Shared iPhone Management: Solutions for Multi-User iPhones in Enterprise

Apple introduced Shared iPad in 2016, but there is no equivalent for iPhone. Every iPhone is designed as a single-user device. This creates a real problem in industries where workers share devices across shifts — healthcare workers using clinical communication apps, retail associates with scanning devices, warehouse workers with inventory tools, and field technicians with service management apps. Organizations end up with two bad choices: buy one iPhone per employee (expensive and wasteful) or share devices without user separation (insecure and impractical). This is a core shared device challenge we help organizations solve.

Imprivata Mobile Access Management is the same product that was previously known as GroundControl, renamed to Imprivata MAM. It has been in the shared iPhone space for several years and provides automated device workflows with check-in and check-out, user identity switching, app provisioning, and docking-station-based workflows where devices are wiped and reconfigured on dock. In clinical settings, Imprivata adds tap-to-authenticate badge support and integration with clinical communication platforms. Imprivata MAM comes with trade-offs worth considering: enterprise pricing that can be difficult to justify for smaller deployments, a complex deployment process involving dedicated server components and infrastructure, and less flexibility to adapt workflows to specific customer needs.

Apple Shortcuts is sometimes mentioned as a DIY alternative for shared device handoff, but it is important to be honest about what Shortcuts can and cannot do. Shortcuts can send a wipe command to your MDM via API, which is useful. However, Shortcuts cannot wipe application data, change user accounts within apps, log device transitions, or notify IT of a handoff — not without building fragile API-based automation on top. Advanced users can cobble together API calls to trigger MDM actions, but this approach is brittle: it breaks with OS updates, must be manually installed on each device, and requires ongoing maintenance. This is not a scalable solution. It is a narrow workaround for a very specific use case, not a real foundation for shared device management.

Axtero Orchestra is an enterprise device management platform built for real-world operational needs. Shared device management is one of its core use cases, and it handles everything organizations need for multi-user iPhone deployments — check-in, check-out, user assignment, device state management, and full lifecycle automation — at any scale, from dozens of devices to fleets of thousands. What sets Axtero Orchestra apart is how it is built: around actual customer needs. Every deployment is tailored to how the organization operates, with custom workflows that match real-world processes rather than forcing teams into a rigid, one-size-fits-all system. Axtero Orchestra delivers lower pricing, greater flexibility, higher reliability, comprehensive monitoring and alerting, and a lower total cost of ownership. Axtero Orchestra integrates with MDM platforms — Jamf is the primary supported MDM today. Integration with Intune is in progress — Microsoft does not yet support changing the assigned user via API, which limits Axtero Orchestra's core workflow on Intune. This is expected to change soon.

The decision comes down to your deployment scale and operational needs. For small teams considering shared devices, be cautious with Apple Shortcuts — it is a hacky workaround that can send wipe commands but cannot handle real check-in/check-out workflows. It may work as a proof of concept, but it is not a foundation to build on. For enterprise deployments at any scale, the choice is between Axtero Orchestra and Imprivata MAM. Axtero Orchestra's advantages are lower pricing, the ability to customize workflows to match how your organization actually works, modern reliability with comprehensive monitoring, and a lower total cost of ownership. If your workflows need to adapt, Axtero Orchestra adapts with you rather than forcing a rigid process.

A common question: can your MDM handle shared iPhones on its own? The short answer is no — not because MDM lacks capability, but because it lacks the automation layer. MDMs like Jamf and Workspace ONE can switch the assigned user on a device, manage configurations, and enforce compliance. In fact, that is exactly what Axtero Orchestra relies on: Axtero Orchestra sends commands, and the MDM executes them. Axtero Orchestra updates the user field in the MDM, and the MDM tracks it from there. Notable exception: Intune still does not support changing the assigned user via API, which is a missing feature Microsoft has yet to deliver. Intune also offers Shared Device Mode, which deserves a closer look. Shared Device Mode uses the Microsoft Authentication Library (MSAL) SDK to enable sign-in/sign-out at the device level rather than per-app. In theory, this provides a clean shared device experience. In practice, it requires every app on the device to integrate the MSAL SDK — and most clinical, retail, and field service apps do not support it yet. Until your critical line-of-business apps adopt MSAL, Shared Device Mode only covers Microsoft apps and a small number of third-party apps that have integrated it. This is where orchestration tools fill the gap. What MDM cannot do on its own is automate the full check-in/check-out workflow — deciding when to wipe, which user to assign next, managing the queue of devices, and handling the automation logic. That is what a dedicated shared device management platform like Axtero Orchestra provides. Think of MDM as the execution layer and Axtero Orchestra as the intelligence layer. Without Axtero Orchestra, an admin does it all manually. Our MDM implementation service can help you set up both layers.