Linking to the IIJ ID Service

By linking to the IIJ ID Service, not only operation managers but a person who has an IIJ ID Service account can manage the DNS platform service. Additionally, people who use an IIJ ID Service account can set reference and editing roles of zone information by contract zone at the granular level.

[ Reference ]

  • The IIJ ID Service is an ID management service (IDaaS) in the cloud that links to various service IDs enabling single sign-on (SSO).
  • With the IIJ DNS Platform Service, you can link to the IIJ ID Service that is contracted for the same Service Group.

Linking to the IIJ ID Service

Use the following procedure to link to the IIJ ID Service.

  1. Log in to the control panel as an operations manager. Refer to "Logging In" for more information on how to log in.
  2. Open Dashboard.
  3. Select a service code (dpfxxxxxxxx) for the IIJ DNS Platform Service.
  4. Click "Link to IIJ ID Service."
  5. Click "Link."
  6. The IIJ ID Login screen appears.
    Enter the account of the IIJ ID Service initial administrator in "ID," and then click the "Next" button.

    [ Note ]

    If you have logged in using an account other than that of the IIJ ID Service initial administrator, you cannot link to the IIJ ID Service.

    Click "" located in the upper right of the control panel to log out once, and then log out of the IIJ ID console (https://www.auth.iij.jp/console/) too. Then, redo the operation from step 1.

  7. Follow the instructions on the screen to enter the authentication information. The authentication information varies depending on the IIJ ID Service settings. Refer to the "IIJ ID Service Online Manual" for more information.

  8. Click "Approve."

After linking to the IIJ ID Service, roles can be set with respect to user and group accounts. After linking to the IIJ ID Service, it may take some time before you can set a role. Refer to "Assigning a Role to an IIJ ID Service Account" for more information on role types and how to set them.

Cancelling the Link with the IIJ ID Service

Use the following procedure to cancel the link with the IIJ ID Service.

[ Note ]

After cancelling the link with the IIJ ID Service, you can no longer log in to the control panel and perform service management using the IIJ ID service account.

In addition, you can cancel the link with the IIJ ID Service only when you are logged in as an operations manager. If you are logged in using an IIJ ID Service account, log out once and log in again as an operations manager.

  1. Log in to the control panel as an operations manager. Refer to "Logging In" for more information on how to log in.
  2. Open Dashboard.
  3. Select a service code (dpfxxxxxxxx) for the IIJ DNS Platform Service.
  4. Click "Link to IIJ ID Service."
  5. Click "UnLink."
  6. The IIJ ID Login screen appears.
    Enter the account of the IIJ ID Service initial administrator in "ID," and then click "Next."

    [ Note ]

    If you have logged in using an account other than that of the IIJ ID Service initial administrator, you cannot cancel the link with the IIJ ID Service.

    Click "" located in the upper right of the control panel to log out once, and then log out of the IIJ ID console (https://www.auth.iij.jp/console/) too. Then, redo the operation from step 1.

  7. Follow the instructions on the screen to enter the authentication information. The authentication information varies depending on the IIJ ID Service settings. Refer to the "IIJ ID Service Online Manual" for more information.
  8. Click "Approve."
Assigning a Role to an IIJ ID Service Account
[ Note ]

It is recommended that you avoid managing permissions only by the initial administrator and assign an "Administrator" role to two or more persons.

After linking to the IIJ ID Service, you need to perform appropriate role management with respect to the operations manager’s IIJ ID Service account.

There is no function for taking over the role of the operations manager. When taking over the role and authority to a new operations manager, assign a role for each management target.

Because the assignment task becomes cumbersome and complicated when there are many management targets, consider creation of a shared IID account with a goal of staff management or system management using a group account.

Use the following procedure to assign a role to an IIJ ID Service account.

  1. Select "Log in with IIJ ID" on the Login screen.

    [ Reference ]

    If you are logged in to the control panel, click "" located in the upper right of the control panel to log out, and then log in with the IIJ ID Service.

  2. The IIJ ID Login screen appears.
    Enter the account of the IIJ ID Service initial administrator in "ID," and then click "Next."

    [ Note ]

    If you have logged in using an account other than that of the IIJ ID Service initial administrator, you cannot set a role for the first time.

    Click "" located in the upper right of the control panel to log out once, and then log out of the IIJ ID console (https://www.auth.iij.jp/console/) too. Then, redo the operation from step 1.

