I would think that you'd just create a free AAD tenant, then federate it your preferred idP. Then federate ABM to AAD.
So when a user goes to log in with a managed Apple ID, they are prompted to log in to AAD, AAD says you need to go to this idP to log in, they sign in to the idP and then they're allowed access.
Bearxor
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for