 students, that’s 600 rows of unique roster_id values, each student’s person_id, and the student’s associated class_id.

For more information, go to the Apple Support article Use SFTP to upload student, staff, and class data to Apple School Manager.

Eventual data merge: Best practice

In this example, you are using the same information for three values, two of which you can’t change after the data is imported. The third value, person_number, can be changed later, if necessary.

Unique attribute in SIS or other system

person_id

person_number

1A2B3C-4D5F6G-7H8I9J

1A2B3C-4D5F6G-7H8I9J

1A2B3C-4D5F6G-7H8I9J

Eventual data merge: Acceptable practice

In this example, you are using the same information for the two values you can’t change after the data is imported. The third value, person_number, is changed prior to import and can be changed later, if necessary.

Unique attribute in SIS or other system

person_id

person_number

1A2B3C-4D5F6G-7H8I9J

1A2B3C-4D5F6G-7H8I9J

12345

Eventual data merge: Unacceptable practice

In this example, you are using the different information for two values you can’t change after the data is imported. Merging later with your SIS isn’t possible.

Unique attribute in SIS or other system

person_id

person_number

1A2B3C-4D5F6G-7H8I9J

12345

1A2B3C-4D5F6G-7H8I9J

Students template

Use the Students template to import student accounts. The person_id value must be unique for all locations. For more information on student password policy management, see Password policy scenarios.

Value

Definition

Example

Required/Unique

person_id

also known as student_id

The number used to uniquely identify this person in your SIS or other database.

Use the same person_id value to refer to this person in .csv rosters and classes

AE4A6BB3-8D97-446A-BAA9-EDEA567453D3

Yes/Yes

person_number

A badge number or ID number that identifies this person in your organization.

Unlike person_id, person_number isn’t used to refer to this person in .csv rosters and classes.

49

No/No

first_name

The person’s first, or given, name.

Scott

Yes/No

middle_name

The person’s middle name.

D

No/No

last_name

The person’s last, or family, name.

Miller

Yes/No

grade_level

The grade level associated with this person.

9

No/No

email_address

The person’s email address.

scott@myschool.edu

No/No

sis_username

The user name for this person in your SIS or other school database.

sdmiller

No/No

password_policy

The password policy this person should use to sign in to their account.

There are three options: “8” (Standard policy; this is the default), “6” (six-digit policy), and “4” (four-digit policy).

This value overrides the Location password policy and any password policy previously set.

If password_policy is left blank in the .csv file, the default password policy for the location can be set as follows:

  • Is used for new accounts

  • Remains unchanged for existing accounts

8

No/No

location_id

The location ID of the school or department this person belongs to.

You can add up to 15 locations per student.

7BF83DE0-9D69-4662-A1E9-DAAD468DEF09

Yes/No

Staff template

Use the Staff template to import staff accounts. The person_id value must be unique for all locations.

Value

Definition

Example

Required/Unique

person_id

also known as instructor_id

The number used to uniquely identify this person in your SIS or other database.

Use the same person_id value to refer to this person in .csv rosters and classes

DAB7051F-BEBE-4852-8374-E205184A3069

Yes/Yes

person_number

A badge number or ID number that identifies this person in your organization.

Unlike person_id, person_number isn’t used to refer to this person in .csv rosters and classes.

1025

No/No

first_name

The person’s first, or given, name.

Jane

Yes/No

middle_name

The person’s middle name.

M

No/No

last_name

The person’s last, or family, name.

Appleseed

Yes/No

email_address

The person’s email address.

jane@myschool.edu

No/No

sis_username

The user name for this person in your SIS or other school database.

jmappleseed

No/No

password_policy

The password policy this person should use to sign in to their account.

“8” is the standard and default policy and should be used for all staff.

8

No/No

location_id

The location_id of the school or department this person belongs to.

You can add up to 15 locations per instructor.

7BF83DE0-9D69-4662-A1E9-DAAD468DEF09

Yes/No

Courses template

Use the Courses template to import courses.

Value

Definition

Example

Required/Unique

course_id

The number used to uniquely identify this course in your SIS or other database.

Use the same course_id value to refer to this course in .csv classes.

240CBE32-357D-41AF-9A60-8A8F8084A2AD

Yes/Yes

course_number

A number or code that identifies this course in your organization.

Unlike course_id, course_number isn’t used to refer to this course in .csv classes.

SCI101

No/No

course_name

The course’s name.

Introduction to Science

No/No

location_id

The location_id of the school or department this course belongs to.

7BF83DE0-9D69-4662-A1E9-DAAD468DEF09

Yes/No

Classes template

Use the Classes template to import classes. It must contain the course_id value of each course.

Value

Definition

Example

Required/Unique

class_id

The number used to uniquely identify this class in your SIS or other database.

Use the same class_id value to refer to this class in .csv rosters.

F9BF05A9-E40B-4CAD-9B4A-2E0C09EDCCC4

Yes/Yes

class_number

A number or code that identifies this class in your institution.

Unlike class_id, class_number isn’t used to refer to this course in .csv rosters.

40

No/No

course_id

The course_id of the course this class belongs to.

5A3FAD0C-F725-44A4-9BDF-B7F9FF68EFF4

Yes/No

instructor_id

also known as person_id

The person_id of the instructor who teaches this class.

All staff members receive the role of instructor.

DAB7051F-BEBE-4852-8374-E205184A3069

No/No

instructor_id_2

also known as person_id

The person_id of a second instructor who teaches this class.

106F0FB2-4338-4CE3-AA3A-6FBC6927AE25

No/No

instructor_id_3

also known as person_id

The person_id of a third instructor who teaches this class.

8CA182D9-3F8C-4659-859E-97D507179B54

No/No

location_id

The location_id of the school or department this class belongs to.

7BF83DE0-9D69-4662-A1E9-DAAD468DEF09

Yes/No

Rosters template

Use the Rosters template to import a class roster. Within an organization, every roster_id value must be unique—for every row in every roster_id template for every location. For example, if a Rosters template has 600 students, that’s 600 rows of unique roster_id values, each student’s person_id, and the student’s associated class_id.

It must also contain the class_id value of each course and contain at least one student_id value. Additional students are added by row. For example, 10 students would mean 10 rows, one for each student.

To prevent possible duplicate roster_id values, use the following functions to generate random values:

  • In Numbers, use the =RAND function in each cell.

  • In Microsoft Excel, use the =RAND() function in each cell.

  • Use Terminal and a shell script with the uuidgen command-line tool.

Value

Definition

Example

Required/Unique

roster_id

The number used to uniquely identify this roster in your SIS or other database.

BE8FF4CC-5BE2-47C6-9C42-6CDADB9072F8

Yes/Yes

class_id

The class_id of a class.

F9BF05A9-E40B-4CAD-9B4A-2E0C09EDCCC4

Yes/No

student_id

also known as person_id

The person_id of the first student who takes the class, specified by class_id value.

AE4A6BB3-8D97-446A-BAA9-EDEA567453D3

Yes/No

Locations template

Use the Locations template to import locations.

Value

Definition

Example

Required/Unique

location_id

The number used to uniquely identify this school or department in your SIS or other database.

Use the same location_id value to refer to this location for .csv students, staff, courses, and classes.

7BF83DE0-9D69-4662-A1E9-DAAD468DEF09

Yes/Yes

location_name

The location’s name.

Lincoln High School

Yes/No

MDM template information

The following information in each template may be used by MDM solutions:

Value

Used by MDM?

class_id

Yes

class_number

Yes

course_id

No in the Courses template

Yes in the Classes template

course_name

Yes

course_number

Yes

email_address

Yes

first_name

Yes, with middle and last name as single value

grade_level

No

instructor_id

also known as person_id in staff template

Yes in the Classes template

last_name

Yes, with first and middle name as single value

location_id

No in the Students, Staff, and Courses templates

Yes in the Classes and Locations templates

location_name

Yes

middle_name

Yes, with first and last name as single value

password_policy

No

person_id

also known as student_id in rosters template

also known as instructor_id in classes template

No in the Student and Staff templates

person_number

Yes

roster_id

No

sis_user_name

Yes

student_id

also known as person_id in student template

Yes in the Rosters template

Institution details

What can you add?

In Setup Assistant, you can also provide information about your institution:

  • Tax status: This determines if you are eligible for tax-free app and book purchases.

  • Find devices: You can add your Apple customer number and DEP Reseller IDs so you can associate devices to your MDM solution.

Change tax status

You may be able to change your tax status. Keep in mind that tax information fields vary by country or region.

  1. Click Settings at the bottom of the sidebar, then click Enrollment Information below Institution Settings.

  2. If you can change your tax settings, click Edit next to Tax Information.

  3. Change your tax information, then click Save.

Apple will verify that your tax information is correct and then grant you access to buy apps and books. This process may take up to five days.

Set up an MDM solution and assign devices

You can manage your Apple customer number and DEP Reseller IDs by adding or deleting supplier information as necessary. For example, a large organization may have more than one Apple customer number. If you don’t add these during enrollment, you can add them at any time.

If you purchase devices through participating Apple Authorized Resellers or carriers, you must complete all three steps below so orders placed with that reseller or carrier will appear in Apple School Manager:

  • Communicate your DEP Customer ID to the participating Apple Authorized Reseller or carrier and verify that they received it.

  • Add the DEP Reseller ID of your participating Apple Authorized Reseller or carrier to your supplier list.

  • Arrange with your participating Apple Authorized Reseller or carrier to have them submit your orders to Apple through their portal (it won’t happen automatically).

Important: If you don’t know the DEP Reseller ID of your participating Apple Authorized Reseller or carrier, contact them for assistance.

Use Setup Assistant to enter your device purchase

  1. Click Add next to Add Organization Details, then select Find Devices.

  2. Choose one of the following:

    • Enter Apple customer number

    • Enter DEP Reseller ID

  3. Enter the appropriate information, then click Continue.

    If you provided an Apple customer number, Apple will verify that it matches your institution, and then post your devices to Apple School Manager.

Use federated authentication

About federated authentication

Federated authentication allows you to link Apple School Manager with Microsoft Azure Active Directory.

You use federated authentication to link Apple School Manager to your instance of Microsoft Azure Active Directory (AD). As a result, your users can leverage their Microsoft Azure AD user names and passwords as Managed Apple IDs. They can then use their Microsoft Azure AD credentials to sign in to their assigned iPad or Mac and even iCloud on the web. Students can also use it to sign in on Shared iPad.

Microsoft Azure AD is the Identity Provider (IdP), which contains the user names and passwords for the accounts you want to use with Apple School Manager. Federated authentication uses Security Assertion Markup Language (SAML) to connect Apple School Manager to Microsoft Azure AD.

There are two main scenarios where you might use federated authentication:

Federated authentication only

When you link to Microsoft Azure AD, Managed Apple IDs are automatically created for users and they simply sign in with their current email address as their Managed Apple ID. If a user is removed from Microsoft Azure AD, that user can be removed from Apple School Manager.

Federated authentication with users from other sources

When you link to Microsoft Azure AD, Managed Apple IDs are automatically created for users, and they simply sign in with their current email address as their Managed Apple ID.

You then link to your SIS or upload files with SFTP. All information, such as classes and rosters, are updated for the users in your Microsoft Azure AD system. If a user is removed from Microsoft Azure AD, that user must be deactivated in Apple School Manager by an account with permissions to change the status of users.

Important: If you’re connecting to a Student Information System (SIS) or importing users with Secure File Transfer Protocol (SFTP), and using federated authentication, users must have an email address.

Note: Only domains that haven’t been claimed by another institution can be added. See Federated authentication eligibility check.

Federated authentication eligibility check

Before you can use federated authentication, Apple School Manager checks your list of domains to see whether they are eligible. Not all domains will be eligible immediately. If your domain is not immediately eligible, Apple will notify you when it is. The eligibility review process may take up to several weeks.

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager.

  2. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  3. Click the add button, enter the domains you want to use, then click Submit.

  4. Click Close.

  5. Check your email for a mail message from Apple about the domains you requested.

  6. If your domains are eligible, click Continue Set Up in Apple School Manager, then configure federated authentication with Microsoft Azure AD.

Configure federated authentication with Microsoft Azure AD

Steps to configure federated authentication

There are four main steps to link Apple School Manager to Microsoft Azure AD:

  1. Start the federated authentication process.

  2. Connect to your identity provider by linking Apple School Manager to Microsoft Azure AD.

  3. Verify your Azure AD domain ownership.

  4. Turn on and test federated authentication.

Start the federated authentication process

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager.

  2. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  3. Click Edit in the Federated Authentication section, then click Connect.

    Note: Only domains that haven’t been claimed by another institution can be added. See Federated authentication eligibility check.

Connect to your identity provider

This task allows Microsoft Azure AD to trust Apple School Manager.