  3. Follow the instructions on the screen to enter the authentication information. The authentication information varies depending on the IIJ ID Service settings. Refer to the "IIJ ID Service Online Manual" for more information.
  4. Click "" located in the upper right of the control panel.
  5. Click "Authority Management Screen."

  6. Click "Add Authority" for the target service code.

    Service code for the management targetDescription of managementNotes
    dpfxxxxxxxxSettings and view management for the following menus in "Service Management" on the control panel are targeted.
    • Service List
    • Common Settings
    • TSIG Key Management
    • Service Operation Log
    • Link to IIJ ID Service
    Settings for the "Name Server Registration" menu for "Name Server Management" can be operated without the role for dpfxxxxxxxx.
    dpmxxxxxxxxSettings and view management for the following menus in "Zone Management" on the control panel are targeted.
    • Record Management
    • DNSSEC Management
    • Zone Application History
    • Zone Proxy Management
    • Zone Operation Log
    • A role with respect to each "Zone Management" menu can be set for each zone.
    • Settings for the "Name Server Registration" menu in "Name Server Management" can be operated without the role for dpmxxxxxxxx.
  7. Specify the role information to add, and then click "Confirm."

    ItemDescriptionNotes
    Operations manager/operations manager group

    Enter the user account or group account of the IIJ ID Service to which to add a role for the target service code.
    *Partially-matched users or groups are displayed as prediction candidates under the search column.


    Roles/authorities

    Select one from the list and click "." The roles and authorities to be added are displayed on the right-hand side.

    Multiple roles and authorities can be added.

    The types of role and authority are as shown below. Also refer to "Examples of role settings by major purpose."

    Role/authorityDescriptionNotes
    Super AdministratorInitial management role to be assigned to an account with which IIJ ID link has been executed. A person with this role can perform all operations assigned.If you log in as an operations manager, you will have role contents that are the same as those for this role.
    Super UserThis role is not used for DPF.
    Contract AdministratorA person with this role holds authority of both "[Contract] Update Role" and "[Contract] Authority Update Role."
    Contract UserA person with this role holds authority of both "[Configuration] Update Role" and "[Configuration] Authority Update Role."
    Config Operation AdministratorA person with this role can add contacts for related services and options, and cancel contracts.
    Config Operation UserA person with this role can configure settings for services and options.
    Config Operation ReaderA person with this role can reference settings for services and options.
    Invoice ReaderThis role is not used for DPF.
    Operation AdministratorThis role is not used for DPF.
    Operation UserThis role is not used for DPF.
    [Contract] Authority Update AuthorityA role that can assign the following authorities on the role setting page
    • [Contract] Update Role
    • [Contract] View Role
    • [Contract] Authority Update Role
    • [Contract] Authority View Role

    [Contract] Authority Reference AuthorityA role that can view the following assignment statuses on the role setting page
    • [Contract] Update Role
    • [Contract] View Role
    • [Contract] Authority Update Role
    • [Contract] Authority View Role

    [Contract] Update AuthorityA person with this authority can add contacts for related services and options, and cancel contracts.
    [Configuration] Authority Update AuthorityA role that can assign the following authorities on the role setting page
    • [Configuration] Update Role
    • [Configuration] View Role
    • [Configuration] Authority Update Role
    • [Configuration] Authority View Role

    [Configuration] Authority Reference AuthorityA role that can view the following assignment statuses on the role setting page
    • [Configuration] Update Role
    • [Configuration] View Role
    • [Configuration] Authority Update Role
    • [Configuration] Authority View Role

    [Configuration] Update AuthorityA person with this authority can configure settings for services and options.
    [Configuration] Reference AuthorityA person with this authority can reference settings for services and options.
  8. Click "Register."
Examples of role settings by major purpose
NoPurposeHow to set the role to the target zone
1To permit all types of management of the target zone, including Editing DNS RecordsAdd the IIJ ID Service account of the relevant person in the "[Configuration] Update Role" to the target zone’s service code (dpmxxxxxxxx).
2To permit only information references of the target zone (changes to DNS records are not permitted)Add the IIJ ID Service account of the relevant person in the "[Configuration] View Role" to the target zone’s service code (dpmxxxxxxxx).
Cancelling the Role Assigned to an IIJ ID Service Account

Use the following procedure to cancel the role setting that is assigned to an account linked to the IIJ ID Service.

  1. Select "Log in with IIJ ID" on the Login screen.

    [ Reference ]

    If you are logged in to the control panel, click "" located in the upper right of the control panel to log out once.

