A New Way to Share: How Authenticated Guest Mode Will Support Seamless and Secure Access to Learning

By: Kelli Conlin, Consulting Engineer

Imagine that it’s the first week back to school after summer break. Your students are diving in to a full agenda of collaborative work on the classroom set of shared laptops when one of them waves you over with a worried look.

“How do I login?” she says. “I don’t think I have an account on this computer.” Another chimes in, “My laptop is saying it’s full. Can you help?”

This is a very familiar interruption in education. In schools where devices are shared, login issues can create friction and frustration. Students lose learning time. Teachers lose momentum. And IT teams often have to step in to keep storage clear of old data from dozens of prior users.

Later this year, you’ll have a new solution on Mac.

A better way to share Macs

Authenticated Guest Mode in Platform SSO was announced this year at WWDC 25 and is designed for schools using shared Macs. It’ll allow students and educators to access a Mac instantly using their school identity provider (IdP) credentials. A secure guest session is created for each user, preserving privacy, while providing the apps and service they use with the single sign-on tokens they need for instant access and instant learning.

When a user signs in, a secure guest session is created. It includes the apps and services they need, while keeping their data private and isolated from other users. When the user ends their session, none of their data is retained or stored and the Mac is ready for the next user.

Built for classrooms, labs, and flexible learning spaces

Whether it’s a shared cart of Macs in a classroom, a media lab for high school video projects, or a MacBook used across multiple prep periods, Authenticated Guest Mode helps users access devices more efficiently while protecting student privacy.

With MDM and an IdP, IT teams can configure settings for the Mac and ensure the right apps and services are available in each session.

Designed for privacy and performance

Authenticated Guest Mode runs each session independently. That means student data stays secure, and devices remain clean and reliable throughout the day. IT teams can configure policies and settings through MDM to ensure everything works the way it should.

Because it uses your school’s existing IdP, there’s no need to onboard users into a separate user account system — it’s using the credentials your students and staff already use.

Simple, secure, and ready to learn

Authenticated Guest Mode is a new way to support shared-use models for Mac where students and staff sign in securely and get access without needing dedicated user accounts on every device.

It’s coming later this year for schools using Platform Single Sign-On with a supported Identity Provider; we can't wait for you to try it!

To stay up to date on testing documentation, release notes, and deployment guidance for upcoming features like Authenticated Guest Mode and Tap to Login, be sure to monitor AppleSeed for IT. If you’re new to AppleSeed and want to learn how to get started, check out this overview on Apple Education Community.

Instructional Technology (IT) Deployment & Management Classroom Management macOS Mac

You might also like

WWDC 2025: New Tools for IT in Education

At WWDC25, we introduced a wide range of updates aimed squarely at helping IT teams manage Apple devices more efficiently, more securely, and with greater flexibility. For education, many of these changes represent major
See more

Deploy and Manage Devices with Apple

Learn about successfully deploying and managing Apple devices and how tools like Apple School Manager can help your IT team save time.
See more

Remote Learning: Personalize Devices for Learners

Learn how IT professionals can use Apple School Manager to secure mobile devices, facilitate communication and collaboration, and personalize iPad.
See more
1 reply

October 22, 2025 Language English

Apple's macOS Guest account is a local to the computer account that self deletes upon log out. Authenticated Guest Mode, essentially is the Guest account that logs in via Platform Single Sign-On, as such, it is unsuitable in any teaching environment.

Best use cases are authenticated (logged in) exams, and authenticated kiosks, as the ability of the student to be able to leave something behind and come back to it with subsequent logins is a requirement to any teaching environment, a feature Authenticated Guest Mode simply can not provide.

I made a feature request to "fix" this behaviour to allow a user profile to remain for a set amount of time, and Apple rejected it, stating that is not the purpose of this feature (in fact this entire article from Apple is suggesting using the feature in a way that the feature was never intended for, based on that feedback), and recommended requesting a feature to auto-expire user profiles instead (requested). In the meantime, anything already being performed to expire user profiles, is a much better option than using Authenticated Guest Mode.

- Richard, Modern Workplace Engineer, ITS @ The University of Waikato

This post contains content from YouTube.

If you choose to view this content, YouTube may collect and process certain personal data. You can view YouTube’s <a href="https://www.youtube.com/t/privacy" target="_blank">privacy policy here<span class="a11y">(opens in new window)</span>.</a>

This post contains content from YouTube.

You have rejected content from YouTube. If you want to change your consent, press the button below.