Important: You must have the user name and password of the Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account before you complete this task.

  1. Click “Sign in to Microsoft Azure,” enter a Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account, then click Next.

  2. Enter the password for the account, then click Sign In.

  3. Carefully read the application agreement, then click Accept.

    You are consenting to Microsoft giving Apple access to information found in Microsoft Azure AD.

  4. Enter the domain name you want to use, then click Continue.

In some cases you may not be able to add your domain. Common reasons are:

  • The Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account used doesn’t have permission to add domains in Microsoft Azure AD.

  • The user name or password from the domain that you chose to federate is incorrect.

  • The account isn’t in the domain that you chose to federate.

Verify your Microsoft Azure AD domain ownership

This task allows Apple School Manager to trust Microsoft Azure AD.

  1. Click Open Microsoft Sign In, then enter your user name and password.

  2. Enter a Microsoft Azure AD Global Administrator, Application Administrator, or Cloud Application Administrator account that exists in the domain, then click Next.

  3. Enter the password for the account, click Sign In, click Done, then click Done.

    In some cases you may not be able to sign in to your domain. Here are some common reasons:

    • The user name or password from the domain that you chose to federate is incorrect.

    • The account isn’t in the domain that you chose to federate.

When sign-in is successful, Apple School Manager checks for user name conflicts with this domain. The user name conflict check must be complete before you can use federated authentication with this domain.

Note: After you successfully link Apple School Manager to Microsoft Azure AD, you can change the role of an account to another role. For example, you may want to change the role of an account to a Teacher role.

View user name conflicts

After a domain is successfully added, Apple School Manager reviews all existing Apple IDs by searching for any using that specific domain name. If an Apple ID is found to be using the domain name, Apple School Manager lets you send a mail message—and a notification to any device connected to their iCloud account—to that person, letting them know they must update their Apple ID user name so that you can use it for your institution. They don’t have to change their password and all their purchases and data remain in their account.

For example, say your institution registered the domain townshipschools.org several years ago and set up email addresses for all their employees. Jane Appleseed decided to use the email address she was assigned “jane@townshipschools.org” as her personal Apple ID.

Even if Jane no longer works for the institution that registered townshipschools.org, she still has the Apple ID with that domain name. Because you are setting up federated authentication for the domain name townshipschools.org, Jane must change her Apple ID user name so you can create the Managed Apple ID jane@townshipschools.org if you want.

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager. Then click Activity.

  2. Click Checking for Conflicts.

  3. If any user name conflicts are found, you’ll see a dialog with the total number of user name conflicts.

  4. Click Continue, click Send Notifications, then click OK.

    A mail message—and a notification to any device connected to their iCloud account— are sent, letting each user with a user name conflict know they must change their personal Apple ID.

  5. You can view the process of sending mail messages to users with a user name conflict in the Activity section of Apple School Manager.

Resolve domain conflicts

Domain names are registered and must be globally unique. The domain, or domain name (as it is also commonly known), is the name that designates the larger institution rather than an individual member.

When you configure federated authentication, Apple School Manager checks to see whether your domain name is already part of any existing Apple IDs:

  • Apple IDs: If someone else is using an Apple ID that contains the domain you want to use, that Apple ID user name can be reclaimed from the user so you can use it.

  • Managed Apple IDs: Managed Apple IDs can’t be reclaimed. You must choose a new domain if a different institution has Managed Apple IDs in that domain.

How Apple notifies users with Apple ID conflicts

Apple will identify users whose Apple ID contains the domain name you’ve registered. Those users receive a mail message and a notification telling them they must rename their Apple ID. If they’ve not renamed their Apple ID yet, they receive another mail message at 60 days. After 60 days, the user’s Apple ID will be automatically renamed to a temporary username, and the original Apple ID is released and claimed by your institution.

See Update the email address associated with your Apple ID.

Turn on and test federated authentication

After you’ve completed a successful administrator account sign-in and the user name conflict check is complete, you can turn on and test federated authentication.

Important: The federated authentication test also changes your default Managed Apple ID format. New accounts created in your Student Information System (SIS) or uploaded using Secure File Transfer Protocol (SFTP) use the new Managed Apple ID format.

Turn on federated authentication

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager.

  2. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  3. Click Edit in the Federated Authentication section, then turn on federated authentication for the domains that have been successfully added to Apple School Manager.

    It may take a while to update all accounts.

Test federated authentication

You can test the federated authentication connection after you’ve performed the following tasks:

  • You’ve completed a successful connection to your domain.

  • The user name conflict check is complete.

  • The Managed Apple ID default format is updated.

Note: Accounts with roles of Administrator, Site Manager, and People Manager can’t sign in using federated authentication; they can only manage the federation process.

  1. Sign in to Apple School Manager with a different Microsoft Azure AD user name than was used to join the domain.

    If the user name is found, you’ll see a new screen indicating you are signing in with an account in your domain.

  2. Click Continue, enter the password for the user, then click Sign In.

  3. Sign out of Apple School Manager.

Change user information

Change a federated user’s role

When you successfully complete your federated authentication, all users from your domain are students. You may want to change roles for teachers, staff, and Device Managers. If you change the role to Administrator, Site Manager, or People Manager, that user’s authentication changes from Federated (they use their Microsoft Azure AD password) to Apple. They still retain their Managed Apple ID and email address they had when federated authentication was completed.

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Select the account whose role must be changed, then click Edit.

  3. Change the role, then click Save.

Change a user’s email to a federated domain

If you’ve successfully linked Apple School Manager to your Microsoft Azure AD domain, you can change an existing account so that its email address and Managed Apple ID are identical. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Select the account whose email address must be changed, then click Edit.

  3. Change the email address, click OK to also change the Managed Apple ID to match the email address, then click Save.

    That user can now sign in with their Managed Apple ID and their domain password.

Change a user’s Managed Apple ID to a federated domain

If you have successfully linked Apple School Manager to your Microsoft Azure AD domain, you can change a nonfederated account so that its Managed Apple ID and email address are identical. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

Edit the Managed Apple ID to a federated domain for a user

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Select the account whose Managed Apple ID must be changed, then click Edit.

  3. Change the Managed Apple ID, click OK to also change the email address to match the Managed Apple ID, then click Save.

Edit the Managed Apple ID to a federated domain for multiple users

Important: User’s aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to edit.

  3. Click Edit in the Accounts row, then do one of the following:

    • Change the Managed Apple ID’s unique user name structure.

    • Change the domain name structure.

    • Change both

  4. Change the Managed Apple ID, click OK to also change the email address to match the Managed Apple ID, then click Save.

  5. Click Close, or wait until the activity has finished, then click Done.

Change a user’s email to an unfederated domain

If you want users to use an email address different from that in their Microsoft Azure AD domain account, you can change it. You must make their email address and Managed Apple ID identical. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Select the account whose email address must be changed, then click Edit.

  3. Change the email address, click OK to match the Managed Apple ID, then click Save.

  4. Notify the user that they have a new Managed Apple ID.

Change a user’s Managed Apple ID to an unfederated domain

If you don’t want users to use the Managed Apple ID in their Microsoft Azure AD domain account, you can change it. You must make their Managed Apple ID and email address identical. An exception is that an account with a role of Administrator, Site Manager, or People Manager can’t use the same address for both.

Edit the Managed Apple ID to an unfederated domain for a user

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Select the account whose Managed Apple ID must be changed, then click Edit.

  3. Change the Managed Apple ID, click OK to also change the email address to match the Managed Apple ID, then click Save.

  4. Notify the user that they have a new Managed Apple ID.

Edit the Managed Apple ID to an unfederated domain for multiple users

Important: User’s aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

  1. Sign in to Apple School Manager with an account whose role can make changes to other accounts, then click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to edit.

  3. Click Edit in the Accounts row, then do one of the following:

    • Change the Managed Apple ID’s unique user name structure.

    • Change the domain name structure.

    • Change both

  4. Change the Managed Apple ID, click OK to also change the email address to match the Managed Apple ID, then click Save.

  5. Click Close, or wait until the activity has finished, then click Done.

Add domains

You can add more than one Microsoft Azure AD domain. For example, you may have three different locations in Apple School Manager, with each location managed by a different team. In this case, you may want to add more than one domain. When you add an entirely new domain, you must still verify that domain is eligible. Subdomains of previously added domains don’t require verification.

Add a subdomain of an existing approved domain

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager.

  2. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  3. Click Edit in the Federated Authentication section, then click Add Domain.

  4. Enter the subdomain name, click Continue, then click Done.

    Apple School Manager checks for user name conflicts with this subdomain. The user name conflict check must complete before you can use accounts from this subdomain.

  5. View user name conflicts.

  6. Turn on and test federated authentication.

Add a new domain

  1. Sign in to Apple School Manager with an account that has the role of Administrator, Site Manager, or People Manager.

  2. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  3. Click Edit in the Federated Authentication section, then click Add Domain.

    Apple School Manager checks for user name conflicts with this subdomain. The user name conflict check must be complete before you can use accounts from this subdomain.

    Note: Only domains that haven’t been claimed by another institution can be added. See Federated authentication eligibility check.

  4. Connect to your identity provider.

  5. Verify your Microsoft Azure AD domain ownership.

  6. Turn on and test federated authentication.

Managed Apple IDs

What are Managed Apple IDs?

Like any Apple ID, Managed Apple IDs are used to sign in to a personal or shared device. They are also used to access Apple services—including iCloud, iTunes U courses, and collaboration with iWork and Notes—and Apple School Manager. Unlike Apple IDs, Managed Apple IDs are owned and managed by your school or district and are designed to meet the needs of education organizations—including password resets, limitations on communications, and role-based administration. Apple School Manager makes it easy to create a unique Managed Apple ID for each person in bulk.

Note: When you use Managed Apple IDs with iWork collaboration, that collaboration is limited to Managed Apple ID accounts within your organization.

Important: A user with a Managed Apple ID can lock themselves out of their account if they enter an incorrect password more than 10 times. To reset their password, the user must contact an administrator, people manager, or another user with password reset privileges.

How Managed Apple ID are created

Managed Apple IDs are created after you:

  • Import accounts from your Student Information System (SIS)

  • Import .csv files using the Secure File Transfer Protocol (SFTP)

  • Create accounts manually

Important: Keep in mind that every Managed Apple ID must be unique. It also can’t conflict with other Apple IDs that your staff, teachers, and students may already have.

Managed Apple IDs and Shared iPad

You can use Managed Apple IDs in two ways:

  • Managed Apple IDs with Shared iPad: The user has settings disabled by using a Managed Apple ID, and has services disabled by using that Managed Apple ID on Shared iPad.

    Note: Some of these services can be configured by your MDM solution or toggled in Control Center.

  • Managed Apple IDs without Shared iPad: The user has services disabled by using a Managed Apple ID. No iPad settings are disabled.

Additionally, Managed Apple IDs are prevented from enrolling in private courses created outside the user’s organization. For example, Managed Apple IDs can subscribe to any public course or public collection, and can enroll in any private course created by a Managed Apple ID within the same organization.

Note: Not all of these services are available in all countries or regions.

iOS settings category

Shared iPad disabled settings

Managed Apple ID disabled services

iCloud

Sign out, sync services, add payment information, Family Sharing, Location Sharing

iCloud mail

iCloud Family Sharing

iCloud Keychain (although, keychain items are saved and restored on Shared iPad devices)

Allows browsing but not purchasing, paid or free in:

  • App Store

  • iTunes Store

  • Apple Books

Cellular/Wi-Fi/VPN

Cellular Data, Carrier, Personal Hotspot, VPN

Messages, FaceTime

(Unless enabled by an administrator in Apple School Manager)

Notification information

Notifications, Sounds, Do Not Disturb, Screen Time

N/A

General

The ability to search Settings using the Search Bar, Software Update, Handoff, Background App Refresh, iTunes Wi-Fi Sync, Storage Management, Device Management, Reset, Shut Down

N/A

Control Center

Adding or removing items from Control Center

N/A

Display & Brightness

Auto-Lock

N/A

Touch ID & Passcode

Entire section is removed

N/A

Media

Music, TV, Photos, Camera, Books, Game Center, TV Provider, Wallpaper, Measure

N/A

Privacy

Motion & Fitness, Share iCloud Analytics

Limiting Ad Tracking is on and can’t be turned off

N/A

Apple app behavior

For greater student focus, Shared iPad disables or modifies the behavior of the following apps. When using a Managed Apple ID without Shared iPad, the user experience is as follows:

Apple apps

Managed Apple ID with Shared iPad

Managed Apple ID without Shared iPad

Find My Friends

App is removed.

App appears, but the user can’t use it.

Find My iPhone

App is removed.

App appears, but the user can’t use it.

Home

App is removed.

The user can’t add HomeKit devices to the Home app.

Mail

App appears.

