List of published manuals

List of manuals for contractors

IIJ ID Service Password Sync Manual [Windows Active Directory]

Updating Access Tokens

Access token has an expiration date, so it needs to be reissued regularly.
The following describes the procedure for updating an access token with Password Sync.

StepOperationComments
1Log in to IIJ ID Console as an ID Administrator user of IIJ ID Service from which the access token was obtained when Password Sync was deployed.It is also possible to use a different ID Administrator user’s access token.
2

Issue a new access token with the following items and record their values in Notepad or a similar tool.

  • Access token name: (Any name)
  • Resource server to use: IIJ ID Service API
  • Scope to use: escim_read_users, escim_write_users
  • Expiration date: (Any date)

Refer to "Issuing Access Tokens" for more information on issuing an access token.

It is also possible to use an access token issued for Directory Sync. In that case, skip this step.

When recording information on the access token in Notepad or a similar tool, do not insert line feeds.

3

Check the expiration date of the access token that was issued in step 2.

You need to update the access token on this expiration date next time.

If you want to update the access token less frequently, reissue an access token with a longer expiration date.
4Stop Task Scheduler for Password Sync so that it will not be executed automatically.Although password synchronization to the IIJ ID Service from Active Directory will be temporarily suspended, all the details of a password change dealt with during the suspension period will be synchronized with the IIJ ID Service after scheduled execution is resumed.
5

Open Password Sync’s secret.yml configuration file and rewrite the access token values to those of the access token obtained in step 2.

Refer to "Configuration File Samples" for more information on settings for secret.yml.


6Resume scheduled executions of Password Sync.
7Using a desired Active Directory account, change the password and confirm that the password is synchronized with IIJ ID normally.
8

Access IIJ ID Console as the user in step 1 and revoke the existing access token.

Refer to "Revoking Access Tokens" for more information on how to revoke an access token.

If there is no need to revoke the existing access token, skip this step.

Be careful not to revoke the access token you have newly issued.