List of published manuals

List of manuals for contractors

IIJ ID Service Manual [For Administrators]

Setting Azure AD User's immutableId to IIJ ID User by CSV Import

This page describes how to obtain the immutableId of Azure AD users and then set them to the application-linking IDs of IIJ ID users by CSV import.
Execute this procedure in the following cases.

  • You have already been using Microsoft 365 and enabling federation by using another company’s IDaaS (A value is set to the immutableId attribute of Azure AD users).
  • You do not use Active Directory for linking IDs with Microsoft 365.
Flow of migration

If you have been enabling federation of Microsoft 365 with another company’s IDaaS, the immutableId attribute is set to Azure AD users.
Because the immutableId attribute needs to be included in the SAML response sent from the IIJ ID Service, it must be set to the users of the IIJ ID Service.

This procedure uses a CSV file to set the immutableId attribute of Azure AD users to the application-linking IDs of IIJ ID users.

Migration procedure
Obtaining the immutableId of Azure AD users

Use the PowerShell script to obtain Azure AD immutableId attribute values.

  1. Configure Windows PowerShell.
    Refer to "Configuring Windows PowerShell" for how to configure Windows PowerShell.

  2. Create the script.
    Copy the following script and save it with a file name "migrate.ps1."

    Install-Module -Name Microsoft.Graph
Connect-MgGraph -Scopes 'User.Read.All' -ContextScope Process
Get-MgUser -All -Property @("UserPrincipalName", "OnPremisesImmutableId") | Select-Object UserPrincipalName,OnPremisesImmutableID | ConvertTo-Csv -NoTypeInformation
  3. Run PowerShell on a Windows computer.

  4. Use the following command to run the PowerShell script as illustrated in the example.
    The execution result is output to the standard output.
    Example command line display

    PS> powershell -ExecutionPolicy bypass -File '.\migrate.ps1'
    [ Reference ]

    The following window may be displayed at the time of execution
    If this window is displayed, click "Accept" without checking the "Consent on behalf of your organization" box.

Setting immutableId to application-linking IDs of IIJ ID users

Use CSV import to set the immutableId attribute of Azure AD users to application-linking IDs of IIJ ID users.

  1. Prepare a CSV file to import immutableId to the IIJ ID Service.
    Modify the header line of the CSV data obtained in "Obtaining immutableId of Azure AD users" as follows.

    Before modificationAfter modification
    userPrincipalNamelogin_id
    immutableIddownstream_id

  2. Import the CSV file to the IIJ ID service.
    Refer to "Importing Users in CSV" for more information on importing the CSV file.