The user can’t add mail account information. A user configuration profile with a mail payload is required.

Notes

App appears.

The user can lock a note.

Tips

App is removed.

App appears, and the user can use it.

Use Managed Apple IDs

As an administrator or manager, you use Managed Apple IDs in three main ways, with accounts, classes, and roles.

  • Accounts: Administrators can complete a range of tasks within Apple School Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.

  • Classes: A class is a collection of teacher and student accounts. Classes have at least one teacher added when the class is created. After a class is created, it’s used with your MDM solution to enable classes to appear in the Classroom app for iPad and Shared iPad, and to simplify the experience for students using Shared iPad.

  • Roles: After a Managed Apple ID is created for a user, the administrator can then assign roles for the user. These roles include manager, teacher, staff, and student. These roles define which tasks users can perform in Apple School Manager with their Managed Apple ID.

In addition, the administrator and manager can manually add an account at any time, such as when a temporary teacher is added to your school. You can also view and edit account information, such as the user’s name, ID number, grade level, and more. Depending on your role, you can also reset a user’s Managed Apple ID password, send them a verification code so they can sign in, and deactivate or restore an account.

Create Managed Apple IDs

Recommended Managed Apple ID structure

A Managed Apple ID should be different from a user’s personal or work email address to help avoid confusion and possible conflicts with an existing Apple ID.

  • A unique user name to the left of the at sign (@).

    You can use information from the user’s Student Information System (SIS) account, such as an email address or other account name, as the unique user name. You can also create a unique user name from their names, initials, or ID numbers. If two users end up with the same user name, Apple School Manager will add a number to differentiate them.

    For example, scottmiller1@ would be the unique user name.

  • Text immediately to the right of the @ sign.

    Apple recommends using “appleid.” as the text for all accounts.

    For example, scottmiller1@appleid. would be the beginning of the full Managed Apple ID.

  • The domain of your school.

    For example, a fully complete Managed Apple ID would be scottmiller1@appleid.myschool.edu.

    Important: This should be your institution’s registered domain name. Don’t use a domain name you created because this can cause all created Managed Apple IDs to fail.

Be sure you use the same formula for all Managed Apple IDs in your organization.

Apple School Manager Managed Apple ID example

Create Managed Apple ID from existing email addresses

Managed Apple IDs don’t have to be the same as user email addresses. If everybody in your organization has an email address and those addresses have never been used for the Device Enrollment Program, Volume Purchase Program, or personal iTunes or iCloud accounts, then you can choose to create Managed Apple IDs using those email addresses.

Important: If you choose to use existing email addresses for Managed Apple IDs, the user will have to remember two passwords—the original one that is associated with their email address, and the one associated with their Managed Apple ID.

Managed Apple ID, roles, and passwords

When you create each account, you assign a role that defines the privileges for that account. If you’re importing from your Student Information System (SIS), the individual doing the import automatically assigns roles.

You can define password policies for each account, and it’s easiest to assign them per role. Student role accounts can have a simpler four- or six-digit passcode. Teacher, Staff, Manager, and Administrator accounts must have strong passwords consisting of at least eight characters.

Managed Apple ID password complexity

When you add users to Apple School Manager, you set a password complexity for that user. That complexity level dictates which Lock screen appears when a user signs in with Shared iPad. A four- or six-digit passcode shows only digits on the screen. A complex password shows the full keyboard. When the user signs in with their Managed Apple ID and their initial password, they are prompted to change their password using the level of complexity you initially set in Apple School Manager.

If you add Profile Manager as one of your MDM servers to Apple School Manager, you have the option of merging any users in Apple School Manager to Profile Manager. When you do this, those users appear in the Profile Manager users list. After they appear, you can view their Managed Apple ID password type in the About tab. For more information on merging users, see Merge Apple School Manager accounts.

Important: If you set the Lock screen behavior to a four- or six-digit passcode and the Apple School Manager setting for that user is set to a complex password, that user must manually enter their Managed Apple ID and password.

Inspect Managed Apple IDs

Organizations can comply with legal and privacy regulations by using Managed Apple ID inspection. Administrator, manager, and teacher accounts can be granted inspection privileges for specific accounts (those used on organization-owned devices that are configured for multiple users). Inspectors can monitor only accounts that are below them in the school’s hierarchy. For example, teachers can monitor students, and administrators can inspect managers, teachers, and students.

To inspect an account, an authorized user must create special inspection credentials within Apple School Manager for a specific Managed Apple ID. These credentials can be used only to access that Managed Apple ID, and they expire after 7 days. During that period, the inspector can read and modify the user’s content stored in iCloud Drive or in CloudKit-enabled apps. Every request for access is logged in Apple School Manager. Logs show the inspector’s name, the Managed Apple ID in question, the time of the request, and whether or not the inspection was performed. All users with inspection privileges can search these logs, which discourages misuse of inspections.

See Inspect a user account.

Create Managed Apple IDs

  1. Click your name in the upper-right corner, then choose Setup Assistant.

  2. Click Add next to Create Accounts and Classes in Setup Assistant.

  3. Click Change Settings to view the options for the Managed Apple ID. They are:

    • Domain: This option is everything to the right of ”@appleid.” in the Managed Apple ID.

    • Include “appleid.” in the domain: This option prevents potential conflicts by prepending “appleid.” to the existing domain name.

  4. Select your settings for each group, then click Save Format to close the format window and return to Setup Assistant.

  5. Click Preview Accounts and Classes to view all the proposed Managed Apple IDs for the selected groups.

  6. If the Managed Apple IDs are approved, click Create Managed Apple IDs to begin the process.

    You can view the progress in Setup Assistant.

  7. Click Skip Setup Assistant.

You can also edit the default Managed Apple ID formats within the Settings for your Location.

Edit Managed Apple ID formats

In some cases, it may be necessary to change the Managed Apple ID for several accounts or all locations. For example, if the domain name of the organization changes. Managers who have the “Create, edit, and delete Managed Apple IDs” privilege can edit the Managed Apple ID of user accounts.

There are two options when changing Managed Apple ID formats:

  • Change the Managed Apple ID format for all locations: This changes the format for all new users. Existing users still use the original format.

  • Change the Managed Apple ID format for users: This changes the format for all new and existing users.

Edit the Managed Apple ID format for all locations

  1. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  2. Click Edit next to Domain, then do one of the following:

    • Change your domain name.

    • Include “appleid.” as part of your subdomain.

    • Set the format for student Managed Apple IDs.

    • Set the format for teacher and staff Managed Apple IDs.

  3. Click Done.

Edit the Managed Apple ID format for multiple users

After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element that’s missing or empty for that user, the user’s Managed Apple ID won’t be updated. If the new format results in a Managed Apple ID that’s already in use, a number is added to the end of the new Managed Apple ID to make it unique.

Important: User’s aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to edit.

  3. Click Edit in the Accounts row, then do one of the following:

    • Change the Managed Apple ID’s unique user name structure.

    • Change the domain name structure.

  4. Click Close, or wait until the activity has finished, then click Done.

Manage locations

About locations

When you sign up for Apple School Manager, the first location is automatically created and reflects your organization name. As you expand your use of Apple School Manager to other schools, you can add more locations and edit their information.

Locations window in Apple School Manager.

View location information

In some cases, such as connecting to a Student Information System (SIS) or uploading files, you will only see connections made by you.

  1. Click Locations in the sidebar, then choose a location to view basic information about that location, including the default password policy for your users.

  2. Click Settings at the bottom of the sidebar to view additional information about this organization—for example, the Student Information Systems (SIS) you’re connected to, the Secure File Transfer Protocol (SFTP) you configured, the Managed Apple ID configurations for your users, and more.

Edit default password policy location information

Important: If you enter password policy information in the .csv file for your students or staff, that value overrides this location password policy and any password policy previously set. If password_policy is left blank in the .csv file, the default password policy for the location is used for new accounts and remains unchanged for existing accounts.

If password_policy is left blank in the .csv file, the default password policy for the students at the location can be set as follows:

  1. Click Locations in the sidebar, then select a location you want to edit.

  2. Click Edit , then change the default password policy.

  3. Click Save.

View and edit location settings

You can view your settings and, depending on your role, specific organization settings.

View and edit your information

  1. Click Settings at the bottom of the sidebar, then click My Profile below Personal Settings.

  2. Click “Manage at appleid.apple.com” to:

    • Change your email address

    • Add or change your phone number used for two-step verification

View your app and book purchases

  1. Click Settings at the bottom of the sidebar, then click My Profile below Personal Settings.

  2. Click Apps and Books to view your apps and books purchased through your account.

View organization information and license agreements

Depending on your role, you may be able to view specific information about your organization.

  • Click Settings at the bottom of the sidebar, click Enrollment Information below Institution Settings, then click View History to view the current license agreements necessary to use Apple School Manager.

Enable FaceTime and Messages

Depending on your role, you may be able to enable FaceTime and Messages using Managed Apple IDs for your organization.

Note: If a user changes their user name, they must sign out and sign back in to use FaceTime and Messages.

  1. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  2. Click Enable, then click Enable FaceTime & Messages.

    If there’s no Enable button, FaceTime and Messages are already enabled and you can skip steps 3 and 4.

  3. Click Roles in the sidebar, then select the roles you want to use FaceTime and Messages.

  4. Enable Use FaceTime and Messages for those roles, then click Save.

Disable FaceTime and Messages

FaceTime and Messages are off by default; however, another user with the appropriate privileges can enable these features. Depending on your role, you may be able to disable FaceTime and Messages for your organization.

  1. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  2. Click Disable.

    Note: Before you disable these features, you may want to warn your users that they won’t be able to use their Managed Apple IDs with these features anymore.

View and edit data sources

Depending on your role, you may be able to edit data sources for your organization.

  1. Click Settings at the bottom of the sidebar, then click Data Source below Institution Settings.

  2. Do one of the following:

    • If you have the correct privileges, click Edit to manage data sources, then click Save.

    • If you have the correct privileges, click Update to have Apple School Manager contact your Student Information System (SIS) for any updates.

    • If you have the correct privileges, you can edit or update information using SFTP.

Manage device purchase information

Depending in your role, you may be able to edit device purchase information for your organization.

  1. Click Settings at the bottom of the sidebar, then click Device Management Settings below Institution Settings.

  2. Click Edit next to Customer Numbers, enter your Apple customer numbers or DEP Reseller IDs, then click Done.

    If the Add button is missing or dimmed, this information may already be saved.

    Note: When entering your Apple customer numbers, leave off any leading zeros.

Add a location

You can add locations to Apple School Manager. This is useful if you’re managing more than one school or campus.

  1. Click Locations in the sidebar, then click Add New Location at the top of the window.

  2. Enter the new location information, then click Save.

Delete a location

You can delete a manually created location. Before you do, all data must be transferred to another location. Locations created using your Student Information System (SIS) can’t be deleted using this task.

  1. Click Locations in the sidebar.

  2. Search for a location in the Search Locations field , then select the location you want to delete.

  3. Click Delete Location.

    Make sure you want to delete the location. This action can’t be undone.

  4. Click Delete.

Work with user accounts

About user accounts

Accounts in Apple School Manager are copied from your Student Information System (SIS) or uploaded from .csv files using the Secure File Transfer Protocol (SFTP). They can also be manually created.

If you are connected to your SIS, each user account has read-only information from the source. Additional information, such as the Managed Apple ID and associated password, is added to the account information in Apple School Manager. At no time is data written back to your SIS.

Each user account may have the following information associated with it, which can be viewed in the account list or when an account is selected:

  • Status with image, if provided, and source

  • First, middle, and last name

  • Managed Apple ID

  • Role and location

  • Email address, if provided

  • Managed Apple ID password policy

  • Grade level, if provided

  • Person Number and Person ID

After upgrading, your Apple Deployment Programs account names are changed in Apple School Manager as follows:

  • Program Agent is called Administrator.

  • Administrators are called managers.

    • The accounts used to buy licenses of apps and books from the Volume Purchase Program become Content Managers with the continued ability to buy apps and books.

    • The accounts used to manage MDM servers become device managers.

    For more information about roles, see Role privileges.

User account status

Users can have an account status that varies. Depending on the account status and the account source, you may be able to perform certain actions on that user account.

  • New account: This account is new, and the user has not yet signed in.

  • Active account: This account is active. The user has signed in at least once.

  • Deactivated account: This account has been deactivated, and the user is unable to use their Managed Apple ID to sign in.

  • Locked account: This account has been locked because of too many unsuccessful sign-in attempts.

