List of published manuals
List of manuals for contractors
開閉
IIJ ID Service Manual [For Administrators]
Premium Federation Option
Custom Applications
Web Link Application
Adding Web Link Applications
Changing Web Link Application Settings
Configuring OpenID Connect Application Federation Settings
Adding Web Link Applications
Open all
Introduction
Glossary
Getting Started
Usage Precautions
Service Overview
Features
Configuration
Restrictions
Sign-up Process
Emails Sent from the IIJ ID Service
Service Has Been Registered
Domain Ownership Confirmation Request
Domain Ownership Has Been Confirmed
Integrated Windows Authentication Option Has Been Registered
Job Has Been Finished
User Requests Disabling Multi-factor Authentication
Account Has Been Issued
Account Has Been Locked
Password Has Been Changed
Password Has Expired
Password Reset Requested
New Temporary Password Has Been Issued
Temporary Password Could Not Be Issued
One-time Password
Used Access Token Will Expire Soon
Your Client Certificate Will Expire Soon
FIDO2 Security Key Has Been Registered
Expiration of Microsoft 365 Settings Is Approaching
Suspicious Login Has Been Reported
Email from the IIJ ID Service is Not Received
Directory Service Synchronization Modules
IIJ ID Service Configuration Sequence Examples
IIJ ID Console
IIJ ID Console Overview
Logging in Using Password Authentication (Temporary Password)
Logging in Using Password Authentication
Changing the Language
Logout Procedure
Resetting Passwords
IIJ ID Console Menu Bar
Account Management (User Management)
Adding Users
Searching Users
Editing Users
Editing Other Notification Email Addresses for Users
Editing Phone Numbers for Users
Editing IMs for Users
Editing Entitlements for Users
Unlocking Accounts
Resetting User Passwords
Disabling Users
Enabling Users
Deleting Users
Deleting and Restoring Users Pending Deletion
Changing Retention Periods of Users Pending Deletion
Removing Users’ SmartKey Linkage
Exporting Users in CSV
Importing Users in CSV
Description of User CSV File
Account Management (Group Management)
Adding Groups
Searching Groups
Editing General Group Settings
Adding Group Members
Deleting Group Members
Deleting Groups
Exporting Groups in CSV
Importing Groups in CSV
Description of Groups CSV File
Exporting Group Members in CSV
Importing Group Members in CSV
Description of Group Members CSV File
Application Management
Changing Application Names
Adding Application Users
Unlinking Application Users
Changing Application Login Permissions
Reports
Job History
Viewing Jobs
Searching Jobs to be Displayed
Job Types
Job Status
Task Operations
Downloading Job History as CSV Files
Troubleshooting Failed Jobs
Login History
Viewing Login History of All Users
Downloading Login History as CSV Files
Retention Period for Login History
Exporting FIDO2 Security Keys (CSV)
System Management
System Information
Restrictions on Users to Whom External IDs were Set
Changing Personal Contacts by Users
Changing Email Addresses to Receive IIJ ID System Email
Changing the URL of the Page Displayed after Logout
ID Administrator Management
Granting ID Administrator Privileges to Users
Revoking ID Administrator Privileges from Users
Domain Management
Registering Domains
Deleting Domains
Managing Upstream ID Provider
Security Settings
System
Changing Session Expirations
Changing Settings of Information for User
Trusted Networks
Registering Trusted Networks
Deleting Trusted Networks
Configuring Login Policies
Login Conditions for Login Policies
Adding Login Policies
Changing Login Policies
Deleting Login Policies
Changing Password Policies
Device Restrictions
FIDO2
Changing a User’s Security Key Management Settings
Changing the Number of Security Keys that Can Be Registered
Restrictions on Security Keys
AAGUID
Changing Security Key Settings to Be Restricted
Adding Security Key Types that Can Be Registered/Authenticated
Deleting Security Key Types that Can Be Registered/Authenticated
Display Customization
Email Customization
SmartKey Authentication Customization
Common My Menu for Administrators and Users
My Applications
Infomation for User
Profile Settings
Changing Passwords
Authentication Device Management
Managing Access Token
Issuing Refresh Tokens
Revoking Refresh Tokens
Issuing Access Tokens
Updating Access Tokens
Revoking Access Tokens
Login History
Hint
Notifications
Viewing Notifications
Multi-Factor Authentication Option
Configuring Multi-factor Authentication
SmartKey Authentication
Configuring SmartKey Authentication
IIJ SmartKey App Cannot Receive Push Notifications
Precautions Regarding Receiving SMS Messages When Registering the IIJ SmartKey App
FIDO2 Authentication
Platforms that Support FIDO2 Authentication
Security Keys whose Operation Has Been Verified
Examples of FIDO2 Authentication Setup Flows
Registering FIDO2 Security Keys
Editing FIDO2 Security Keys
Disabling FIDO2 Security Keys
Device Certificate Authentication When Using the IIJ ID Service CA
Example Device Restrictions Configuration Sequence When Using the IIJ ID Service CA
Configuring the IIJ ID Service CA
Configuring Devices When Using the IIJ ID Service CA
Devices or Key Pairs are Lost or Stolen When Using the IIJ ID Service CA
Administrator Procedure to Remove Devices
Device Certificate Authentication When Using External CAs
Example Device Restrictions Configuration Sequence Using External CAs
Configuring External CAs
Certificate Revocation Settings
Revocation Settings by OCSP
Revocation Settings by CRL
Certificate Filtering Settings
Certificate Filtering Settings
Filtering Rules
Example Configuration Using a Device ID of Cybertrust Japan Co., Ltd.
