SECURING
If your organization uses Windows™ for your Notes® clients, you can configure a combination of Notes federated login and the Notes shared login feature. The Notes shared login feature ensures that the Notes user will not be prompted for an ID file password, and this feature is needed if the Notes client operates offline. If there is any situation where the Notes client id file is missing from the desktop, Notes federated login feature ensures that SAML authentication can be used to retrieve the user's ID file from the vault (SAML authentication must be accomplished when the Notes client is operating online).
About this task
Note: The Notes shared login feature is recommended instead of the Client Single Logon (Windows only) feature. The Client single logon feature is not supported with the Notes ID vault, and cannot be used in combination with Notes federated login.
When you login into the Notes client on the test user's computer, the security policy change to enable the user for this feature is detected on client. The result is that the client is enabled to use Notes federated login. Notes, however, that the client is enabled for this feature only if server is configured properly for SAML.
Usually you will set the policy to copy the user's Organizational certifier certificate over to the Notes client user's Contacts (personal name and address book), or this can be done manually with the indicated procedure. The user's Organization certifier certificate, resident in the Domino® Directory and in the user's Contacts, is required for Notes federated login to function.
Results
Check the User Security dialog box to examine the configuration.
When only Notes federated login was enabled, the Notes client user would have seen this message in the User Security dialog box:
Your ID is not stored on disc. Your ID will be downloaded from ID vault, during which your designated federated Identity Provider may prompt you for login credentials.
When both Notes federated login and Notes single login are enabled, the Notes client user sees this message in the User Security dialog box:
Your ID works with Notes on this computer only. You can make a password protected copy of your ID to use on other computers. Click ’Copy ID’
If you think someone has stolen your ID, click ’Compromised ID’
Your ID is stored on disc. If it is deleted or becomes corrupted, your ID will be downloaded from ID vault, during which your designated federated Identity Provider may prompt you for login credentials.
Parent topic: Enabling Notes federated login
Related concepts Using Notes Client Single Logon to synchronize Notes and Windows OS passwords
Related tasks Testing Notes federated login