Shared iPad for setting up an iOS device for multiple users

Shared iPad is a feature that enables organizations to manage iOS devices that are shared by multiple users. The feature is available for organizations that are using Apple Business Manager or Apple School Manager together with MDM. For the users signing into a device with their Managed Apple IDs, the user experience can be personal even when the iPad is shared with others. This article explains how to set up and manage these shared iPads with MDM.

Requirements

• Apple School Manager devices running iOS 9.3 and above
• Apple Business Manager devices running iOS 13.4 and above
• Shared iPad is supported on:
  • all iPad Pro models, iPad 5th generation or later, iPad Air 2 or later, iPad mini 4th generation or later
• Supervised devices with at least 32 GB of storage
• For personalized user sessions, users need Managed Apple IDs that are issued and managed by the organization
• The Premium subscription plan

About the Shared iPad feature

Organizations having Apple School or Business manager accounts can utilize the Shared iPad feature to manage their multi-user iOS devices with MDM. The devices must be enrolled to MDM through Automated Device Enrollment (previously DEP) with the enrollment profile that is configured to support the multi-user mode. To integrate your MDM site with Automated Device Enrollment, please see further instructions including the tutorial video.

The multi-user mode enables two kinds of sessions on an iPad: user sessions and temporary sessions (guest mode). The user session provides a personalized experience for each user when they sign in to the device with their Managed Apple IDs. This allows them to use their settings on the device and securely use iCloud (such as calendar, notes, and pictures), and administrator-approved applications. This data is inaccessible to other users after the user has signed out. The user's device-specific settings, such as themes, won't be synced between different devices, in case there are several shared devices in their use. Apple's Managed IDs are meant only for organizational use, and therefore certain services and settings are disabled. Shared iPad doesn't support personal Apple IDs. Users may also have a temporary session by signing into a device as guests, and after logging out their data is erased. These temporary sessions are supported on shared devices running iOS 13.4 or above. It is possible to configure the iPad to support one or both types of sessions.

In addition to iCloud, the user data is cached locally on iPad. How the device storage is shared between the users, can be defined in a multi-user mode enrollment profile. When setting up the iPad, the administrator may set the maximum number of users for a device (the resident users) or define the maximum storage allocated to each user. If there aren't any definitions made regarding the storage, the default setting is a maximum of 10 users. You may find more information about user space allocation from Apple's documentation.

How to enable the multi-user mode

The multi-user mode is defined for a device through the Apple ADE enrollment profile. In Miradore, go to the Apple DEP page (Enrollment > Apple DEP) and select Create new under the Enrollment profiles action button.

The Shared iPad configurations are on the second tab of the settings.

• Multi-user mode - Enable this to enroll the device in a multi-user mode as Shared iPad.
• Temporary session only - If this is enabled the users can sign into a device only as guests. Available for devices running iOS version 14.5 and above.
• Temporary session timeout - This defines the time of inactivity (in seconds) after which the guest user is signed out from the device. Available for devices running iOS version 14.5 and above.
• User session timeout - This defines the time of inactivity (in seconds) after which the user signed in with the Managed Apple ID will be logged out. Available for devices running iOS version 14.5 and above.
• Resident users - The expected number of device users (signing in with Managed Apple IDs). This value defines how the device storage is shared between each user. The default number is 10 users, if this, or the value for Quota size, is not set.
• Quota size - Defines the storage allocated for each user on the device.

! If both Resident users and Quota size are defined, the Quota size is used to define the device storage sharing between the users.

Enroll the device on the Apple DEP page by assigning the created enrollment profile for it.

Managing Shared iPads

In addition to the Apple DEP page, you may find the device after its enrollment from the Devices page (Management > Devices). Access device data by double-clicking the device row, and from the Inventory tab you can find the Shared iPad -related data.

Shared iPad inventory shows which values are configured for the device, and in addition, MDM administrators and editors can see the user details of the resident users on the device.

There are a few configurations, specific to the multi-user mode, you can deploy to the device after enrollment. These configurations are part of the Configuration profiles found under the Management (Management > Configuration profiles: Add > iOS).

By default, both types of sessions, user and temporary, are enabled on the shared device. You can limit the device use to temporary sessions with the enrollment profile setup or later on with a configuration profile. If you want to define that the device can be used only for the Managed Apple ID sign-ins, use the separate restriction you set with a configuration profile.

Additional information

• To access the wifi settings on a shared device when you are not signed in, tap the home button twice.
• You can define the storage allocation between users only in the enrollment profile either specifying the maximum number of users or the quota size per user. Later, if additional space is needed for a new user, the local data for the oldest user is removed.