Creating an Admin Account in Apple Business Manager

Overview

This document explains how to create an Administrator (or equivalent privileged) user account in Apple Business Manager (ABM). This can be used to grant external support or consultants access to manage your Apple systems. The instructions assume you are already a system administrator with full access.

Pre-Check

Before creating the new admin account, ensure the following: - You are signed in with an Administrator role in ABM. - You have the external user's details (name, email, and location). - You know which location to assign them to if your organization uses multiple locations. - You have decided the appropriate level of access (Administrator, Device Enrollment Manager, or People Manager).

Step-by-Step: Creating an Admin Account

  1. Sign in to Apple Business Manager using your Administrator credentials.
  2. In the sidebar, select Users (or Accounts / People, depending on your interface version).
  3. Click the Add (+) button to create a new user.
  4. Enter the required details:
    • First name and Last name
    • Role: Select Administrator if full access is required, or a lesser role for limited access
    • Location: Assign the correct location
    • Email address: Provide a business email address (not a personal Apple ID)
  5. Save the user. ABM will create a Managed Apple ID for the user and send an activation email.
  6. Once the user signs in and sets a password, the account becomes active.
  7. Verify their permissions in Access Management → Roles.

Best Practices and Security Tips

  • Apply the principle of least privilege: Assign only the permissions required for the external user's tasks.
  • Use role-based access: Consider Device Enrollment Manager or People Manager instead of a full Administrator role when appropriate.
  • Require MFA: Enforce multi-factor authentication for all external accounts.
  • Document and track access: Note who has access and why. Create a removal process for when their contract ends.
  • Create redundancy: Always maintain more than one active Administrator account to prevent lockouts.
  • Audit access regularly: Review roles and privileges periodically to ensure they are still appropriate.

Summary

By following these steps and best practices, you can securely create an admin or limited-access account in Apple Business Manager for external support staff. This ensures they have the access they need to maintain systems while preserving the organization's security and compliance posture.

Getting Started
Powered by Nextra