Complete these steps to configure TOTP authentication for the primary domain.

About this task

This procedure uses Domain1 for the primary domain name and Domain2 for the secondary domain name.

Procedure

1. Add the following notes.ini setting to all Web servers in Domain1 and to the ID vault server in Domain1:

ENABLE_IDV_CROSSDOMAIN_AUTHENTICATION=1

3. Configure directory assistance to look up names in the Domain2 Domino directory:

a. Create a directory assistance database (if not created already) on a server in Domain1.

b. Add a Directory Assistance Document for Domain2. The following fields in the document are required.


On the Basics tab:
• Domain type SelectNotes.
• Domain name Specify the Domino domain of the secondary directory, for example Domain2.
• Make this domain available to SelectNotes Clients & Internet Authentication/Authorization
• Enabled SelectYes.
On the Naming Contexts (Rules) tab, select Enabled -> Yes and Trusted for Credentials -> Yes for at least one rule that applies to Domain2. You can use the default N.C. 1 rule.

On the Domino tab, specify the replica of the Domain2 Domino directory on the Domain2 administration server.

For additional information, see Creating a Directory Assistance document for a Domino Directory or extended directory catalog.


c. At the Domino server console, run the command sh xdir to verify the configuration. You should see output similar to the following output:

[11A4:0006-105C]  DomainName      DirectoryType         ClientProtocol Replica/LDAP Server[11A4:0006-105C] --------------- --------------------- -------------- -----------------------[11A4:007C-105C] 1 Domain1 Primary-Notes Notes & LDAP names.nsf[11A4:007C-105C] 2 Domain2 Secondary-Notes Notes server1/domain2!!names.nsf

5. Replicate the Domain1 Domino directory and Directory Assistance database to all participating Web servers in Domain1.

Parent topic: Configuring cross-domain TOTP authentication

Help on Help

All Help Contents

Help on Help