Devices or Key Pairs are Lost or Stolen When Using External CAs
Email One-time Password Authentication
Upstream ID Provider Authentication
Enabling Multi-factor Authentication as the User Login Rule
Login Procedure Using Multi-factor Authentication
Temporarily Disabling Multi-factor Authentication for Users
Premium Federation Option
NameID Format
Microsoft 365 Applications
Example Configuration Sequences for Microsoft 365 Applications
No1. Case where Azure AD Connect Is Used
No2. Migration from External Authentication Infrastructure (with Using Directory Sync)
No3. Migration from Azure AD Authentication Infrastructure (with Using Directory Sync)
No4. Federate Microsoft 365 Newly (with Using Directory Sync)
No5. Migration from External Authentication Infrastructure (without Using Directory Sync)
No6. Migration from Azure AD Authentication Infrastructure (without Using Directory Sync)
No7. Federate Microsoft 365 Newly (without Using Directory Sync)
Registering Domains in Microsoft 365
Configuring Windows PowerShell
Adding Microsoft 365
Configuring Graph API Settings
Changing General Application Settings
Configuring the Azure AD (Microsoft 365) Federation
Verifying Directory IDs
Removing Federation with Azure AD (Microsoft 365)
Provisioning with Azure AD (Microsoft 365)
Reregistering Graph API
Configuring Application Users
Configuring Groups
Configuring Import Settings
Deleting Microsoft 365 Applications
Configuring Federation for Office 2013 Client Applications
Verifying Provisioning Jobs of Microsoft 365 Applications
Note on Deleting Exported Users and Groups
Attributes Exported to Azure AD
Attributes Imported from Azure AD
Setting Azure AD User's immutableId to IIJ ID User by CSV Import
SAML Attribute for Federation with Azure AD
Federation in Domains in a Parent-Child Relationship
Custom Applications
Examples of Custom Application Setup Flows
SAML Application
Adding SAML Applications
Configuring SAML Application Federation Settings
Adding SAML Applications (Assertion Signing Algorithms)
Adding SAML Applications (User Identifier (NameID) Specification)
Adding SAML Applications (Attribute Mapping (User Attribute))
Adding SAML Applications (Attribute Mapping (Assigned Group Name))
OpenID Connect Application
Adding OpenID Connect Applications
Configuring OpenID Connect Application Federation Settings
Web Link Application
Adding Web Link Applications
Changing Web Link Application Settings
Exporting Users/Groups to Custom Applications
Upstream ID Providers
Adding Upstream ID Providers
Configuring User Authentication via Upstream ID Providers
Deleting External Providers
Example Upstream ID Provider Federation
Adding AD FS 2016 as Upstream ID Provider
Creating Applications in AD FS 2016
Creating Upstream ID Providers in the IIJ ID Service
Resuming Application Creation in AD FS 2016
Adding Azure AD as Upstream ID Provider
Creating Applications in Azure AD
Creating Upstream ID Providers in the IIJ ID Service
Resuming Application Creation in Azure AD
Configuring Users’ External Synchronization Information in IIJ ID Service
Integrated Windows Authentication Option
Sign-up Process for Integrated Windows Authentication Option
Integrated Windows Authentication Methods (SPNEGO Authentication and Form Authentication)
Active Directory Network Topologies
Examples of Integrated Windows Authentication Setup Flows
Displaying the Integrated Windows Authentication Provider Settings Page
Synchronization with On-premise Active Directory Servers
Registering Active Directory for Synchronization with On-premise Active Directory Servers
Enabling Federation with On-premise Active Directory
Synchronizing On-premise Active Directory Users with IIJ ID Using Directory Sync
Disabling Federation with On-premise Active Directory
Deleting On-premise Active Directory
Synchronization with Active Directory Servers of IIJ Directory Service for Microsoft
Registering Active Directory of IIJ Directory Service for Microsoft
Enabling Federation with Active Directory in IIJ Directory Service for Microsoft
Creating Active Directory User that Executes Directory Sync in IIJ Directory Service for Microsoft
Synchronizing Active Directory Users with IIJ ID Using Directory Sync in IIJ Directory Service for Microsoft
Manually Executing Recovery Mode of Directory Sync in IIJ Directory Service for Microsoft
Precautions of Directory Sync in IIJ Directory Service for Microsoft
Disabling Federation with Active Directory in IIJ Directory Service for Microsoft
Disabling Synchronization from Directory Sync in IIJ Directory Service for Microsoft
Deleting an Active Directory in IIJ Directory Service for Microsoft
Enabling Integrated Windows Authentication as the User Login Rule
Informing Users of URLs to Enable Integrated Windows Authentication
Enabling Integrated Windows Authentication Settings on Browsers (SPNEGO Authentication)
Customizing Displays (Integrated Windows Authentication)
Logging Out from the Integrated Windows Authentication Provider Settings Page
Restricting Networks on which SPNEGO Authentication Is Allowed
IIJ Service Online
Customer Support
Revision History
Copyright Page