When the status is “New”

Source

Actions

SIS

Deactivate

SFTP

Deactivate

Manual

Delete

When the status is “Active”

Source

Actions

SIS

Deactivate

SFTP

Deactivate

Manual

Deactivate

Delete

When the status is “Deactivated”

Source

Actions

SIS

Reactivate

Delete

SFTP

Reactivate

Delete

Manual

Reactivate

Delete

When the status is “Locked”

Source

Actions

SIS

Reset Password

SFTP

Reset Password

Manual

Reset Password

Search for user accounts

You can search for user accounts. This is useful when you want to assign roles or reset passwords for a specific set of users.

  1. Click Accounts in the sidebar.

  2. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

View user account information

You can view all information for a user account or for selected accounts.

To view information for a user account:

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select that user from the user list.

    To select more than one account, use the Shift or Command key on the keyboard.

  3. View the account information.

Inspect a user account

You can inspect specific Managed Apple IDs (that is, those used on organization-owned devices that are configured for multiple users). You typically do this when you want to ensure that you comply with your organization’s legal and privacy regulations. Your organization can grant you inspection privileges for accounts that are below you in the school’s hierarchy. For example, teachers can monitor only students. Administrators can inspect not only students but also teachers and managers.

As an authorized user wanting to inspect a Managed Apple ID, you must create special inspection credentials for that ID within Apple School Manager. You can use these credentials only to access that specific Managed Apple ID, and they expire after 7 days. During that period, you can read and modify the user’s content stored in iCloud Drive or in CloudKit-enabled apps.

Every request for access is logged in Apple School Manager. Logs show your name (as inspector), the Managed Apple ID in question, the time of the request, and whether or not the inspection was performed. To discourage misuse of inspections by a single user, all users with the proper inspection privileges can search these access logs.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to inspect.

  3. Click Inspect , then click Continue.

  4. Write down the inspection Managed Apple ID and password then click Done.

    You have 15 minutes to use this temporary Managed Apple ID and password to inspect the user account.

When your inspection is complete, the log is listed in that location’s Inspections section. For more information, see About locations.

Manage student progress

An administrator can enable Student Progress for your organization. When Student Progress is enabled, any user with the role of Instructor can view student progress on activities in ClassKit-enabled apps that they assign using Schoolwork.

Student progress is recorded when:

  • Class rosters are set up in Apple School Manager.

  • The user (generally a student) is a member of at least one class roster.

  • Your organization enables Student Progress.

Note: Students and teachers can use Schoolwork whether or not you choose to enable Student Progress.

Student progress collection stops for all users when your organization disables Student Progress.

Student progress collection stops for selected users when one of the following occurs:

  • Your organization disables Student Progress for selected users.

  • Users with Student Progress enabled are deactivated or deleted.

  • Users with Student Progress enabled are removed from a specific class roster or all class rosters.

Note: Student progress collection doesn’t stop if you change a user’s role to something other than Student.

Enable Student Progress for the entire organization

  1. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  2. In the Student Progress section, click Enable, then click Enable.

  3. After you enable Student Progress, you can disable Student Progress on individual user accounts by going to Accounts.

Disable Student Progress for the entire organization

When you disable Student Progress, Apple School Manager stops collecting new student progress data. However, students and teachers can continue to use Schoolwork even if Student Progress is disabled.

  1. Click Settings at the bottom of the sidebar, then click Accounts below Institution Settings.

  2. In the Student Progress section, click Disable, then click Disable.

  3. If you want to delete all student progress data, click Delete Data.

    Important: After you delete the student progress data, you can’t recover it.

Enable Student Progress for a user

Student progress must be enabled for the entire organization before you can complete this task.

  1. Click Accounts in the sidebar.

  2. Select the user, then click Enable Student Progress.

Disable Student Progress for a user

Student progress must be enabled for the entire organization before you can complete this task.

  1. Click Accounts in the sidebar.

  2. Select the user, then click Disable Student Progress.

  3. Click Disable and Delete to delete any collected student progress data from the account.

Add accounts

Add a user account

You can manually add a user account at any time. When you add an account, you must assign it a role. You may want to manually add an account if, for example, a temporary teacher is added to your school.

  1. Click Accounts in the sidebar.

  2. Click Add New Account in the upper middle of the window.

  3. Enter the following mandatory information:

  4. If necessary, enter the following optional information:

    • Middle initial or name

    • Email address

    • Grade level

    • Person ID: A unique ID to identify this user in your SIS or other database. Use the same Person ID to refer to this person in the following .csv files: rosters, courses, and classes.

    • Person Number: An alphanumeric ID unique to that account, like a badge number

    • SIS user name

  5. Click Save in the bottom-right corner of the window.

  6. Create a sign-in for that user. To create the sign-in, see Create a new sign-in.

Add administrators

You can have up to four additional administrator accounts for Apple School Manager. You should set up at least one additional administrator account in case your original administrator is unable to sign in for any reason. You can also change any manually created manager role to an administrator role.

  1. Click Accounts in the sidebar.

  2. Click Add New Account in the upper middle of the window.

  3. Enter the following mandatory information:

  4. If necessary, enter the following optional information:

    • Middle initial or name

    • Email address

    • Person ID: A unique ID to identify this user in your SIS or other database. Use the same Person ID to refer to this person in the following .csv files: rosters, courses, and classes.

    • Person Number: An alphanumeric ID unique to that account, like a badge number

  5. Click Save in the bottom-right corner of the window.

Add managers

If you have other people in your organization who will manage people, devices, and content, you can add them in Apple School Manager. This lets you spread out responsibility for managing specific tasks—for example, in a large school district or college, where departments may want to manage their own mobile device management (MDM) solution and student list.

Managers can do the following, depending on the type of manager they are:

  • Add students, staff, and classes: Create an ongoing connection to your Student Information System (SIS), or upload .csv files using the Secure File Transfer Protocol (SFTP).

  • Set up devices: Enroll Apple devices in your MDM solution during device activation, and skip basic setup steps to get users up and running quickly.

  • Buy and distribute apps and books: Buy licenses for apps and books so they can be assigned (and in the case of apps, reassigned) by your MDM solution.

  • Configure iTunes U: Add iTunes U information to Apple School Manager.

To add a new manager account

  1. Click Accounts in the sidebar.

  2. Click Add New Account in the upper middle of the window.

  3. Enter the following mandatory information:

  4. If necessary, enter the following optional information:

    • Middle initial or name

    • Email address

    • Person ID: A unique ID to identify this user in your SIS or other database. Use the same Person ID to refer to this person in the following .csv files: rosters, courses, and classes.

    • Person Number: An alphanumeric ID unique to that account, like a badge number

  5. Click Save in the bottom-right corner of the window.

To add a manager role to an existing account

  1. Click Accounts in the sidebar.

  2. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

  4. Select the account to which you want to add a manager role.

  5. Click Edit , select a manager role and location, then click Save.

Manage existing users

Edit account information

You can edit account information, such as the user’s name. Depending on your role, you can do such things as reset a user’s Managed Apple ID password, send them a verification code so they can sign in, or deactivate an account.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select that user from the user list.

    If you select more than one user, some actions, like setting a password policy, can be applied only to users in similar roles.

  3. Click Edit , then select what you want to edit.

    Important: If the user was imported from your Student Information System (SIS) or your SFTP, edit only that user’s Managed Apple ID, role, or password. Otherwise, the account changes to a manually created account, and SIS/SFTP updates to that user’s information are no longer possible.

  4. Click Save, then click Save.

Deactivate user accounts

You can deactivate user accounts so that the selected users are unable to use their Managed Apple ID to sign in. If an account is in a deactivated state for more than 30 days, it will be deleted.

To view which accounts can be deactivated, see User account status.

Deactivate a single account

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to deactivate.

  3. Click Deactivate Account, then click Deactivate.

  4. Click Close or wait for the process to finish, then click Done.

Deactivate multiple accounts

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to deactivate.

  3. Click Change in the Account Status row.

  4. Choose Deactivate from the pop-up menu, then click Continue.

  5. Click Close or wait for the process to finish, then click Done.

Reactivate user accounts

You can reactivate user accounts so that the selected users are able to use their Managed Apple ID again.

To view which accounts can be reactivated, see User account status.

Reactivate a single account

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to reactivate.

  3. Click Reactivate Account, then click Reactivate.

  4. Click Close or wait for the process to finish, then click Done.

Reactivate multiple accounts

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to reactivate.

  3. Click Change in the Account Status row.

  4. Choose Reactivate from the pop-up menu, then click Continue.

  5. Click Close or wait for the process to finish, then click Done.

Delete user accounts

You can delete manually created user accounts; however, active accounts must first be deactivated.

To view which accounts can be deleted, see User account status.

Delete a single account

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to delete.

  3. Click Delete Account.

    Make sure you want to delete the account. This action can’t be undone.

  4. Click Delete, then click Delete.

  5. Click Close or wait for the process to finish, then click Done.

Delete multiple accounts

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to delete.

  3. Click Change in the Account Status row.

  4. Choose Delete from the pop-up menu, then click Continue.

  5. Click Delete, then click Delete.

  6. Click Close or wait for the process to finish, then click Done.

Reset a verification phone number

The administrator, manager, staff, and teacher roles all require a six-digit verification code along with their Managed Apple ID account password. This verification code, which is sent to a phone number associated with the account, enhances the security of Apple School Manager.

Note: New verification codes are required every 30 days.

If the account owner changes phone numbers, you can reset the account to ask for a new phone number. Accounts that have identical privileges or lesser privileges can be reset only by you.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account in the list.

  3. Click Reset Phone Number , then click Reset.

    When the user signs in again, they are prompted to add a new phone number.

Add additional verification phone numbers

For certain administrator and manager accounts, such as a content manager’s, you may want to add more than one verification phone number.

Note: Each phone number will get a code that must be entered to verify that specific number. Have all the phones nearby so the codes can be entered.

  1. Go to https://appleid.apple.com and sign in with your Managed Apple ID.

  2. In the Security section, click Edit.

  3. Click “Add a trusted phone number,” enter the phone number and select Text Message or Phone Call, then click Continue.

  4. Enter the six-digit code, then click Verify.

Assign and reset passwords

About temporary passwords

Apple School Manager creates temporary passwords, valid for 90 days, for accounts that are imported or created. These temporary passwords are for users of the accounts to sign in with their Managed Apple ID, at which point they must change their password. Apple School Manager never shows the password of an account after it has been changed from the temporary password.

For accounts assigned to administrator, manager, staff, or teacher roles, sign-in always requires that person’s Managed Apple ID password and a six-digit verification code.

For accounts assigned to the student role:

  • Students can sign in with their Managed Apple ID and password on devices listed in Apple School Manager.

  • Students can sign in with their Managed Apple ID and password and a six-digit verification code on devices not listed in Apple School Manager. This verification code for students expires after one year.

For more information about sending verification codes, see About verification codes.

Important: Apple devices whose information is uploaded to Apple School Manager handle authentication differently than devices that aren’t listed. For more information about adding devices to Apple School Manager, see Device management overview.

Password policy scenarios

Depending on how student accounts are added to Apple School Manager, the password policy for a particular student may vary, depending on whether the account origin is .csv, manual, or SIS.

Origin

.csv password policy

Location password policy

Value used

Editable in Apple School Manager?

.csv

Yes

None

.csv

No

.csv

Yes

Yes

.csv

No

.csv

None

Yes

Location

No

Manual

N/A

Yes

User’s

Yes

Manual, then .csv

Yes

No

.csv

No

Manual, then .csv

No

Yes

User’s

No

SIS

N/A

Yes

Location

Yes

Set password policies

Before users receive their temporary password, you assign a role and set a password policy for accounts. There are three password policies:

  • Standard password (eight or more numbers and letters)

  • Six-digit passcode

  • Four-digit passcode

For security, the password policy varies depending on the type of role that’s assigned to the user.

Accounts assigned to administrator, manager, staff, or teacher roles must use a standard password. Accounts with a student role can use a standard, six-digit, or four-digit passcode.

If you’ve already assigned roles, you can set the password policy for accounts. For more information about assigning roles, see Role privileges.

Important: The password_policy value in a students.csv file uploaded over SFTP overrides the Location password policy and any password policy previously set. If the password_policy value is left blank in the .csv file, the default password policy for the location can be set as follows:

  • Is used for new accounts

  • Remains unchanged for existing accounts

Set the password policy for a user

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to set the password policy for.

  3. Click Edit , choose the policy from the Password Policy pop-up menu, then click Save.

Set the password policy for multiple users

You can’t set the password policy for multiple roles; each role requires a specific policy.

  1. Click Accounts in the sidebar.

  2. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

  4. Select the accounts you want to edit.

  5. Click Edit in the Password Policy row, then click Edit.

  6. Change the password policy, then click Continue.

  7. Do one of the following:

    • Click Activity to view this activity.

    • Click Done.

Create a new sign-in

When new user accounts are imported to or created in Apple School Manager, you must communicate the initial password to them. When users sign in for the first time, they must create a new password for their Managed Apple ID.

