2FA for multiple Apple IDs on same device

apple-idSecuritytwo-factor-authenticationtwo-step-authentication

Apple now requires two-factor authentication on all Apple Developer Program accounts:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account. If you haven't already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

discussion about that change is aggregated here:
https://mjtsai.com/blog/2019/02/14/developer-apple-ids-to-require-two-factor-authentication/

This requirement presents a problem for people who are signed in to a personal Apple ID on their devices, but who use a separate company Apple ID for their Organization Apple Developer Account.

Ideally you could use a generic 2FA code generator, but that is not currently possible for Apple ID:

Ability to add non-SMS non-Apple 2FA to an Apple ID?

Can a single device generate 2FA verification codes for multiple Apple IDs?

Best Answer

Both iOS and Mac devices can sign in to multiple Apple ID accounts:

  • One main "iCloud" Apple ID account for the device. This is the account used for iCloud Photos and other system features. It is very disruptive to change this Apple ID.
  • Multiple other lesser Apple ID accounts. These can be used to sync Mail, Contacts, Calendars, Reminders, and Notes. They can also generate 2FA codes.

Your single device is able to generate 2FA codes for all of the signed-in Apple ID accounts, not just the main iCloud account.

The key is:

You must first enable 2FA for an Apple ID by using it to sign in as the main iCloud account on a device.

If you have access to a Mac, you do NOT need to sign out of your iCloud account on your iOS device or personal Mac user account (a disruptive change that should be avoided if possible).

Instead, use the workflow:

  1. Create a temporary new local user account on a Mac.
  2. On that user account, sign in to iCloud with your secondary Apple ID.
  3. Signing in as the iCloud Apple ID allows you to enable 2FA for that Apple ID.
  4. On your iOS device, add the secondary Apple ID:
    • Settings > Passwords & Accounts > Add Account
  5. Or on the main user account on your Mac, add the secondary Apple ID:
    • System Preferences > Internet Accounts > +
  6. Because 2FA is now enabled, signing in will require a 2FA code. Use your new local Mac user account to Allow this sign-in and see the code.

Once permission has been granted, the secondary Apple ID will be signed in on your iOS or Mac device as a lesser Apple ID used for syncing Mail, Calendars, etc. You can turn off all of those syncing services, in which case the Apple ID will be labeled inactive.

Your iOS device and/or main Mac user account is now a Trusted Device, and can be used to generate 2FA codes for both your personal Apple ID as well as the newly added secondary/company Apple ID.

Once this device is Trusted, you can delete the temporary Mac user account.

Related Question