One of the challenges with deploying Apple devices in an enterprise or education environment is deciding how to manage Apple IDs used with those devices.
This was a particularly difficult challenge on iOS devices before iOS 7 because purchasing and provisioning apps to iOS users permanently associated the ownership of those apps with a user's Apple ID, which largely meant they took ownership of the app with them when they left a business or school.
Apple's new volume licensing program, introduced with iOS 7, resolves that problem by allowing administrators to revoke access to a company-purchased app, but it seems to go further in the other direction than needed. The new process allows an organization to purchase, distribute, and revoke access to apps without IT even knowing the Apple ID of each user and seems designed to prevent IT from ever learning the Apple IDs of individual employees. Although that may seem a sudden and dramatic about face on Apple's part, it's actually a very shrewd move to ensure its customers' privacy and security around their personal information and identity.
Related: How Expedia learned to move faster and use data to delight customers
The simple reality is that Apple developed the Apple ID over time into something that is tightly integrated into the Apple user experience and into virtually every customer facing aspect of the company. While most of us tend to think of an Apple ID as simply an iTunes Store and/or iCloud account, it has evolved into an all-in-one identity for each Apple user or customer -- an Apple social security number, if you will.
The list of Apple services that are associated with an Apple ID is staggering. They include iTunes, iBooks, and App Store purchases, device activations (and Activation Lock in iOS 7), personal communication tools (iMessage, FaceTime, Find My Friends, Game Center), sync and backup through iCloud, access to Apple's support services and forums, Apple retail services, membership in Apple's developer programs that include access to pre-release content under NDA, and even extend to applying for jobs with the company -- and that's less than half the complete list.
Some of those features and services link to important confidential details for each user. With regards to the iTunes Store, that includes payment mechanisms like credit or debit card numbers or PayPal account details. Through the new iCloud Keychainfeature, it can mean access to username and passwords for any online accounts or services as well as additional credit/debit card data. iOS 7's Activation Lock relies on a user's Apple ID to brick and unbrick a lost or stolen iPhone. Macs can be set up to allow a user's Apple ID to reset the password of a local administer user account. And that's before considering access to data or device backups stored in iCloud.
That deep integration of a user's Apple ID into the Apple ecosystem creates challenges for IT departments when it comes to activating corporate devices, supporting BYOD users, and managing software and hardware inventory for users of any Apple solution.
Exactly what is an Apple ID?
At the most basic level, an Apple ID is simply a user identification tool onto which Apple has layered several key services. Apple defines it pretty simply:
An Apple ID is a user name you use for everything you do with Apple. Creating an account for an Apple service, such as the iTunes Store or the App Store, creates an Apple ID.
The primary requirements for an Apple ID are a valid and verifiable email address and password along with some basic user information like a first and last name. Additional information like a rescue email address (should you be unable to access the primary address), security questions, two-factor authentication options, payment information and association with specific Macs, PCs, iOS devices, apps, or services extend the Apple ID. Unlike accounts with some other companies and services, an Apple ID isn't static. A user is free to change the primary email for his or her Apple ID as well as any other supporting attributes at any time and Apple suggests that users update the primary email address if they leave the company, school, or service provider that hosts or manages it.
Apple IDs are designed for individuals, not institutions
There is no restriction against a user having multiple Apple IDs, though Apple encourages users to use a single Apple ID for all their interaction with the company's products and services. Apple makes this recommendation even though many -- but not all -- devices, apps, and services that rely on Apple IDs can be associated with multiple IDs.
No comments:
Post a Comment