Create a sign-in info for a user

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to set the password policy for.

  3. Click Create Sign-In .

    You can download PDF and .csv files, or you can email the initial passwords to the selected users.

  4. Select your method, click Continue, then do one of the following:

    • If you selected .csv and PDF, click Download and choose from the following:

      • 8-up PDF: This option creates up to 8 users per page. You can cut the page into sections and distribute the appropriate section to each user.

      • 1-up PDF: This option creates a single page for each user.

      • .csv: : This option creates a .csv file with five columns: the user’s Managed Apple ID; their first, middle, and last name; and their initial password.

    • If you selected email, Apple School Manager sends the initial password to the email address listed in the user’s account details. The user receives an email from Apple School Manager with their Managed Apple ID and initial password.

Create a sign-in info for multiple users

  1. Click Accounts in the sidebar.

  2. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

  4. Select the accounts you want to edit.

  5. Click Edit in the Sign-Ins row, then click Create.

    You can download PDF and .csv files, or you can email the initial passwords to the selected users.

  6. Select your method, click Continue, then do one of the following:

    • If you selected .csv and PDF, click Download and choose from the following:

      • 8-up PDF: This option creates up to 8 users per page. You can cut the page into sections and distribute the appropriate section to each user.

      • 1-up PDF: This option creates a single page for each user.

      • .csv: : This option creates a .csv file with five columns: the user’s Managed Apple ID; their first, middle, and last name; and their initial password.

    • If you selected email, Apple School Manager sends the initial password to the email address listed in the user’s account details. The user receives an email from Apple School Manager with their Managed Apple ID and initial password.

Reset passwords

When users forget their password, you can reset it. Resetting their password allows them to get a temporary password, at which time they’ll have to create a new password for their Managed Apple ID.

Resetting passwords

Students have two ways they can reset a password:

  • They can use the password that was previously used.

  • They can use a common series, such as 12345.

    This option is allowed only when resetting a password.

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to reset the password for.

  3. Click Reset Password for a single user, or click Create in the Sign-Ins row.

    You can download PDF and .csv files, or you can email the temporary passwords to the selected users.

  4. Select your method, click Continue, then do one of the following:

    • If you selected .csv and PDF, click Download and choose from the following:

      • 8-up PDF: This option creates up to 8 users per page. You can cut the page into sections and distribute the appropriate section to each user.

      • 1-up PDF: This option creates a single page for each user.

      • .csv: : This option creates a .csv file with five columns: the user’s Managed Apple ID; their first, middle, and last name; and their initial password.

    • If you selected email, Apple School Manager sends the temporary password to the email address listed in the user’s account details. The user receives an email from Apple School Manager with their Managed Apple ID and temporary password.

Sign out devices

If you’ve successfully configured federated authentication, you can sign a user out of all devices associated with their earlier Apple School Manager sign-in.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to change.

  3. Click More , select Sign Out Devices, then click Sign Out Devices.

    The user must sign back in with their federated account information.

Create Shared iPad passcodes

If you’ve successfully configured federated authentication and a student needs their Shared iPad passcode, perform this task so they can sign in to Shared iPad.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to change.

  3. Click More , then select Create Shared iPad Passcode .

  4. Select how the passcode will be delivered, then click Continue.

  5. Click Sign Out Devices, then do one of the following:

    • Click Download to choose the format of the new passcodes, click Download, then click Done.

    • Click Activity to view this activity.

    • Click Done.

Reset Shared iPad passcodes

If you’ve successfully configured federated authentication and a student forgets their Shared iPad passcode, perform this task so they can sign in again.

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to change.

  3. Click More , then select Reset Shared iPad Passcode .

  4. Enter a new-four digit passcode, click Continue, select how the passcode will be delivered, then click Continue.

  5. Click Sign Out Devices, then do one of the following:

    • Click Download to choose the format of the new passcodes, click Download, then click Done.

    • Click Activity to view this activity.

    • Click Done.

Send codes

About verification codes

Verification codes are six-digit codes dynamically created so users who require additional verification can sign in to Apple School Manager and use their Managed Apple ID account.

The administrator, manager, staff, and teacher roles all require a six-digit verification code along with their Managed Apple ID account password. This enhances the security of Apple School Manager.

Student accounts that are not associated with a Mac or iPad listed in Apple School Manager require a six-digit verification code along with their Managed Apple ID account password. This verification code for students expires after one year.

Send verification codes

You can send students verification codes so they can use their Managed Apple ID to sign in to iCloud (using Safari), to the iCloud preferences pane (on a Mac), or to an iPad (with Shared iPad).

Send a verification code to a user

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to send a verification code to.

  3. Click Verification Code .

    You can download PDF and .csv files, or you can email the verification codes to the selected user.

  4. Select your method, click Continue, then do one of the following:

    • If you selected .csv and PDF, click Download and choose from the following:

      • 1-up PDF: This option creates a single page for the user.

      • .csv: This option creates a .csv file with five columns, the user’s Managed Apple ID, their first, middle, and last name, and their verification code.

    • If you selected “Send as an email,” click Continue.

      Apple School Manager sends the verification code to the email address listed in the user’s account details. The user receives an email from Apple School Manager with their Managed Apple ID and verification code.

Send verification codes to multiple users

  1. Click Accounts in the sidebar.

  2. Search for accounts in the Search Accounts field, then select the accounts you want to send a verification code to.

  3. Click Create in the Verification Codes row.

    You can download PDF and .csv files, or you can email the verification codes to the selected user.

  4. Select your method, click Continue, then do one of the following:

    • If you selected .csv and PDF, click Download and choose from the following:

      • 8-up PDF: This option creates up to 8 users per page. You can cut the page into sections and distribute the appropriate section to each user.

      • 1-up PDF: This option creates a single page for each user.

      • .csv: This option creates a .csv file with five columns, the user’s Managed Apple ID, their first, middle, and last name, and their verification code.

    • If you selected “Send as an email,” click Continue.

      Apple School Manager sends the verification code to the email address listed in the user’s account details. The user receives an email from Apple School Manager with their Managed Apple ID and verification code.

Manage classes

Manually create a class

A class is a group of individuals, composed mostly of student accounts. Each class is assigned at least one teacher. Your mobile device management (MDM) solution makes these classes available for use in the Classroom app for iPad. Manually created classes are named using a combination of the following:

  • Class number

  • Course name

  • Course number

Note: Some features require Shared iPad.

For more information about Shared iPad, see Use Shared iPad in the Mobile device management (MDM) settings.

For more information about Classroom, see:

  1. Click Classes in the sidebar.

  2. Click Add a New Class .

  3. Provide class information:

    • Course name (optional)

    • Class ID (optional)

    • Class number (optional)

    • Location

    • Students (optional)

    • Teacher (optional)

  4. Click Save.

Search for and view classes

Search the Classes table to find a subset of your classes, assign a teacher to multiple classes, assign a student to multiple classes, delete multiple classes, and more.

To search for classes:

  1. Click Classes in the sidebar.

  2. If necessary, click Filter , then select the field to search.

  3. Select the class and view the class information.

  4. If applicable, click Show to show the students in the class.

Edit a class

Only classes created manually can be edited or deleted.

Add students to a class

  1. Click Classes in the sidebar.

  2. Search for, then select, the class you want.

  3. Click Edit , then click Add in the Students section.

  4. Search for the student or students you want to add, then click Add.

  5. When you are done adding students click Done, then click Save.

Add students to multiple classes

  1. Click Classes in the sidebar.

  2. Search for, then select, the classes you want.

  3. Click Add in the Add Student row.

  4. Search for the student or students you want to add, then click Add.

  5. When you are done adding students click Done, then click Save.

Change the location of a class

  1. Click Classes in the sidebar.

  2. Search for, then select, the class you want.

  3. Click Edit , then change the location of the class.

  4. Click Save.

Delete a class

  1. Click Classes in the sidebar.

  2. Search for, then select, the class you want.

  3. Click Delete Class.

  4. Review the information in the dialog, then click Delete.

Assign roles

Role management

Every Apple School Manager account has one or more roles that define what the user of the account can do. Certain roles can manage other roles. For example, an account that has the role of teacher can act on an account that has the role of student. In this way, a teacher can change a student’s passcode.

WARNING: If an administrator, manager, or teacher is also assigned a student role, they will be unable to buy apps and books.

Roles window in Apple School Manager.

An overview of the Roles window:

Certain roles can act on other roles. For example, an administrator can change settings for any other role, while users with a teacher role can only change settings for students.

Role

Can act on the following other roles

Administrator

Other administrators

Site manager

People manager

Device manager

Content manager

Manager

Staff

Teacher

Student

Site Manager

Other site managers

People manager

Device manager

Content manager

Manager

Teacher

Staff

Student

People Manager

Other people managers

Site manager

Device manager

Content manager

Manager

Staff

Teacher

Student

Device Manager

None

Content Manager

None

Manager

Staff

Teacher

Student

Staff

None

Teacher

Student

Student

None

Role privileges

Each role consists of a set of privileges; if you add or remove a privilege, it affects all accounts that have that role. Student roles have very limited privileges, teacher and manager roles have more, and the administrators have the most.

Basic privileges

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Accept terms and conditions

Required

Always off

Always off

Always off

Always off

Always off

Edit privileges for other roles

Required

Required

Required

Always off

Always off

Always off

Transfer app and book licenses between locations

Required

Always off

Always off

Always off

Always off

Always off

Add Apple customer numbers and DEP Reseller IDs

Required

Always off

Always off

Always off

Always off

Always off

Set organization tax status information

Required

Always off

Always off

Always off

Always off

Always off

Configure organization settings, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Configure SIS information

Required

Required

Required

Always off

Always off

Always off

Configure federated authentication

Required

Required

Required

Always off

Always off

Always off

Create, edit, and delete locations

Required

Required

Required

Always off

Always off

Always off

Set the default Managed Apple ID user name format

Required

Required

Required

Always off

Always off

Always off

Set the default password policy for new students

Required

Required

Required

Always off

Always off

Always off

Manage device settings, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Manage MDM servers

Required

Required

Always off

Required

Always off

Always off

Add, assign, and remove devices

Required

Required

Always off

Required

Always off

Always off

Other basic privileges, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Use managed devices

Required

Required

Required

Required

Required

Required

Use managed apps and books

Required

Required

Required

Required

Required

Required

Sign in to iCloud.com with a Managed Apple ID

Required

Required

Required

Required

Required

Required

People privileges

Manage Managed Apple IDs, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Create, edit, and delete Managed Apple IDs

On by default

On by default

On by default

Always off

Always off

On by default

Assign roles to users

On by default

On by default

On by default

Always off

Always off

On by default

Change students’ password policies

On by default

On by default

On by default

Always off

Always off

On by default

Generate AppleCare Support PIN for users

On by default

On by default

On by default

Always off

Always off

On by default

Change account status of users

On by default

On by default

On by default

Always off

Always off

On by default

Perform and view account inspection privileges, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Inspect user accounts

On by default

On by default

On by default

Always off

Always off

On by default

View account inspection log

On by default

On by default

On by default

Always off

Always off

On by default

Privileges for creating, editing, and deleting classes, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Create, edit, and delete classes

On by default

On by default

On by default

Always off

Always off

On by default

Privileges to reset passwords and generate verification codes, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Reset passwords

On by default

On by default

On by default

Always off

Always off

On by default

Generate verification codes

On by default

On by default

On by default

Always off

Always off

On by default

Content privileges

Configure content settings, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Buy apps and books

On by default

On by default

Always off

Always off

On by default

Off by default

View App and Book Store

On by default

On by default

Always off

Always off

On by default

On by default

Contribute to organization’s iTunes U public website

On by default

On by default

Always off

Always off

Always off

On by default

Request, connect, or publish to organization’s iTunes U public site manager

On by default

On by default

Always off

Always off

Always off

On by default

Privileges to manage apps and books, as shown in the following table:

Privilege

Administrator

Site Manager

People Manager

Device Manager

Content Manager

Manager

Reassign licenses for apps and books

On by default

On by default

Always off

Always off

On by default

On by default

Hold unassigned licenses for apps and books

On by default

On by default

Always off

Always off

On by default

On by default

Note: You can migrate a Volume Purchase Program (VPP)-only account into Apple School Manager.

Teacher privileges

Configure teacher settings, as shown in the following table:

Privilege

Teacher

Use managed devices

Required

Sign in to iCloud.com with a Managed Apple ID

Required

Use managed apps and books

Required

Inspect student accounts

On by default

View account inspection log

On by default

Create, edit, and delete classes

Off by default

Reset passwords for students

On by default

Generate verification codes for students

On by default

View App and Book Store

Off by default

Contribute to organization’s iTunes U public website

On by default

Staff

Configure staff settings, as shown in the following table:

Privilege

Staff

Use managed devices

Required

Sign in to iCloud.com with a Managed Apple ID

Required

Use managed apps and books

Required

Student privileges

Configure student settings, as shown in the following table:

Privilege

Student

Use managed devices

Required

Sign in to iCloud.com with a Managed Apple ID

Required

Use managed apps and books

Required

View roles

To view or edit roles, you need to have the appropriate privileges. You’re unable to add a privilege that you yourself don’t have.

