Open lashomb opened 3 weeks ago
Allowing Managed Apple Accounts to only be used on managed devices.
Apple has a GetToken API that facilitates this.
For the service type com.apple.maid, the Apple Identity Service requests this token when a Managed Apple ID is signing in. It’s used to verify that the Managed Apple ID belongs to the same organization as the MDM server that enrolled the device.
Related: https://github.com/fleetdm/fleet/issues/19448 https://github.com/fleetdm/fleet/issues/18119 https://github.com/fleetdm/fleet/issues/19329
Problem
Allowing Managed Apple Accounts to only be used on managed devices.
Proposed Solution
Apple has a GetToken API that facilitates this.