Domino Consulting - HCL Domino Administrator 11.0.1 Help

SECURING

Using Notes Client Single Logon to synchronize Notes and Windows OS passwords

You can use Notes® Client Single Logon to synchronize your Notes users' Microsoft™ Windows™ passwords with their Notes passwords, allowing them to use the same password.

Consider using the newer Notes Shared Login (NSL) feature rather than the Notes Client Single Logon feature. Notes Shared Login (NSL) is designed to work with ID Vault. Notes Shared Login is enabled through policy configuration. If Notes Client Single Logon is installed, it must be uninstalled before Notes Shared Login (NSL) can be enabled.

Note: To check if the single logon feature is already installed, click File -> Security -> User Security -> Security Basics. If the client single logon feature is installed, the Login to Notes using your operating system login option is enabled.

When users install Notes they can choose the Notes option client single logon. When installation is complete, users restart the client to allow single logon to take effect. This option is also available during Notes silent install and upgrade.

When the user restarts Notes, the following occurs:

The Notes Single Logon Password Synchronization panel appears.
As prompted, click Yes, enter the Notes password, and click OK.
The Change Password panel appears, prompting to enter the new password and re-enter the new password for confirmation. In both password entry fields, enter the Windows system password and then click OK.

Note: The user's computer's name cannot be the same as the operating system (OS) login name when using client single logon. The Notes Client Single Logon feature does not work when the OS login name is identical to the computer name, and the user logs in with the OS name. If client single logon is not working properly on a user's system, change the OS login user name or the user's computer's name.

Note: To disable the Notes single login feature, click File -> Security -> User Security and disable the Login to Notes using your operating system login option in the Your Login and Password Settings area of the Security panel. After disabling single sign-on, use your Windows password to log in to Notes.

OS and Domino® password policies must be aligned as closely as possible to allow password synchronization to work. During OS password changes, the Notes Network Provider must be able to change the Notes ID to the new password provided by the OS. Notes is notified of the new OS password only after the OS password has been changed. If the new OS password does not meet the Notes password quality and history requirements, the Notes password change will fail.

During Notes password changes, the Notes client must be able to change the OS password to the new Notes password.

For bidirectional password synchronization, the Notes Network Provider must be able to access a user's NOTES.INI file and Notes ID file. The required location for the NOTES.INI file depends on the type of installation:

For single user install, the NOTES.INI file must exist in the Notes directory as specified in the HKEY_LOCAL_MACHINE registry key.
For multi-user install, the NOTES.INI file must be specified in the HKEY_CURRENT_USER registry key: ("HKEY_CURRENT_USER\SOFTWARE\Lotus\Notes\NotesIniPath")

Operating system (OS) password changes occur in the system access control environment; therefore, the NOTES.INI file and the Notes ID file must reside on a local drive.

Parent topic: Domino server and Notes user IDs

Help on Help

All Help Contents

Help on Help

All Help Contents