Creating an ID vault

The ID Vault tool enables you to perform all of the steps necessary to make a vault operational. However you can choose to perform some of the required steps at a later time using another tool.

About this task

A vault database is created in the \IBM_ID_VAULT directory in the IBM® Domino® server data directory. Creating a vault requires administrator and Create databases and templates access to the server on which you create it, and Editor access to the Domino Directory.

When you create a vault, an associated vault document is also created in the Configuration > Security > ID Vaults view of the Domino Directory. The document shows the vault name, description, vault administrators, and vault servers (servers with replicas). Note that you can add vault servers using the ID Vaults > Manage tool after the vault is created.

Note: The vault document and other vault-related documents in the Domino Directory are created and modified on the Domino Directory administration server. If you create an ID vault on a different server, those documents are not added to it until they have replicated from the Domino Directory administration server.

Procedure

  1. From the Domino Administrator, click the Configuration tab.
  2. Click Tools > ID Vaults > Create.
  3. Specify the following required information at the time you create a vault.
    Table 1. Required Information You Must Provide During Vault Creation

    Field

    Comments

    Name of the vault

    • The name defines the hierarchical identity of the vault and is also used to form the vault database file name and vault ID file name.
    • The name cannot be the same as an organization or organizational unit used in the Domino domain.
    • You cannot change the name after the vault is created.

    Vault ID file location and password

    • It is important to make a back up copy of the vault ID file. If the ID file is lost and there is no backup copy, the vault will need to be deleted and re-created.
    • Vault administrators require access to this ID file and password to add or remove vault replicas or to delete the ID vault.

    Vault primary server

    • You can specify only one server when you create a vault, which becomes the vault primary server.
    • To replicate the vault to other servers, and optionally to specify a different vault primary server, use the ID Vaults > Manage tool.

    Vault administrator

    You must specify at least one vault administrator.
  4. Optionally, specify the following information either at the time you create the vault, or at a later time:
    Table 2. Required Information You Can Provide After ID Vault Creation

    Field

    Comments

    The organizations that trust the vault for ID storage.

    • This information is used to create Vault Trust Certificates in the Domino Directory.
    • Requires access to the certifier ID files of the specified organizations or organizational units.
    • Can be done after vault creation using the ID Vaults > Manage tool.

    The names authorized to reset the passwords of IDs in the ID vault.

    • This information is used to create Password Reset Certificates in the Domino Directory.
    • Requires access to the certifier ID files of the organizations or organizational units with Vault Trust Certificates.
    • Can be done after vault creation using the ID Vaults > Manage or ID Vaults > Password Reset Authority tool.

    The user IDs assigned to a vault.

    • This is controlled through user policy configuration.
    • Can be done after vault creation using the ID Vaults > Manage tool or by configuring a policy manually.