No5. Migration from External Authentication Infrastructure (without Using Directory Sync)

You are to migrate the authentication infrastructure to the IIJ ID Service in a state where you are using an other authentication infrastructure.
To obtain the same value as the immutableId attribute value of the Azure AD user created in the external authentication infrastructure, use the "Application-linking ID" of the IIJ ID User.

[ Reference ]

The descriptions shown below are just reference.

Perform the actual task in accordance with your environment.

Federation Image

Perform provisioning on the user from IIJ ID to Azure AD, and then perform federation with the provisioned user.


Because the Azure AD user that was created from the old authentication infrastructure exists on Azure AD, consider the link with the existing Azure AD user.

The value of immutableId of the existing Azure AD user depends on the specifications of the authentication infrastructure, so set the application-linking ID of the IIJ ID User in "Setting Azure AD User's immutableId to IIJ ID User by CSV Import."

Do not set any application-linking ID to the IIJ ID User to be created newly, and set the IIJ ID User's UUID to immutableId of the Azure AD user.

Setup Flow Example
1. PreparationComments

1.1 Registering Domains in Microsoft 365
1.2 Configuring Windows PowerShell
1.3 Add Microsoft 365 Application
1.4 Setting Azure AD User's immutableId to IIJ ID User
1.5 Reflecting User Attribute Value Set to the Existing Azure AD User to IIJ ID UserIf there are many users, it is recommended that you export attributes of Azure AD users to a CSV file and reflect the data at once by CSV import of IIJ ID Users.
2. Configuring Federations

2.1 Changing General Application Settings
2.2 Configuring Graph API Settings
2.3 Provisioning
2.4 Configuring Users
2.5 Configuring Federations