Authenticating Users on Shared Apple Mobile Devices

Unlike Windows, Apple mobile devices are primarily designed for consumer use. As a result, the options for local authentication and multiuser scenarios are all extremely limited.

Apple’s mobile device OSs historically supported only a single user account on a device, and this Apple iCloud–based account activated and “owned” the device from a management and control perspective.

Additionally, an Apple mobile device is always protected with a passcode, which Apple’s built-in fingerprint or facial biometrics can supersede. But Apple’s biometrics always add on to and do not replace the passcode. Like Windows Hello, Apple’s biometrics are not compatible with shared device use because they were designed for use by a single user. For shared devices in an organization, users typically sign in with a well-known user access passcode, likely shared across all devices in the workgroup’s device fleet.

After a user has access to the device, he typically signs into applications running locally, or remotely over the Web.