  2. The IIJ ID Login screen appears.
    Enter the account of the IIJ ID Service in "ID," and click "Next."

    [ Note ]

    Log in to the zone whose role is to be cancelled, using the IIJ ID Service account to which any of the "[Contract] Authority Update Authority" and "[Configuration] Authority Update Authority" is set.

  3. Follow the instructions on the screen to enter the authentication information. The authentication information varies depending on the IIJ ID Service settings. Refer to the "IIJ ID Service Online Manual" for more information.
  4. Click "" located in the upper right of the control panel.
  5. Click "Authority Management Screen."
  6. Click "" for the target service code.
  7. Click "Cancel Roll" for the target role.
  8. Select a target account to be cancelled from "Operations manager/operations manager group," and click "Confirm."
    *  If there is only one account for the operations manager and operations manager group registered with the target role/authority, the step of selecting a target account to be cancelled is skipped.
  9. Click "Delete."


Role names and authorities before and after March 29, 2023

The old role names (which were used before March 29) and the new roles and authorities corresponding to the old role names are as follows.

Old role nameRoles/authoritiesNotes
New role nameAuthority name
Full Role ManagerSuper Administrator

Contract ManagerContract Administrator

Engineering ManagerConfig Operation Administrator

Contract Management StaffContract User

Engineering Management Staff

Config Operation Administrator



Contract Confirmation Staff

Not used
Engineering Confirmation StaffConfig Operation Reader

Contract Role Operator

[Contract] Authority Update Authority
Contract Role Viewer

[Contract] Authority Reference Authority
Contract Operator

[Contract] Update Authority
Contract Viewer

Not used
Billing Role Operator

Not used
Billing Role Viewer

Not used
Billing Operator

Not used
Billing Viewer

Not used
Configuration Role Operator[Configuration] Authority Update Authority
Configuration Role Viewer[Configuration] Authority Reference Authority
Configuration Operator[Configuration] Update Authority
Configuration Viewer[Configuration] Reference Authority
Operation Group Role Operator

Not used
Operation Group Role Viewer

Not used
Operation Group Operator

Not used
Operation Group Viewer

Not used
Operation Role Operator

Not used
Operation Role Viewer

Not used
Operation Operator

Not used
Operation Viewer

Not used


Authorities included in role
No Role name

Authority included

1Super Administrator[Contract] Authority Update Role, [Contract] Authority View Role, [Contract] Management Role, [Contract] Update Role, [Contract] View Role,
[Billing] Authority Update Role, [Billing] Authority View Role, [Billing] Management Role, [Billing] Update Role, [Billing] View Role,
[Configuration] Authority Update Role, [Configuration] Authority View Role, [Configuration] Approval Role, [Configuration] Update Role, [Configuration] View Role,
[Operation] Authority Update Role, [Operation] Authority View Role, [Operation] Approval Role, [Operation] Update Role, [Operation] View Role,
2Super User[Contract] Management Role, [Contract] Update Role, [Contract] View Role,
[Billing] Management Role, [Billing] Update Role, [Billing] View Role,
[Configuration] Update Role, [Configuration] View Role,
[Operation] Update Role, [Operation] View Role
3

Contract Administrator

[Contract] Authority Update Role, [Contract] Authority View Role, [Contract] Management Role, [Contract] Update Role, [Contract] View Role,
[Billing] Authority Update Role, [Billing] Authority View Role, [Billing] Management Role, [Billing] Update Role, [Billing] View Role,
[Configuration] Authority Update Role, [Configuration] Authority View Role,
[Operation] Authority Update Role, [Operation] Authority View Role,
4Operation User[Contract] Management Role, [Contract] Update Role, [Contract] View Role,
[Billing] Management Role, [Billing] Update Role, [Billing] View Role
5Config Operation Administrator[Configuration] Authority Update Role, [Configuration] Authority View Role, [Configuration] Approval Role, [Configuration] Update Role, [Configuration] View Role,
[Operation] Authority Update Role, [Operation] Authority View Role, [Operation] Approval Role, [Operation] Update Role, [Operation] View Role
6Config Operation User[Configuration] Update Role, [Configuration] View Role,
[Operation] Update Role, [Operation] View Role
7Config Operation Reader[Configuration] View Role,
[Operation] View Role
8Invoice Reader[Billing] View Role
9Operation Administrator[Operation] Authority Update Role, [Operation] Authority View Role, [Operation] Approval Role, [Operation] Update Role, [Operation]View Role
10Operation User[Operation] Update Role, [Operation] View Role