View a role

  1. Click Roles in the sidebar.

  2. Select a role.

  3. View the role and a list of the privileges associated with it.

  4. Click Show to view individuals who hold that role.

Edit a role’s privileges

You can edit the privileges of the following roles:

  • Site Manager

  • Manager

  • Instructor

  1. Click Roles in the sidebar.

  2. Select a role, click Edit , then do one of the following:

    • To remove a privilege from a role, uncheck its check box, then click Save.

    • To add a privilege, check its check box, then click Save.

Assign roles

Roles are location based. This means that an account can be assigned a teacher role in one location but be assigned a manager role in another location.

WARNING: If an administrator, manager, or teacher is also assigned a student role, they will be unable to buy apps and books.

Accounts can have several roles assigned to them. It’s a good idea to plan role assignments before assigning any roles.

Edit the role for a user

  1. Click Accounts in the sidebar.

  2. Search for an account in the Search Accounts field, then select the account you want to change.

  3. Click Edit , select a role and location, then click Save.

Edit the role for multiple users

  1. Click Accounts in the sidebar.

  2. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

  4. Select the accounts you want to edit.

  5. Click Edit in the Account Info row, then click Add.

  6. Change the role and location, then click Continue.

  7. Do one of the following:

    • Click Activity to view this activity.

    • Click Done.

Manage devices

Device management overview

Apple School Manager provides a fast, streamlined way for you to deploy Apple devices that your institution has purchased directly from Apple or from a participating Apple Authorized Reseller or carrier. You can automatically enroll devices in your mobile device management (MDM) solution without having to physically touch or prep the devices before users get them. And with your MDM solution, you can further simplify the setup process for users by removing specific steps in Setup Assistant, so users are up and running quickly.

You can also control whether a user can remove the MDM profile from the device. For example, you can order the devices from Apple, configure all the management settings, and have the devices shipped directly to the user’s home address. After the device is unboxed and activated, the device is automatically enrolled in your MDM solution and all management settings, apps, and books are ready for the user.

MDM servers window in Apple School Manager.

Here’s how this simple process works: After enrolling in the program, an Apple School Manager manager with the proper privileges signs in to the program website, links one or more MDM servers to the account, and then associates specific devices to one of the MDM servers. The devices can then be assigned to users with MDM. After a device is activated, any MDM-specified configurations, restrictions, or controls are automatically installed.

Note: To see whether an Apple program is available in your country or region, go to the Apple Support article Availability of Apple programs for education and business.

Manage device suppliers

You can add your Apple customer numbers and DEP Reseller IDs by adding supplier information as necessary. For example, a large organization may have more than one Apple customer number. If you don’t add these during enrollment, you can add them at any time.

Communicate and enter ID information

If you purchase devices through participating Apple Authorized Resellers or carriers, you must complete all three steps below, so orders placed with that reseller or carrier appear in Apple School Manager:

  • Communicate your organization’s DEP Customer ID to the participating Apple Authorized Reseller or carrier, and verify that they received it.

  • Add the DEP Reseller ID of your participating Apple Authorized Reseller or carrier to your supplier list.

  • Arrange with your participating Apple Authorized Reseller or carrier to have them submit your orders through their portal to Apple (it won’t happen automatically).

Important: If you don’t know the DEP Reseller ID of your participating Apple Authorized Reseller or carrier, contact them for assistance.

Add a DEP Reseller ID or an Apple customer number

  1. Click Settings at the bottom of the sidebar, then click Device Management Settings below Institution Settings.

  2. Click Edit next to Customer Numbers, enter your Apple customer numbers or DEP Reseller IDs, then click Done.

    If the Add button is missing or dimmed, this information may already be saved.

    Note: When entering your Apple customer numbers, leave off any leading zeros.

View device order information

When a participating Apple Authorized Reseller or carrier submits an order for you, Apple sends you one or more email messages on behalf of the reseller or carrier. These email messages, which are sent to the administrator, are from Apple School Manager, with the address noreply@email.apple.com. Be sure to add this address to your approved list so that spam filters don’t mark the messages as junk mail.

There are five types of messages, all shown in Greenwich Mean Time (GMT). The message subject lines and descriptions follow here.

Devices Submitted

As soon as orders are submitted by the participating Apple Authorized Reseller or carrier, the administrator receives an email message, with the order numbers and order dates, which states:

“The following order was submitted by name of reseller on your behalf for enrollment in Apple School Manager and received by Apple on date, time, and time zone.

We will notify you when the devices are available for enrollment.”

Devices Pending

If the DEP Reseller ID hasn’t been added to the list of device suppliers, the administrator receives an email message, with the order numbers and order dates, which states:

“The devices submitted by name of reseller on your behalf on date, time, and time zone will not be available for enrollment in Apple School Manager until you add them as a reseller.

Please contact Apple School Manager support if you did not authorize this submission or otherwise believe it was made in error.”

Devices Available

After the orders are processed, the administrator receives an email message, with the order numbers and order dates, which states:

“The devices submitted by name of reseller on your behalf and received by Apple on date, time, and time zone are now in Apple School Manager.

If you did not authorize this submission or if you believe it was made in error, you can remove the devices by going to the “Manage Devices” area in your Apple School Manager account. You can also contact Apple Support for further information.”

Submission Error

If an error occurs in the submission process, the administrator will receive an email message with the order numbers and order dates, which states:

“There were errors in the submission made by name of reseller on your behalf to Apple School Manager on date, time, and time zone. Please follow up with name of reseller for additional details.”

Devices Removed

When devices are removed, the administrator receives an email message, with the order numbers and order dates, which states:

“One or more devices from the following order submitted by name of reseller on date, time, and time zone has been removed from your account.

This could be the result of a product return you initiated with them or a correction to a prior submission. Please contact name of reseller for more details.”

Manage mobile device management (MDM) servers

Add MDM servers

You must create at least one mobile device management (MDM) server before you can begin assigning devices. Before you create your server, review the certificate, security, and naming information below.

MDM server security

Every server you create must be known to Apple and must be securely authorized using a two-step verification process. The verification process involves creating and installing a server token on your MDM server. For information about how to transfer the token, see your MDM vendor’s documentation.

MDM server names

When you name each server, you don’t need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room, or job function (but you can’t use the same name for multiple servers).

MDM server certificates

Before you add an MDM server, get the public key certificate file (ending in .pem or .der) from your MDM vendor for each server you want to add. See the MDM vendor’s documentation for information about getting the server’s public key certificate.

Server tokens expire after one year, and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple School Manager, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.

Add MDM servers

  1. Click Settings at the bottom of the sidebar, then click Device Management Settings below Institution Settings.

  2. Click the Add MDM Server button then enter a unique name for the server.

    If you don’t want this MDM server to have the ability to release devices, see Release devices.

  3. Upload the public key certificate file, then click Save.

  4. Click Download Token then click Download Server Token.

  5. You must now upload the server token to a specific MDM solution. Consult your MDM vendor’s documentation to complete this step.

  6. Repeat steps 1 through 5 for any other MDM servers you want to add.

Edit MDM servers

A user with the proper privileges may sometimes need to edit MDM server information. For example, a user must replace the active server token on an MDM server in these situations:

  • When a new public key is created or if a new server token is generated

  • When the Managed Apple ID password of the user who downloaded the initial token is changed

  • As a security measure, when the user who downloaded the original token leaves your organization

Edit MDM servers

  1. Click Settings at the bottom of the sidebar, select your MDM server under the MDM Server list, then click Edit.

    • Set or change the device types associated with this MDM server

    • View or rename the server

    • View the last connected IP address

    • View or upload a new public key certificate

    • View, generate, or download a new server token

    • Delete the server and assign devices to another server

    • View assigned devices and get a breakdown by device type and quantity

    • Download a comma-separated value (.csv) file that contains the serial numbers of all assigned devices

  2. After you make changes or download your .csv file, click Apply.

Set a default MDM server

You can set an MDM server as the default server for any devices currently not enrolled in Apple School Manager. Devices that are already enrolled must be manually reassigned. A default server can also be set for specific device types. For example, you can have a default MDM server for Mac computers and another default MDM server for iPad devices.

  1. Click Settings at the bottom of the sidebar, select your MDM server under the MDM Server list, then click Edit.

  2. Select the device type to automatically add to the selected MDM server, then click Apply.

Delete MDM servers

You can delete an MDM server and reassign or unassign devices that are currently assigned to it.

Delete MDM servers

  1. Click Settings at the bottom of the sidebar, select your MDM server under the MDM Server list, then click Edit.

  2. Click Delete MDM Server, then click OK.

  3. Select the MDM server that the devices will be reassigned to.

  4. Click Reassign & Delete.

Important: If a server that has devices assigned to it goes offline instead of being deleted (for example, due to a network issue), devices associated with that server are managed with the last known configuration until they’re assigned to a new server, or erased and reactivated.

Manage device assignments

Assign devices added from Apple Configurator 2

You can add iOS and tvOS devices to Apple School Manager using Apple Configurator 2, regardless of where the devices were purchased. When you set up a device that has been manually enrolled, it behaves like any other enrolled device, with mandatory supervision and mobile device management (MDM) enrollment. For devices that weren’t purchased directly, the user has a 30-day provisional period to remove the device from enrollment, supervision, and MDM.

There are several ways to add devices to one of the programs in Apple Configurator 2:

You don’t enable “Activate and complete enrollment”

You check this if you have a new or existing device that requires unique user authentication to enroll in MDM. The device is left at the Setup Assistant, and the user completes the enrollment.

You enable “Activate and complete enrollment”

You check this if you have an existing device that already has a record in, and is managed by, your MDM. This can include managing all the Setup Assistant steps so that the user gets a device that’s ready to use.

After a device is added by Apple Configurator 2

The device is placed into a group named “Devices added by Apple Configurator 2” in the Devices section in Apple School Manager. You can then assign the device to one of your MDM servers. After assigning a device to your MDM server, any settings assigned by Apple Configurator 2 are no longer used for enrollment.

Important: You may need to refresh the list of devices in your MDM solution before these newly added devices appear.

Assign devices

Your account contains a record of all the orders you have placed directly with Apple after March 1, 2011. Because accounts with participating Apple Authorized Resellers or carriers may not keep records going back to March 1, 2011, consult your participating Apple Authorized Reseller or carrier for your account’s order timeline.

Before you can assign devices, you must have entered your appropriate Apple customer number and/or communicated your DEP Customer ID to a participating Apple Authorized Reseller or carrier and added their DEP Reseller ID to your account. For information, see Manage device suppliers.

Note: When entering your Apple customer number, leave off any leading zeros.

Device assignments in Apple School Manager.

Secure sensitive data

During the device configuration process, you can increase the security of sensitive data by ensuring that you have appropriate security measures in place. For example:

  • Have your users authenticate as part of the initial setup flow in the Apple device’s Setup Assistant during activation.

  • Provide a preliminary configuration with limited access and require additional device configuration in order to access sensitive data.

Device assignment options

After an order ships, you can search for the order number and use it to assign devices to an authorized MDM server. For example, when you place an iPad order for 5000 units, you can use the order number to assign all, or a specific number of, devices to an existing authorized MDM server. There are three ways to assign devices:

  • Serial number: You can assign devices by serial number to a specific MDM server. This method makes sense if the devices you need to assign are few in number, in your physical possession, and easy to erase. You can search for serial numbers using the search field at the top of the window.

  • Order number: Assigning devices by order number makes sense if a single MDM server is used for an entire device deployment (or a single order) and if devices are still in their original packaging and are going directly to the users. Order numbers also show the vendor. For example, orders purchased from Apple will appear as “Order number - Apple Inc. (Direct).” Orders purchased from a participating Apple Authorized Reseller or carrier will appear as “Order number - Name of reseller.”

  • Upload CSV file: You can upload a .csv file containing only the serial numbers you want. You can use this method when a specific group of users’ devices needs to be managed by a specific MDM server. You can also download a .csv file for a specific order number, split the file into smaller files, and upload those .csv files and assign them to specific MDM servers.

  1. Click Device Assignments in the sidebar, then choose the method for device assignment:

    • If you choose Serial Number: Enter each serial number separated by a comma.

    • If you choose Order Number: The quantity and type of devices are shown.

    • If you choose Upload CSV File: You also upload a comma-separated value (.csv) file that contains a list of device serial numbers.

