Domino Consulting - HCL Domino Administrator 12 Help

SECURING

Authenticating web users against the Notes ID passwords in the ID vault

You can configure HCL Domino® to use the password in an ID vault to authenticate users that access the server over HTTP, IMAP, POP3, and LDAP internet protocols.

When this feature is enabled, HCL Verse, HCL iNotes®, and other internet users with Notes® ID files provide their names and Notes ID passwords from an ID vault to authenticate with a Domino server. With this feature, users need to remember just one password, their Notes ID password, to authenticate to the server and perform secure mail operations. Without this feature, users provide their internet passwords to authenticate to the server and then are prompted for their Notes ID passwords to perform secure mail operations if the passwords are different than their internet passwords.

Note:

This feature is ignored for authentication of the following users:
- Notes client users
- Internet-only users without Notes IDs
- Users who authenticate via SAML federated identity authentication
If directory assistance is configured for cross-domain directory lookups, add the notes.ini setting ENABLE_IDV_CROSSDOMAIN_AUTHENTICATION=1 to your Domino servers. Then, when a user accesses a Domino server and the user is registered in a secondary domain, the server is able to access the vault in the secondary domain to verify the user password, if configured.

To enable the feature:

1. Create or edit a Configuration Settings document in the Domino directory. (Configuration -> Servers -> Configurations).

2. Click the Security tab.

3. In the Internet Password Verification section, select one of the following options:

Table 1. Internet Password Verification options

Option	Description
Check internet password in directory	Always use internet passwords in Domino directory Person documents to authenticate internet users. This option is the pre-release 11 behavior and the default selection.
Check internet password in vault	Always use passwords from Notes ID files in the vault to authenticate internet users who have registered Notes IDs. These users must have IDs in the vault to authenticate.
Check vault first, then directory.	Try to use passwords from Notes IDs in the vault to authenticate internet users who have registered Notes IDs. If Notes IDs are not found in the vault, use internet passwords in Domino directory Person documents to authenticate the users. Use this option if some internet users with registered Notes IDs do not have IDs in the vault or if you are unsure if they do.

Parent topic: Name-and-password authentication for Internet/intranet clients

Help on Help

All Help Contents

Help on Help

All Help Contents