search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.16k stars 432 forks source link

Support access management for Managed Apple IDs #21390

Open lashomb opened 3 months ago

lashomb commented 3 months ago

Problem

Allowing Managed Apple Accounts to only be used on managed devices.

Proposed Solution

Apple has a GetToken API that facilitates this.

For the service type com.apple.maid, the Apple Identity Service requests this token when a Managed Apple ID is signing in. It’s used to verify that the Managed Apple ID belongs to the same organization as the MDM server that enrolled the device.

nonpunctual commented 3 months ago

Related: https://github.com/fleetdm/fleet/issues/19448 https://github.com/fleetdm/fleet/issues/18119 https://github.com/fleetdm/fleet/issues/19329

zayhanlon commented 2 months ago

timeline for customer is q1 2025

nonpunctual commented 2 months ago

This is critical for supporting Apple account-driven MDM enrollment.

dherder commented 1 month ago

This is related to #22529