ID vault limitations
Be aware of the following current ID vault limitations.
ID vault trust
User IDs can be stored in an ID vault only if a parent certifier of the IDs has been used to issue a Vault Trust Certificate to the vault. A Vault Trust Certificate is a special-purpose cross-certificate establishing that an organizational or organizational unit certifier trusts an ID vault to store the user IDs that are descended from the certifier.
ID vault password reset security
A benefit of the vault is the ability to easily reset passwords on IDs when users forget them. There are two models available for resetting passwords: authorized personnel can use the Domino Administrator to reset passwords for users, or users or authorized personnel can reset passwords using a custom application. You can implement one or both models.
Security for server ID files and the vault ID file
The Notes ID vault server's ID file is integral to the protection of the vault's contents. Because someone who gains access to a vault server ID file could potentially gain access to vault data, it is vital to restrict access to the server ID files of vault servers.
Authorization for ID downloads
To help thwart unauthorized access to ID files, you can choose to require that someone with password reset authority approve all ID downloads by specifying a number of downloads allowed (a download count).
ID vault servers
An ID vault server is a server with a vault replica. The first vault server is created when the vault is created using the ID Vaults -> Create tool. Vault administrators create additional vault servers using the ID Vaults -> Manage tool in the Domino Administrator.
ID vault management roles
Domino administrator access is required to perform all vault configuration and management tasks, with the following exceptions.
ID vault backup and recovery
Back up ID vault databases using your preferred backup method and media. If a vault database becomes corrupted, use either of the following methods to restore it.