I have a friend who has managed to successfully lobby his employer to switch the company-issued "feature phones" to iPhones. He has been peppering me with questions on how to set these phones up with employees' and the employer's Apple IDs.
(The company has between one and two dozen employees, so they're definitely not at the level that Apple considers "Enterprise". Plus they're in Canada, so the new business app store isn't available to them yet.)
Ideally the employees would be allowed to install their own non-business-related apps, music, videos, etc. In addition, a number of business-related apps need to be installed, some of which may be expensive.
Here's what I'm going to suggest to them:
Each employee should be assigned their own company Apple ID using their company email address and a password that will be known only to the IT guy. The billing information will be set up to bill to a company credit card.
Company apps would be installed (and updated) using this Apple ID and password (this would probably happen only infrequently). Personal apps would be installed and updated with the person's personal Apple ID.
That way if and when an employee leaves the company, the expensive business apps can stay with the company/device, and the employee's extensive collection of Lady Gaga remixes can stay with their iTunes account and any subsequent devices they purchase.
The only workable alternative would be to purchase all company apps with the same Apple ID. Unfortunately this runs afoul of the (non-personal-use) App Store T&Cs.
Any advice or alternatives I've overlooked would be greatly appreciated.
Best Answer
I recently went through a similar proof of concept corporate iPad deployment and had the same questions walking in. The direction we went might not be the best solution, but it worked for us and maybe it will give you a hand with your deployment.
Know your Audience
Early in our deployment it became glaringly obvious that this would have to be a simple solution. Apple devices are designed to be simple, that's the draw in the corporate world. Our main audience was managers, VPs, and CXX level executives. A good number of these folks either aren't technically savvy enough to deal with a complicated configuration, or simply don't have the time to fuss with a device.
It should just work, out of the box, like it was designed.
Just Say NO to Multiple Accounts
Firstly I can see one big problem with your initial plan. By stating that you have an account created with a secret password I'm assuming that you're having a helpdesk configure the devices and install the software before they're handed over to your end users. What happens when an application is updated in the AppStore? Your helpdesk will have to enter the password to have the application updated. Depending on the size of your company this could eat up a ton of time, and most of your end users most likely won't ever bother to go through the process to upgrade.
Additionally, when John Doe leaves the company, the software purchased for jdoe@acme.com will be assigned to John's replacement Fred Flinstone and his iPhone. You now have fflinstone@acme.com using the account jdoe@acme.com. It might not be a big problem at first, but this will easily get difficult to manage down the road.
Mobile Device Management
Depending on the size of your deployment you might eventually start looking at one of the many Mobile Device Management (MDM) solutions out there. We did. It's likely that things will change in the future, but as of this posting we didn't find much that an MDM solution would bring to the table that our Exchange environment wouldn't already provide.
MDM offers a simplistic way to deploy VPN, Wi-Fi, and user profiles. If you're not using Exchange or aren't comfortable with rolling your own solution you might gain more from one then we were able. Other benefits would be device tracking, and enabling your helpdesk to do basic device troubleshooting, device wiping, remote locking, etc. Read the link to Wikipedia above for more information and a decent list of the bigger vendors in the field.
Application Purchasing
We first identified a list of applications that we would recommend for different tasks, and published the list and relevant links on our company intranet. Initially we installed a few applications when we initially configured the device, but ran in to the time problem above. We calculated a total estimated dollar figure of all applications that an average user would purchase and bought gift cards for that amount + an additional X% for growth. This was more convenient for how we do purchases then gifting would have been.
Apple recently announced their Volume Purchase Program (VPP), and you might want to look in to that if the solution above isn't any help.
Further Reading
Best of luck to you, we learned that smart devices in the enterprise is a rapidly growing environment and there's no "right way" to do things yet. Apple is constantly improving their tools to make the transition better, but they're not quite there yet.