(no title)

> "Managed Apple IDs can be created by federating with Microsoft Azure Active Directory and, coming later this spring, with Google Workspace identity services, allowing employees to log in to their device with a single business username and password. Apple Business Essentials works with company-provided and personally owned devices"

Just to temper your expectations, I don't believe they're talking about signing into Apple devices using Google identity services directly. Google identity services (and other identity providers) can be used to provision managed Apple ID's that can be used to log into the devices. It's basically just pulling the username from LDAP and creating a <username@yourcompany.appleid.com> account that can be used in place of your normal Apple ID. All of the accounts created this way will still reside in Apple Business Manager / on Apple's servers, so if you disconnected the IdP connection Google would have no power there.

AFAIK, this has been possible with Azure AD for a while. I think the service on Apple's end was called something like Apple for Business and you could cut a cert from it to link to Intune (an MDM) and get pre-enrolled devices directly from Apple with single sign on.

I might also be mis-remembering this, it's been a hot minute since I've dealt with this stuff.