I recently went through a similar proof of concept corporate iPad deployment and had the same questions walking in. The direction we went might not be the best solution, but it worked for us and maybe it will give you a hand with your deployment.
Know your Audience
Early in our deployment it became glaringly obvious that this would have to be a simple solution. Apple devices are designed to be simple, that's the draw in the corporate world. Our main audience was managers, VPs, and CXX level executives. A good number of these folks either aren't technically savvy enough to deal with a complicated configuration, or simply don't have the time to fuss with a device.
It should just work, out of the box, like it was designed.
Just Say NO to Multiple Accounts
Firstly I can see one big problem with your initial plan. By stating that you have an account created with a secret password I'm assuming that you're having a helpdesk configure the devices and install the software before they're handed over to your end users. What happens when an application is updated in the AppStore? Your helpdesk will have to enter the password to have the application updated. Depending on the size of your company this could eat up a ton of time, and most of your end users most likely won't ever bother to go through the process to upgrade.
Additionally, when John Doe leaves the company, the software purchased for jdoe@acme.com will be assigned to John's replacement Fred Flinstone and his iPhone. You now have fflinstone@acme.com using the account jdoe@acme.com. It might not be a big problem at first, but this will easily get difficult to manage down the road.
Mobile Device Management
Depending on the size of your deployment you might eventually start looking at one of the many Mobile Device Management (MDM) solutions out there. We did. It's likely that things will change in the future, but as of this posting we didn't find much that an MDM solution would bring to the table that our Exchange environment wouldn't already provide.
MDM offers a simplistic way to deploy VPN, Wi-Fi, and user profiles. If you're not using Exchange or aren't comfortable with rolling your own solution you might gain more from one then we were able. Other benefits would be device tracking, and enabling your helpdesk to do basic device troubleshooting, device wiping, remote locking, etc. Read the link to Wikipedia above for more information and a decent list of the bigger vendors in the field.
Application Purchasing
We first identified a list of applications that we would recommend for different tasks, and published the list and relevant links on our company intranet. Initially we installed a few applications when we initially configured the device, but ran in to the time problem above. We calculated a total estimated dollar figure of all applications that an average user would purchase and bought gift cards for that amount + an additional X% for growth. This was more convenient for how we do purchases then gifting would have been.
Apple recently announced their Volume Purchase Program (VPP), and you might want to look in to that if the solution above isn't any help.
Further Reading
Best of luck to you, we learned that smart devices in the enterprise is a rapidly growing environment and there's no "right way" to do things yet. Apple is constantly improving their tools to make the transition better, but they're not quite there yet.
I suppose I should begin with the caveats that
- I do not live in Europe so I do not know how things might work there.
- I do not own or manage a business. So also clueless there.
- I have not personally ever bought anything other than free apps from the Apple App Store.
So, what I am saying is that I can not answer your question. But I also suffer from Y-chromosome induced Male Answer Syndrome, so I'll try to answer anyway.
Let's start with the assumption that Apple wants to sell you these apps. You just have to track down someone to help you either at Apple or at the company which sells this Afaria app you mentioned.
You do not mention which country in Europe you are in. But I assume there is an Apple web site either for that country or for your native language. I suggest you go to that web site and search there for information on a volume licensing program.
For example, I tried looking at http://www.apple.com/uk/ and searched for volume license.
That search turned up this link: http://www.apple.com/uk/mac/volume-licensing/
Now the page that link took me too appears to apply to volume licensing only for the OS X Lion operating system. Still, the people involved would at least know something about Apple's Volume License process. So, if you were in the UK I would suggest you contact them and start a conversation.
Even if they can't help you they could still probably point you towards other Apple people who might be able to help you.
I suggest you try something like that with the Apple web site which targets your region in Europe.
I realize this would be a tedious and frustrating process. And I hope someone else provides a better answer to your question here. But unless they do, I think your best chance of solving your problem is to start working you way through people at Apple who would want to sell you something help you.
Best Answer
You should consider using an MDM solution for managing the enterprise devices.
If you simply hand out devices to users to set them up themselves, and they log in with their Apple ID, the devices remains associated with their Apple ID unless the user explicitly removes it or log out of it.
This may be cumbersome and difficult to manage. Using an MDM solution to centrally manage and pre-configure the devices for employees would be the recommended approach. The MDM solution also makes it possible and easy to manage usage policies. It would also make it easy to pass around the device to a different employee.