2FA for multiple Apple IDs on same device?
Apple now requires two-factor authentication on all Apple Developer Program accounts:
In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account. If you haven't already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.
discussion about that change is aggregated here:
https://mjtsai.com/blog/2019/02/14/developer-apple-ids-to-require-two-factor-authentication/
This requirement presents a problem for people who are signed in to a personal Apple ID on their devices, but who use a separate company Apple ID for their Organization Apple Developer Account.
Ideally you could use a generic 2FA code generator, but that is not currently possible for Apple ID:
Ability to add non-SMS non-Apple 2FA to an Apple ID?
Can a single device generate 2FA verification codes for multiple Apple IDs?
Solution 1:
Both iOS and Mac devices can sign in to multiple Apple ID accounts:
- One main "iCloud" Apple ID account for the device. This is the account used for iCloud Photos and other system features. It is very disruptive to change this Apple ID.
- Multiple other lesser Apple ID accounts. These can be used to sync Mail, Contacts, Calendars, Reminders, and Notes. They can also generate 2FA codes.
Your single device is able to generate 2FA codes for all of the signed-in Apple ID accounts, not just the main iCloud account.
The key is:
You must first enable 2FA for an Apple ID by using it to sign in as the main iCloud account on a device.
If you have access to a Mac, you do NOT need to sign out of your iCloud account on your iOS device or personal Mac user account (a disruptive change that should be avoided if possible).
Instead, use the workflow:
- Create a temporary new local user account on a Mac.
- On that user account, sign in to iCloud with your secondary Apple ID.
- Signing in as the iCloud Apple ID allows you to enable 2FA for that Apple ID.
- On your iOS device, add the secondary Apple ID:
Settings > Passwords & Accounts > Add Account
- Or on the main user account on your Mac, add the secondary Apple ID:
System Preferences > Internet Accounts > +
- Because 2FA is now enabled, signing in will require a 2FA code. Use your new local Mac user account to Allow this sign-in and see the code.
Once permission has been granted, the secondary Apple ID will be signed in on your iOS or Mac device as a lesser Apple ID used for syncing Mail, Calendars, etc. You can turn off all of those syncing services, in which case the Apple ID will be labeled inactive
.
Your iOS device and/or main Mac user account is now a Trusted Device, and can be used to generate 2FA codes for both your personal Apple ID as well as the newly added secondary/company Apple ID.
Once this device is Trusted, you can delete the temporary Mac user account.
Solution 2:
Apple's has added a support document that clarifies this matter:
https://developer.apple.com/support/authentication/
Will I need a trusted device dedicated to my Apple Developer account if I enable two-factor authentication?
No. You’ll need to use a trusted device to enable two-factor authentication for the first time. However, you can use the same trusted device for multiple Apple IDs that are enabled for two-factor authentication. Additionally, if you do not have access to your trusted device, you can get your verification code via SMS or phone call. When possible, you should use a trusted device to increase security and streamline the process.
How can I use different Apple IDs for iCloud and my Apple Developer account?
If your personal Apple ID is different from the Apple ID associated with your Apple Developer account, you can configure your device to allow verification codes to be received for both Apple IDs.
[...]
Create a new system account on your Mac for your developer Apple ID at System Preferences > Users & Groups.
Sign in to your new developer system account and enable two-factor authentication for your developer Apple ID at System Preferences > iCloud > Account Details > Security.
[Mac] Sign in to your primary system account and add your developer Apple ID to your Mac at System Preferences > Internet Accounts > iCloud.
[iOS] Add your developer Apple ID to your device at Settings > Passwords & Accounts > Add Account > iCloud.
Your device is now set up to receive verification codes for both your personal and developer Apple IDs.