  2. Choose Assign to Server from the Perform Action pop-up menu, select the MDM server to associate the specified devices with, then click Done.

Unassign devices

You can unassign devices from an MDM server. For example, if a device is moved from one location to another, you can unassign it from one MDM server and assign it to another MDM server. If you keep the device in the program, it simply becomes associated with another MDM server.

You can also unassign devices by removing the MDM server that they’re associated with.

  1. Click Device Assignments in the sidebar and choose the method for device unassignment:

    • If you choose Serial Number: Enter each serial number separated by a comma.

    • If you choose Order Number: View the quantity and type of devices.

    • If you choose Upload CSV File: You also upload a comma-separated value (.csv) file that contains a list of device serial numbers.

  2. Choose Unassign Devices from the Perform Action pop-up menu, then click Done.

You can reassign devices to a different MDM server at any time.

Release devices

Devices can be removed from Apple School Manager. You remove a device from the program if it’s been sold, lost, or can’t be repaired. This is called releasing a device. Under the terms and conditions of Apple School Manager, you are legally required to release any devices you no longer own.

You can also allow your MDM solution to release devices. This method doesn’t require you to sign in to Apple School Manager. This feature is enabled by default when you add an MDM server. You can remove this feature by unchecking the box, Allow this MDM Server to release devices for any new or existing MDM servers you created.

Important: If an iOS device or Apple TV is removed from Apple School Manager, it can be added back using Apple Configurator 2.5 or later. Mac computers can’t be added back.

  1. Click Device Assignments in the sidebar and choose the method for device disownment:

    • If you choose Serial Number: Enter each serial number separated by a comma.

    • If you choose Order Number: The quantity and type of devices are shown.

    • If you choose Upload CSV File: You also upload a comma-separated value (.csv) file that contains a list of device serial numbers.

  2. Choose Release Devices from the Perform Action pop-up menu, then click Done.

  3. Carefully read the “Are you sure you want to release this device?” dialog, then click Release.

  4. Click OK.

  5. Verify that the devices have been removed by searching for the serial numbers in the search field at the top of the window.

Review device assignments

You can review details of your device assignments, including:

  • The order numbers

  • The date the devices are assigned or unassigned

  • Who assigned (or unassigned) the devices to a specific MDM server

  • The name of the MDM server that the devices have been assigned to or unassigned from

  • The total number of devices, organized by device group

You can also download a .csv file containing the serial numbers of all the devices (assigned or unassigned) for each MDM server.

  1. Click Assignment History in the sidebar.

  2. Click an assignment to get more information.

  3. To download a .csv file with the serial numbers associated with an assignment, click Download.

Assign a device that was serviced and replaced

If you replace an iOS device currently enrolled in Apple School Manager through an Apple Authorized Service Provider, the replacement device is usually also available for enrollment. You can manually assign the device to a server using your order number. To find replacement devices, search for order numbers that begin with the letter R.

If you replace a device that was assigned to a specific MDM server, the replacement device is automatically assigned to the same server.

If you have a Mac enrolled in Apple School Manager and that Mac is serviced, it remains enrolled unless the logic board is replaced. If your Mac logic board is replaced, you can reenroll the Mac in mobile device management manually.

Buy apps and books

Overview

Apple School Manager and your MDM solution work together so your organization can buy apps and books in volume, assign them to devices or users, and then install and update them wirelessly, even if the App Store is disabled.

You can also revoke and reassign apps to different devices and users, so your organization retains full ownership and control of purchased apps. You can assign the apps you buy through Apple School Manager to any devices or users in any country where the app is available from the App Store in that country.

Note: Books obtained from the Books app, once assigned, become the property of the Managed Apple ID and can’t be reassigned.

If you have current Volume Purchase Program (VPP) accounts, you should migrate them using the information contained in this topic. If you want to continue to use the VPP Store, see:

Content type

Can be assigned to macOS and iOS devices

Can be assigned to users

App

Yes

(iOS 9 or later)

(OS X 10.11 or later)

Yes

Book

No

Yes

The App Store and Apple Books feature thousands of apps and books for education. Apple School Manager gives organizations a simple way to buy those apps and books in an area called Apps and Books. When you buy apps there, you can access special pricing for 20 or more copies if you’re an eligible education organization—either an organization for grades K–12 (or their districts), or one for higher education if the organization is accredited and grants degrees. For books, special pricing is not available.

Plan for migration to Apps and Books

To get started migrating, Content Managers with VPP accounts must migrate their licenses to a location in Apps and Books. For the best migration experience, organizations should map each purchaser to a unique location to ensure that all licenses (assigned and unassigned) are automatically moved during the initial migration. It’s recommended that you move all Content Managers at the same time. This can be done by each Content Manager, or by an administrator with access to all accounts.

For more information on migrating VPP accounts, go to the Apple Support article Invite Volume Purchase Program (VPP) Purchasers to Apple School Manager.

Map each purchaser to a unique location.

After migration, licenses are associated with the location they migrated to rather than with the purchaser’s legacy token. If a Content Manager migrates to a location that already has licenses in it, only their unassigned licenses are moved to the location during initial migration. (This process avoids any disruption to license assignments in MDM.) Assigned licenses remain associated with the purchaser’s legacy token. After these licenses are unassigned in MDM, they can be moved to a location in the Apps and Books section of Settings.

For more information, see Invite VPP Purchasers to Apple School Manager.

Note: If a Content Manager account has VPP credit associated with it, the credit remains associated with that purchaser. VPP credit isn’t transferred to the chosen location. For more information on VPP credit, see Buy VPP credit.

Transfer licenses

Within your organization, you can move licenses from one location to another. You can also transfer licenses in order to consolidate VPP purchases from multiple accounts or to decentralize and distribute licenses to match your organization’s structure. (For example, a location in Apple School Manager might represent a building, a department, or a group.)

To transfer licenses in Apps and Books, search for and then select an app in your library. In the details section, you can view the number of available licenses at each location you have access to.

Click Transfer, then in the pop-over, enter both the number of licenses (up to 24,999 at a time) and the location where you want to move them. The transfer, which may take a few minutes, is reflected in the number of licenses at the new location. The new number of licenses for the location token is also reflected in your MDM solution. Check your MDM documentation for the expected behavior.

Note: Transfers won’t disrupt license assignments in MDM. Only unassigned licenses can be transferred to another location.

Invite VPP Purchasers to Apple School Manager

If you have VPP Purchasers that weren’t included when you upgraded to Apple School Manager, you can invite them to your organization.

  1. Click Settings at the bottom of the sidebar, then click Enrollment Information below Institution Settings.

  2. Click Invite VPP Program Facilitator at the bottom of the page.

  3. Enter the Apple ID of the VPP Program Facilitator account you want to invite in to your Apple School Manager, then click Invite.

The user receives an email with a link to join your organization. After they sign in to Apple School Manager, they’ll be asked to upgrade their account. After they upgrade, they can start using Apple School Manager, and you'll see the account as a Content Manager in your main location.

Add Content Managers to locations

It’s easy for you to add Content Managers. The Content Managers can buy on behalf of a specific location. You may want additional Content Managers, especially when it’s time to renew the location token in your MDM solution. Content Managers with access to multiple locations can then move licenses between locations.

Because administrators have access to all locations, it’s recommended that they be the ones to renew tokens for all the locations at once. Another reason to use the administrators is that they’re also probably the ones managing the MDM solutions.

Plan for app and book distribution

App and book distribution works best when apps and books are assigned before devices are configured or given to users. After the user receives the device and completes the Setup Assistant, your MDM solution can send the user an invitation by email or push notification. When the user accepts the invitation, the user has access to all of the apps and books assigned by MDM—which MDM can install on the user’s device remotely.

Tip: To simplify your deployment, it is highly recommended that you assign apps to devices instead of users. With device-based app assignment, there’s no invitation process or requirement to use an Apple ID on the device. Books can’t be assigned to devices.

To alleviate bandwidth saturation during the initial mass deployment, consider distributing only the apps necessary for the first day of class, and make additional apps available to users for download over time. If the device is supervised, apps are installed silently by your MDM solution. Consult your MDM solution’s documentation to learn how to assign and deploy apps and books.

Apps that are assigned to a device through your MDM solution:

  • May be automatically removed when a user unenrolls the device from MDM.

    This also applies to user assigned apps.

  • Don’t automatically reinstall after an iTunes or iCloud restore from backup.

Note: To see whether purchasing apps and books in volume is available in your country or region, go to the Apple Support article Availability of Apple programs for education and business.

Buy required apps and books for initial deployment

As soon as possible, buy any apps or books required for your initial deployment. Both paid and free content can be acquired using Apple School Manager. To learn about purchasing content, see Select and buy content.

Availability of app licenses depends on the amount purchased:

  • 5000 licenses and under are immediately processed.

  • 5001 to 19,999 licenses are processed after 1:00 PM Pacific daily.

  • 20,000 licenses or more are processed after 4:00 PM Pacific daily.

Acquire productivity and creativity apps

New iOS devices come with free copies of popular productivity and creativity apps from Apple, which include Pages, Numbers, Keynote, GarageBand, and iMovie. Users can claim these licenses upon using the devices for the first time. To learn how to acquire these apps with Apple School Manager so your organization can manage the licenses, see Get Apple apps through the Volume Purchase Program.

Tip: MDM solutions communicate with Apple School Manager to assign apps and books to users. A token is required for your MDM solution to communicate with Apple School Manager. Contact your MDM vendor for specific information about installing the token in your MDM solution. Tokens expire annually, so make note of your token’s renewal date upon installation. To avoid interruption of service, remember to download an updated token and upload it to your organization’s MDM solution before your current token expires.

Select and buy content

Apps and Books provides a streamlined purchasing process. You can buy apps and books from the App Store and Apple Books.

Note: Some Apple Books content is not available in certain countries or regions. To see whether certain Apple Books content is available in your country or region, go to the Apple Support article Availability of Apple programs for education and business.

Search for an app or book

  1. Sign in with a Content Manager account.

  2. Select Apps and Books in the sidebar.

  3. Click in the Search Accounts field above the Search bar, then enter your search criteria.

  4. Click Filter in the Search bar if you want to choose additional fields to filter your search results.

Buy licenses

Note: If you want to buy redemption codes, you must use the Volume Store to do so.

  1. Select the app or book in the search results list that you want to buy.

  2. Select the location where the app or book licenses will be initially assigned.

  3. Enter the number of licenses and if necessary, change the payment method.

  4. Click Buy.

    Availability of app licenses depends on the amount purchased:

    • 5000 licenses and under are immediately processed.

    • 5001 to 19,999 licenses are processed after 1:00 PM Pacific daily.

    • 20,000 licenses or more are processed after 4:00 PM Pacific daily.

Manage licenses

  1. Select the location that has the app you want to reassign, then click Transfer.

  2. Select the quantity and where you want to transfer the license, then click Transfer.

Note: Books obtained from the Books app, once assigned, become the property of the Managed Apple ID and can’t be reassigned.

Assign licenses

  • Consult your MDM solution’s documentation on how to assign apps to devices or users and books to users.

Read log files

What are log files?

Apple School Manager maintains a log of all activities you perform. These log files are an important source of troubleshooting in case an activity fails to complete successfully. If an activity fails to complete, review the log file, locate and correct the error, and then attempt the activity again.

Activity

Description

Create sign-in information

Generate a .csv or PDF or send a mail message with sign-in information.

Create verification codes

Generate a .csv or PDF or send a mail message with a verification code.

Set password policy

Change student’s password policy.

Assign a role to a location

Add a role and location to an account.

Edit a Managed Apple ID

Edit an account’s Managed Apple ID.

Disconnect from your source

Disconnect from your Student Information System (SIS) or your Secure File Transfer Protocol (SFTP) uploads and save all accounts and classes locally in Apple School Manager.

Delete an account

Delete an account.

Deactivate an account

Deactivate an account.

Reactivate an account

Reactivate an account.

Add students to classes

Add a student or students to specific classes.

Delete classes

Delete classes.

Change class location

Change the location of the class.

Sync activity

Automatic syncing of records.

Log errors

If an activity completes successfully, the log message is UPDATE. If an activity fails to complete, the log file generates messages to help you understand how to correct the error. Below are the description and actual log messages, their classification, and their associated activity. Search for these messages in the log file when an activity fails.

