Users log into Shared iPads using their enterprise Managed Apple ID created by their organization's Apple Business Manager tenant through federation to an IDP such as Azure Active Directory. When this occurs, the device updates Workspace ONE UEM which user has logged in and Workspace ONE UEM assigns the device to the enrollment user with the matching Managed Apple ID.
To ensure Workspace ONE can appropriately associate the device to an enrollment user, the Managed Apple ID of a user logging into a Shared iPad must exist and be globally unique for that Workspace ONE environment.
If a user logs into the device with a Managed Apple ID that doesn't exist in Workspace ONE UEM or is associated with more than one enrollment user, the device remains is associated with the multi-staging user originally used to enroll the device.
This is also the case if the user begins a Temporary Session. When this occurs, Workspace ONE UEM will move the device to the multi-staging user originally used to enroll the device.
It is recommended to assign the minimum required apps and profiles to the multi-staging enrollment user, as any user may have permission to log into the device in this way.
Never delete the multi-staging enrollment user if there are active Shared iPads. This will leave devices that fall into the above category orphaned and the device will need to be wiped and enrolled to a new multi-staging user.