Shared iPad is a feature that enables organizations to manage iOS devices that are shared by multiple users. The feature is available for organizations that are using Apple Business Manager or Apple School Manager together with MDM. While shared iPads help organizations to fully utilize their existing device fleet, for the users signing into a device with their Managed Apple IDs, the user experience can still be personal. This article explains how to set up and manage these multi-user devices with MDM.
- Apple School Manager devices running iOS 9.3 and above
- Apple Business Manager devices running iOS 13.4 and above
- Shared iPad is supported on:
- all iPad Pro models, iPad 5th generation or later, iPad Air 2 or later, iPad mini 4th generation or later
- Supervised devices with at least 32 GB of storage
- For personalized user sessions, users need Managed Apple IDs that are issued and managed by the organization
- The Premium subscription plan
About the Shared iPad feature
Organizations having Apple School or Business manager accounts can utilize the Shared iPad feature to manage their multi-user iOS devices with MDM. The devices must be enrolled to MDM through Automated Device Enrollment (ADE, previously DEP) with the enrollment profile that is configured to support the multi-user mode. To integrate your MDM site with Automated Device Enrollment, please see further instructions including the tutorial video.
The multi-user mode enables two kinds of sessions on an iPad: user sessions and temporary sessions (guest mode). The user session provides a personalized experience for each user when they sign in to the device with their Managed Apple IDs. This allows these resident users to use personal settings on the device, and securely use iCloud (such as calendar, notes, and pictures), and administrator-approved applications. The data, which is also stored locally on iPad, is inaccessible to other users after the user has signed out. The user's device-specific settings, such as themes, won't be synced between different devices, in case there are several shared devices in one's use. Apple's Managed IDs are meant only for organizational use, and therefore certain services and settings are disabled. Shared iPad doesn't support personal Apple IDs. Users may also have a temporary session by signing into a device as guests, and after logging out their data is erased. These temporary sessions are supported on shared devices running iOS 13.4 or above. It is possible to configure the iPad to support one or both types of sessions.
How to enable the multi-user mode
The multi-user mode is defined for a device through the Apple ADE enrollment profile. In Miradore, go to the Apple DEP page (Enrollment > Apple DEP) and select Create new under the Enrollment profiles action button.
The Shared iPad configurations are on the second tab of the settings.
- Multi-user mode - Enable this to enroll the device in a multi-user mode as Shared iPad.
- Temporary session only - If this is enabled the users can sign into a device only as guests. Available for devices running iOS version 14.5 and above.
- Temporary session timeout - This defines the time of inactivity (in seconds) after which the guest user is signed out from the device. Available for devices running iOS version 14.5 and above.
- User session timeout - This defines the time of inactivity (in seconds) after which the user signed in with the Managed Apple ID will be logged out. Available for devices running iOS version 14.5 and above.
- Resident users - The expected number of device users (signing in with Managed Apple IDs). This value defines how the device storage is shared between each user. The default number is 10 users, if this, or the value for Quota size, is not set.
- Quota size - Defines the storage allocated for each user on the device.
! If both Resident users and Quota size are defined, the Quota size is used to define the device storage sharing between the users.
Enroll the device on the Apple DEP page by assigning the created enrollment profile for it.
Managing Shared iPads
In addition to the Apple DEP page, you may find the device after its enrollment from the Devices page (Management > Devices). Access device data by double-clicking the device row, and from the Inventory tab you can find the Shared iPad -related data.
Shared iPad inventory shows which multi-user-specific values are configured for the device, and in addition, MDM administrators and editors can see the user details of the resident users on the device.
User management of the shared device
There can be two different types of users for a Shared iPad: guests and users with Managed Apple IDs (the resident users). In addition to iCloud, the data of the resident user is cached locally on the iPad. The way device storage is shared between the users is defined in a multi-user mode enrollment profile. When setting up the iPad, the administrator may set the maximum number of users for a device or define the maximum storage allocated to each of these users.
If there aren't any definitions made regarding the storage, the default setting is a maximum of 10 users. You may find more information about user space allocation from Apple's documentation.
It is possible to configure the iPad to support both guest and resident users or limit the use only to a certain user type. When creating the multi-user enrollment profile, an administrator can set the profile to support only temporary sessions meaning that the device is limited only to guest use. With the configuration profile that can be deployed to the device after the enrollment, the administrator can restrict the guest users from logging in to the Shared iPad.
Removing a user account from the device
From the device inventory (Management > Devices > Device - Inventory), administrators may see how many resident users there are on the device as well as the signed-in accounts.
You can remove a user account from the shared device with the Delete resident user -action on the device page.
On devices running iOS 14 or above, you can choose whether to remove one or all users.
1. Select a user you want to remove from the shared device.
2. Delete all resident users -the option removes all users that have been signed in with their Managed Apple IDs. This is supported for devices with iOS version 14 or later.
3. Force deletion executes the removal of the account even if the user has data that’s pending sync to the cloud.
Note! You can't remove a user account if the user is logged in to the device at the moment, and it is not possible to remove a guest account with the action.
Configurations for the multi-user device
There are a few configurations for the multi-user mode, that you can deploy to the device after it is enrolled. These configurations are part of the device management Configuration profiles (Management > Configuration profiles: Add > iOS).
With the Shared iPad configuration profile, you can:
- Limit the device use to temporary sessions
- Set timeouts for inactive temporary sessions and Managed Apple ID user sessions
If you want to define that the device can be used only for the Managed Apple ID sign-ins, use the separate restriction you set with a configuration profile (Management > Configuration profiles - iOS - Restriction).
- To access the wifi settings on a shared device when you are not signed in, tap the home button twice.
- You can define the storage allocation between users only in the enrollment profile either specifying the maximum number of users or the quota size per user. Later, if additional storage is needed for a new user, the local data of the oldest user is removed.
- If you want to remove the device from shared use, wipe or retire the device. Good to note that to manage the retired device again, it must be re-enrolled in Miradore.