Description

Message and classification

Associated activity

No privilege

NOT_ENOUGH_PRIVILEGE

WARNING

Create sign-in information

Create verification codes

Set password policy

Assign a role to a location

Delete an account

Deactivate an account

Reactivate an account

Add students to classes

Delete classes

Change class location

Edit a Managed Apple ID

Active account

OPERATION_NOT_ALLOWED

WARNING

Delete an account

Reactivate an account

New and synced account

OPERATION_NOT_ALLOWED

WARNING

Delete an account

Inactive account

OPERATION_NOT_ALLOWED

WARNING

Create sign-in information

Create verification codes

Set password policy

Assign a role to a location

Deleted or claimed account

NOT_FOUND

WARNING

Create sign-in information

Create verification codes

Set password policy

Assign a role to a location

Delete an account

Deactivate an account

Reactivate an account

No email on file

NO_EMAIL

WARNING

Create sign-in information

Create verification codes

Server error

INTERNAL_ERROR

ERROR

Create sign-in information

Create verification codes

Licenses associated with account

OPERATION_NOT_ALLOWED_BY_VPP

Delete an account

Not a user

NOT_ENOUGH_PRIVILEGE

WARNING

Create sign-in information

Create verification codes

Set password policy

Password policy synced

OPERATION_NOT_ALLOWED

WARNING

Set password policy

Deactivating self

NOT_ENOUGH_PRIVILEGE

WARNING

Deactivate account

New manual account

OPERATION_NOT_ALLOWED

WARNING

Deactivate an account

Improper MS privileges

NOT_ENOUGH_PRIVILEGE

WARNING

Use federated authentication

Mismatching domains

NOT_FOUND

WARNING

Use federated authentication

MS Account missing attributes

NOT_FOUND

WARNING

Use federated authentication

Class deleted

NOT_FOUND

WARNING

Add student to classes

Class synced

OPERATION_NOT_ALLOWED

WARNING

Add student to classes

Delete classes

Change class location

Log file example

Here are the output fields of a batch action log file:

+ OPERATION: RESET_PASSWORD+ ACTIVITY_ID:+ STARTED AT: // UTC STRING TIMESTAMP+ ENDED AT: // UTC STRING TIMESTAMP+ STATUS: COMPLETED_SUCCESFULLY | COMPLETED_WITH_ERRORS | CANCELED | FAILED+ SUBSTATUS: INCORRECT_CREDENTIALS+ ________________________________________________________________________________+ /* List all records recorded at Snapshot of Query */+ /* Example for accounts */+ MANAGED_APPLE_ID, PERSON_NUMBER(OPTIONAL), PERSON_ID(OPTIONAL), OPERATION_STATUS, OPERATION_SUBSTATUS, TIMESTAMP+ andrew@appleid.myschool.edu., 0001, 0001, DONE, UPDATE, 2018-03-16T03:20:08.999Z+ /* Example for classes */+ COURSE_NAME - CLASS_NUMBER, CLASS_ID(OPTIONAL), OPERATION_STATUS, OPERATION_SUBSTATUS, TIMESTAMP

Read a log file

If you have an error, you can download and open the log file, then search for the error.

  1. Click Activity in the sidebar.

  2. Search for, then select, the category and event in the list.

  3. Click Download Logs.

  4. Locate the file in the folder used by your web browser to download files.

  5. Open the file and locate the error.

Integrate iTunes U

For administrators

Associate iTunes U information

This topic is for Apple School Manager administrators, Site Managers, and People Managers.

If your organization already uses iTunes U, use it to link to your existing Public Site URL to Apple School Manager. Using iTunes U creates a new Public Site for your organization.

  • SelectiTunes U  in the sidebar, then do one of the following:

    • Click Open Course Manager, then sign in to youriTunes U account.

    • Click Request to use Public Site Manager, enter an existing public site URL if you have an account, then click Request to send a request to Apple in order to link to or create your Public Site.

Integrate Apple School Manager and iTunes U Public Site Manager

This topic is for Apple School Manager administrators, Site Managers, or People Managers.

iTunes U empowers teachers to deliver lessons, grade assignments, and stay connected with students—all on iPad. Students in Apple School Manager participating in a teacher’s iTunes U course use Managed Apple IDs. iTunes U requires that if a Managed Apple ID is used to enroll in a course, the course must be administered by a teacher’s Managed Apple ID.

Most teachers also have a personal Apple ID that they use to evaluate software from the App Store. They also have important personal resources such as contacts, calendars and photos associated with this Apple ID. Because of this, teachers will likely find it most convenient to manage their iTunes U courses in the same place they use their personal Apple ID—on their iPad.

This section describes a setup for supporting teacher’s iTunes U courses administered with their Managed Apple ID and using their personal Apple ID on their iPad.

Requirements

  • Request an iTunes U Public Site Manager instance in Apple School Manager.

    For more information, see Associate iTunes U information.

  • Have aniTunes U Public Site Manager for your organization.

  • Collect the personal Apple IDs—but not passwords—for all teachers.

  • Have teachers decide on a single personal Apple ID for accessing iTunes, App Store, and iCloud.

  • Have teachers receive a Managed Apple ID from you after they are created in Apple School Manager.

Teacher iPad result

  • The teacher signs into iTunes, the App Store, and iCloud with their personal Apple ID.

iTunes U Course Manager result

  • The teacher has managed courses administered by their Managed Apple ID account.

  • The teacher adds their personal Apple ID account as a contributor to their courses. This enables them to manage the course with the personal Apple ID account on their iPad.

Prepare personal Apple IDs

Teacher personal Apple IDs need to be added as Contributor Users in your iTunes U Public Site Manager. Teachers should use only one personal Apple ID for these purposes.

  1. Sign in to your iTunes U Public Site Manager with a Site Manager or Administrator account.

  2. Click Users in the upper-right corner.

  3. For any teacher whose personal Apple ID isn’t listed under Other Accounts, add it using the Add a user account section.

  4. Select Contributor from the pop-up menu, then enter the contributor’s personal Apple ID used for iTunes U and App Store access.

Your teachers are now ready to do the following:

  • Copy existing courses managed from their personal Apple ID to their Managed Apple ID.

  • Create new courses in iTunes U Course Manager with their Managed Apple ID.

For teachers

Migrate iTunes U courses with a personal Apple ID to a Managed Apple ID

The following steps are intended for teachers who have already created classes in iTunes U Course Manager with their personal Apple ID.

Note: Any new courses should be created using the Managed Apple ID account.

Teacher requirements

  • Decide on a single personal Apple ID for accessing iTunes, App Store, and iCloud.

  • Obtain your Managed Apple ID from your Apple School Manager contact after they are created.

  • Have a personal cell phone for Apple ID verification.

Configure Course Manager with your Managed Apple ID

  1. Sign in to iTunes U Course Manager with your Managed Apple ID.

  2. If this is the first time using your Managed Apple ID, follow the steps to set up a new password.

  3. Set up your My Instructor information.

  4. Confirm that all the information is correct, write down the organization name listed in your information, then click Save.

  5. Sign out of iTunes U Course Manager.

Configure Course Manager with your personal Apple ID

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Confirm your My Instructor information.

  3. Confirm that your organization is the same as the one provided for your Managed Apple ID, then click Save.

  4. Sign out of iTunes U Course Manager.

Migrate iTunes U courses from your personal Apple ID

In order for you to use your personal Apple ID in the App Store on iPad and still manage existing courses with students using Managed Apple IDs, you must migrate those courses to your Managed Apple ID in iTunes U Course Manager.

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Select the Action menu on the right side of the course you’re migrating, then select Send a Copy.

  3. Enter your Managed Apple ID, then click Send Copy.

  4. Repeat steps 2 through 3 for each course you’re migrating.

  5. Sign out of iTunes U Course Manager.

Migrate iTunes U courses to your Managed Apple ID

  1. Sign in to iTunes U Course Manager with your Managed Apple ID.

  2. In the upper right corner, there should be a badge indicating the number of course invitations your Managed Apple ID received.

  3. Click the Inbox and accept each course.

  4. When accepting the copied course, verify that the instructor role is transferred to your Managed Apple ID account.

  5. Sign out of iTunes U Course Manager.

Invite your personal Apple ID as a contributor to courses

By adding your personal Apple ID as a contributor to a course, you can manage the course and use your personal Apple ID on your iPad.

  1. Sign in to iTunes U Course Manager with your Managed Apple ID.

  2. Select the Action menu on the right side of the course you’re migrating, then select Instructors.

  3. Click Add Contributor, enter your personal Apple ID, then click Invite.

    You’ll see the personal Apple ID account listed as Pending.

  4. Repeat steps 2 through 3 for each course you want to manage with your personal Apple ID.

  5. Sign out of iTunes U Course Manager.

Accept your personal Apple ID as a contributor to courses

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Locate the invitation in your Inbox, then click Accept.

  3. Repeat step 2 for each course you want to manage with your personal Apple ID.

  4. Sign out of iTunes U Course Manager.

Remove the original courses owned by your personal Apple ID

You now have two copies of the same course in iTunes U Course Manager:

  • The original, owned by your personal Apple ID

  • The copy, owned by your Managed Apple ID with your personal Apple ID as a contributor

You should delete the original to avoid confusion.

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Select the Action menu on the right side of the original course owned by your personal Apple ID, then select Delete Course.

    If you don’t see that option, it is a course where you’re a collaborator and not the primary Instructor.

  3. Sign out of iTunes U Course Manager.

Set up iTunes U courses with a personal Apple ID

The following tasks are intended for teachers who have not created classes in iTunes U Course Manager.

Configure iTunes U Course Manager with your Managed Apple ID

Managed Apple IDs are created in Apple School Manager. Your Apple School Manager administrator will provide you with your Managed Apple ID and a temporary password.

  1. Sign in to iTunes U Course Manager with your Managed Apple ID.

  2. If this is the first time using your Managed Apple ID, follow the steps to set up a new password.

  3. Set up your My Instructor information.

  4. Confirm that all the information is correct, write down the organization name listed in your information, then click Save.

  5. Sign out of iTunes U Course Manager.

Configure iTunes U Course Manager with your personal Apple ID

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Confirm your My Instructor information.

  3. Confirm your organization is the same as the one provided for your Managed Apple ID, then click Save.

  4. Sign out of iTunes U Course Manager.

Invite your personal Apple ID as a contributor to courses

By adding your personal Apple ID as a contributor to a course, you can manage the course and use your personal Apple ID on your iPad.

  1. Sign in to iTunes U Course Manager with your Managed Apple ID.

  2. Select the Action menu on the right side of the course you’re migrating, then select Instructors.

  3. Click Add Contributor, enter your personal Apple ID, then click Invite.

    You’ll see the personal Apple ID account listed as Pending.

  4. Repeat steps 2 through 3 for each course you want to manage with your personal Apple ID.

  5. Sign out of iTunes U Course Manager.

Accept your personal Apple ID as a contributor to courses

  1. Sign in to iTunes U Course Manager with your personal Apple ID.

  2. Locate the invitation in your Inbox, then click Accept for each course.

  3. Repeat step 2 for each course you want to manage with your personal Apple ID.

  4. Sign out of iTunes U Course Manager.

Export Skyward data

Skyward has built-in export templates that format school information into the format and files required by Apple School Manager.

Import the export templates

The export templates need to be imported to your instance of Skyward. You do this only once.

  1. Click the Administration tab at the top of the main Skyward webpage.

  2. Click Exports-EX below Skybuild-SB.

  3. Click Exports File Builder-EF.

  4. Click Import Interface on the right side of the webpage.

  5. Click AppleSchoolManager to select it in the main menu.

  6. Click Select, then click Back.

    The AppleSchoolManager export file should now be available to you in your Exports File Builder page.

Configure your data exports

  1. Open the Export File Builder page, expand the entry for AppleSchoolManager, and customize some of the data exports that will be sent to Apple School Manager.

  2. Select Edit File for any of the six export files to let you narrow the range of data sent to Apple School Manager, including limiting which school to export, class number ranges, and other information.

    Make sure you make the same setting changes to each of the six export files so the data is consistent in each file.

Important: Don’t export records that are missing information critical to the account creation in Apple School Manager (for example, if a user email address is used to compose the Managed Apple ID). If the account is in Skyward but doesn’t have an email address, you must filter out that user record for export. This can be done by adding logic based on the email field in Skyward to any of the export files. See your Skyward administrator for assistance.

Set up an SFTP import to Apple School Manager

You can configure your Skyward exports to automatically upload into Apple School Manager using the SFTP settings for your Apple School Manager setup (get your SFTP credentials for Apple School Manager in Setup Assistant). Save those credentials in a secure note after you retrieve them from Apple School Manager.

  1. Select AppleSchoolManager in your Export File Builder window, then click Edit.

  2. Confirm that the SFTP protocol is selected.

  3. Enter the SFTP hostname assigned by Apple School Manager.

  4. Verify that port 22 is being used, then enter your Apple School Manager SFTP user name and password.

  5. Click Save.

Execute an export task to Apple School Manager

Verify that you can export the necessary files so they can be uploaded by your SFTP app to Apple School Manager at any time.

  1. Select AppleSchoolManager in the main menu, then click Export.

  2. Click the printer icon in the upper-right corner to view the progress.

    You can open the log from the print queue to check on the export results.