The restrictions in this service are as follows.

Basic features

• Customers must own domains to use this service.When a customer registers a domain in this service, IIJ will verify that the domain is owned by the customer.Domains not owned by the customer cannot be registered.If it is discovered that a customer no longer owns a domain that has been registered, all of the users and groups registered with the domain will be deleted without prior notice.
• If external services, such as Microsoft 365, used with this service undergo maintenance or experience a failure, some features of this service may be unavailable to customers in external services. IIJ will not be able to process inquiries on the cause of any issues with federated services. This service shall not be responsible for damages caused by federated services.
• If a communication error occurs with external systems, customer involvement may be required to resolve the issue.
• IIJ does not guarantee that global IP addresses assigned to hosts in this service will never change. Global IP addresses are subject to change without prior notice due to changes in offerings provided by this service.
• This service shares its facilities with multiple customers.If IIJ deems that a particular customer's usage impacts the service for other customers, IIJ may restrict service, including stopping part or all of the service features to that customer.
• If some kind of switch occurs due to redundant mechanisms, services may be unavailable for several minutes.

• If our service facilities are impacted by communication traffic to our customers, including attack traffic, IIJ may block or divert part or all of this communication data without prior notice. IIJ will notify your Operations Manager if communication data is blocked.

• If a specific user attempts to send a large amount of password reset email, email transmission may be temporarily locked.

• This service is delivered on a best-effort basis, so there is no guarantee of response performance.

Multi-Factor Authentication Option

• The versions of operating systems that the IIJ SmartKey app supports are not guaranteed to operate on all supported devices.
• The versions of operating systems that the IIJ SmartKey app supports may change without prior notice. IIJ does not guarantee that the app will always be continually available to users.
• If a failure occurs in the Multi-Factor Authentication Option, authentication processes may be limited to ID and password-based single-factor authentication.
• Some features of the Multi-Factor Authentication Option use external services. Maintenance on or failures of external services may have the following impacts.

Integrated Windows Authentication Option

• Use of Integrated Windows Authentication Option requires a contract to the IIJ Private Backbone Service.
• Active Directory servers to form a federation with must be able to communicate with the network provided by the IIJ Private Backbone Service.If not, a contract to a service that provides connectivity is required.
• Versions of Active Directory compatible with Integrated Windows Authentication are Windows Server 2016, and Windows Server 2019.
• The Integrated Windows Authentication infrastructure provided solely by Integrated Authentication Option is configured as a single system, so the service may be unavailable for several minutes in the event of a failure.If you wish to mitigate impact during a failure, please use the Integrated Windows Authentication Multi-Region Option.
• IP addresses and domains for Integrated Windows Authentication Option are shared among multiple customers.The bandwidth is “best-effort.”
• The specs of the equipment provided by the Integrated Windows Authentication infrastructure are“best-effort.”If a performance-related problem occurs under specific usage conditions, please use the Integrated Windows Authentication Multi-Region Option.

Integrated Windows Authentication Multi-Region Option

• Use of the Integrated Windows Authentication Multi-Region Option requires a contract to the Integrated Windows Authentication Option.