Learn how to configure and leverage Shared iPad for Business
What is Shared iPad?
Shared iPad is a fantastic new feature for Enterprise customers, allowing a true multi-user experience for iPad. Previously, only available to Education customers as part of Apple School Manager, Shared iPad for Business will allow employees to easily share and continue their work on multiple devices (such as in a healthcare setting where a device may be shared from one shift to the next).
Each user signs in with their own Managed Apple ID from Apple Business Manager allowing them a personalized session, with all of their data already at their fingertips.
What is a Temporary User Session?
Shared iPad now supports the functionality of a Guest user, allowing you to easily log in to a device to perform a quick task. Upon logging out all user data is destroyed. This may not be ideal in some environments where iPad devices are leveraging device-level certificates for network access, potentially allowing untrusted users access to certain intranet resources.
The ability to start a Temporary User Session can easily be disabled via a Restrictions Profile option.
How is user data cached?
Shared iPad leverages multiple forms of caching to enable the smoothest sign-in experience for users. First and foremost users are cached locally on the iPad, the maximum number of users that can be cached is configured via your Auto-Enroll Profile. It is important to note that this cannot be changed after the device is setup. You must modify your Auto-Enroll profile, and reset/enroll the iPad. In addition to local caching, Shared iPad always syncs user data back to iCloud, as part of this process local Content Caching devices can be leveraged in your network allowing dramatically improved network performance and a faster sign-in experience for users singing into a device for the first time. Any macOS device (capable of running the lastest macOS) can be configured as a Content Caching device. It is important that your network and cache are configured correctly to support this, please reach out to Kandji or Apple Enterprise support with any questions.
What should I set my maximum number of users to?
This will depend on your use case and device type. Shared iPad will reserve a minimum amount of system space for the OS and Applications, and the rest of the available space is divided amongst the maximum number of users you have specified. The below table demonstrates how a configuration of 5 Maximum users would be partitioned. Once the maximum number of local users is reached, the user that has not logged in for the longest amount of time will be removed.
Do I have to manually create Managed Apple IDs for every user?
This will depend on your Apple Business Manager configuration. If your instance is federated with Azure Active Directory (Office 365) your users can simply type in their email address on any Shared iPad and they will be directed to sign in with Microsoft (or whatever IDP your Azure AD points to). Once authenticated, a Managed Apple ID will be created on the fly and the user will be asked to create a Shared iPad Password.
If your Apple Business Manager instance is not federated with Azure Active Directory, then you will manually create and distribute individual Managed Apple IDs from Apple Business Manager.
A useful note is that the base tier of Azure AD is free, and can be easily federated to another IDP/Directory such as on-premise AD, OneLogin, JumpCloud, or Okta. Meaning you can federate your ABM with a free Azure Active Directory instance, which would then redirect to your normal identity provider where your users would authenticate.
Additional questions about Shared iPad
If you have questions regarding your particular use-case and how your Shared iPad deployment should be configured for use with Kandji, please reach out to Kandji Support or AppleCare Enterprise Support.
Apple's Education Deployment Guide goes into great detail of the nuances of Shared iPad. Learn More