Revision History

IIJ ID Service Manual [For Administrators] Revision History
Revision DateRevision Details
2017/06/26
  • New document
2017/10/23

Content updated in accordance with expansion of the following features:

  • Support for synchronization with multi-forest Active Directory
  • Support to synchronize account information with Linux OpenLDAP
  • Addition of ability to customize some notification email messages sent to administrators
  • Addition of ability to issue refresh tokens
2018/01/29

Content updated in accordance with expansion of the following features:

  • Addition of ability to import information from Azure AD
  • Login policies now provided as standard functionality
  • Updates to the IIJ ID Console login screen
  • Expanded ID synchronization with linked services (Premium Federation Option)
  • Addition of upstream ID provider authentication (Premium Federation Option)
  • Addition of ability to register Web link applications (Premium Federation Option)

2018/04/23

Content updated in accordance with expansion of/changes to the following features:

  • Additional information that can be registered for users
  • Addition of capability for administrators to reset passwords
  • Addition of email one-time password authentication (Multi-Factor Authentication Option)
  • System specification has been changed to send notification email to users when their accounts are locked
  • System specification has been changed to restrict operation by users/groups with external IDs
2018/08/27

Content updated in accordance with expansion of/changes to the following features:

  • Addition of the device certificate authentication feature (Multi-Factor Authentication Option)
  • Addition of group setting feature for a user on the user creation/editing screen
  • Groups can now be registered as group members

  • User device information can now be displayed

  • "Last name" and "First name" in user information is now optional instead of required

2019/02/19

Content updated in accordance with expansion of the following features:

  • Integrated Windows Authentication Option
  • Integrated Windows Authentication Multi-Region Option

2019/09/30

Content updated in accordance with expansion of/changes to the following features:

  • Addition of the temporary password function
  • Multi-ID provider support
  • Addition of the Application User function to restrict login to applications
  • Addition of the function for the administrator to remove users’ SmartKey authentication information
  • Addition of the function to issue access tokens and refresh tokens for non-SCIM purposes
2019/11/25

Content updated in accordance with expansion of/changes to the following features:

  • Addition of the function to set password expiry dates for temporary passwords
  • Addition of tenant identification information in job notification emails
  • Addition of the option that enables creation of SAML applications that use system-wide IDPs (Premium Federation Option)
2020/02/25

Content updated in accordance with the following functions added to the Integrated Windows Authentication Option:

  • Support for multi-forest and multi-domain AD
  • Addition of the function to restrict networks on which SPNEGO authentication is allowed
  • Addition of the function to specify an arbitrary DN when creating an AD administration account
  • Addition of the function to register one multi-region of the IIJ Directory Service for Microsoft as an AD network
2020/11/30
  • Support of FIDO2 authentication with the Multi-Factor Authentication Option
  • Enhancement of Login Policies in Security Settings
  • Integration of management screens for various pieces of authentication device information (FIDO2 security key, device certificate, and SmartKey authentication information)
  • Support of the initial contract using the domain (on.iijid.jp) IIJ prepares
2021/02/08

Content updated in accordance with expansion of/changes to the following features:

  • Addition of application-linking ID to user attribute
  • immutableId is also updated now if Azure AD federation is disabled for exporting users to Office 365
2021/05/17

Content updated in accordance with expansion of/changes to the following features:

  • Expansion of the SAML NAMEID attribute and Attribute attribute

  • Addition of FIDO2 authentication function for administrators
  • Addition of certificate revocation settings by OCSP and CRL for certificate authentication

  • Addition of the filtering function by certificate subject for certificate authentication

  • Addition of display customization (Link of request to disable multi-factor authentication)
  • Addition of Email Customization

2021/11/22

Content updated in accordance with expansion of/changes to the following features:

  • Addition of the function to specify an assertion signing algorithm to the SAML Application
2022/10/17

Content updated in accordance with expansion of/changes to the following features:

  • Addition of the function to display warning of password expiration dates
  • Expansion of the range in which variables can be used by the email customization function
  • Addition of the function that notifies that the expiration date of an access token is approaching
  • Changed the title of "Office 365" to "Microsoft 365"
  • Addition of the function that notifies that the expiration date of a provisioning API for the Microsoft 365 Application is approaching
  • Addition of the function to export users to Azure AD with no license
2023/01/16

Content updated in accordance with expansion of/changes to the following features:

  • Procedures for setting up the Microsoft 365 Application have been changed with discontinuation of the MSOnline PowerShell module
  • Addition of the function on the "Information for User" screen
2023/04/20
  • Corrected the example configuration of "No.2 Migration from External Authentication Infrastructure"
  • Corrected reference information of "Attributes Exported to Azure AD"
2023/05/10
  • Corrected contents of "Description of User CSV File"
2023/07/24
  • Corrected contents of "Adding Security Key Types that Can Be Registered/Authenticated"
2023/08/15
  • Addition of descriptions to Application User for the use of the Microsoft 365 Application
2023/10/13
  • Changed the design and document name
2023/10/19
  • "Windows Server 2012 R2" has been deleted from the environment in which the operation of Integrated Windows Authentication Option had been checked
2023/11/17
  • Changed link destination addresses
2023/12/05
  • Correction of incorrect descriptions