• New document

Content updated in accordance with expansion of the following features:

• Support for synchronization with multi-forest Active Directory
• Support to synchronize account information with Linux OpenLDAP
• Addition of ability to customize some notification email messages sent to administrators
• Addition of ability to issue refresh tokens

Content updated in accordance with expansion of the following features:

• Addition of ability to import information from Azure AD
• Login policies now provided as standard functionality
• Updates to the IIJ ID Console login screen
• Expanded ID synchronization with linked services (Premium Federation Option)
• Addition of upstream ID provider authentication (Premium Federation Option)
• Addition of ability to register Web link applications (Premium Federation Option)

2018/04/23

Content updated in accordance with expansion of/changes to the following features:

• Additional information that can be registered for users
• Addition of capability for administrators to reset passwords
• Addition of email one-time password authentication (Multi-Factor Authentication Option)
• System specification has been changed to send notification email to users when their accounts are locked
• System specification has been changed to restrict operation by users/groups with external IDs

Content updated in accordance with expansion of/changes to the following features:

• Addition of the device certificate authentication feature (Multi-Factor Authentication Option)
• Addition of group setting feature for a user on the user creation/editing screen

• Groups can now be registered as group members

• User device information can now be displayed

• "Last name" and "First name" in user information is now optional instead of required

Content updated in accordance with expansion of the following features:

• Integrated Windows Authentication Option
• Integrated Windows Authentication Multi-Region Option

2019/09/30

Content updated in accordance with expansion of/changes to the following features:

• Addition of the temporary password function
• Multi-ID provider support
• Addition of the Application User function to restrict login to applications
• Addition of the function for the administrator to remove users’ SmartKey authentication information
• Addition of the function to issue access tokens and refresh tokens for non-SCIM purposes

Content updated in accordance with expansion of/changes to the following features:

• Addition of the function to set password expiry dates for temporary passwords
• Addition of tenant identification information in job notification emails
• Addition of the option that enables creation of SAML applications that use system-wide IDPs (Premium Federation Option)

Content updated in accordance with the following functions added to the Integrated Windows Authentication Option:

• Support for multi-forest and multi-domain AD
• Addition of the function to restrict networks on which SPNEGO authentication is allowed
• Addition of the function to specify an arbitrary DN when creating an AD administration account
• Addition of the function to register one multi-region of the IIJ Directory Service for Microsoft as an AD network

• Support of FIDO2 authentication with the Multi-Factor Authentication Option
• Enhancement of Login Policies in Security Settings
• Integration of management screens for various pieces of authentication device information (FIDO2 security key, device certificate, and SmartKey authentication information)
• Support of the initial contract using the domain (on.iijid.jp) IIJ prepares

Content updated in accordance with expansion of/changes to the following features:

• Addition of application-linking ID to user attribute
• immutableId is also updated now if Azure AD federation is disabled for exporting users to Office 365

Content updated in accordance with expansion of/changes to the following features:

• Expansion of the SAML NAMEID attribute and Attribute attribute
  

• Addition of FIDO2 authentication function for administrators

• Addition of certificate revocation settings by OCSP and CRL for certificate authentication
  

• Addition of the filtering function by certificate subject for certificate authentication
  

• Addition of display customization (Link of request to disable multi-factor authentication)
  
• Addition of Email Customization

2021/11/22

Content updated in accordance with expansion of/changes to the following features:

• Addition of the function to specify an assertion signing algorithm to the SAML Application

Content updated in accordance with expansion of/changes to the following features:

• Addition of the function to display warning of password expiration dates
• Expansion of the range in which variables can be used by the email customization function
• Addition of the function that notifies that the expiration date of an access token is approaching
• Changed the title of "Office 365" to "Microsoft 365"
• Addition of the function that notifies that the expiration date of a provisioning API for the Microsoft 365 Application is approaching
• Addition of the function to export users to Azure AD with no license

Content updated in accordance with expansion of/changes to the following features:

• Procedures for setting up the Microsoft 365 Application have been changed with discontinuation of the MSOnline PowerShell module
• Addition of the function on the "Information for User" screen

• Corrected the example configuration of "No.2 Migration from External Authentication Infrastructure"
• Corrected reference information of "Attributes Exported to Azure AD"

• Corrected contents of "Description of User CSV File"

• Corrected contents of "Adding Security Key Types that Can Be Registered/Authenticated"

• Addition of descriptions to Application User for the use of the Microsoft 365 Application

• Changed the design and document name

• "Windows Server 2012 R2" has been deleted from the environment in which the operation of Integrated Windows Authentication Option had been checked

• Changed link destination addresses

• Correction of incorrect descriptions