Enabling Web federated login

Enable Web federated login to allow iNotes users to perform secure operations such as signing and decrypting messages without being prompted for a Notes ID password.

Before you begin

Complete the following prerequisites:

About this task

Before enabling Web federated login for all iNotes users, enable it for the test user you created for testing SAML authentication and test that Web federated authentication works for that user.

Procedure

  1. In the Domino directory, open the existing Security Settings policy for users of your organization’s ID vault.
  2. On the ID Vault tab, make sure there is an assigned vault.
  3. Select the Password Management > Federated Login tab.
  4. Select Yes for Enable Web federated login with SAML IdP.
  5. Select Set value whenever modified for How to apply this setting.
  6. For iNotes deployments that have been upgraded to the current release, when the policy is initially being deployed, select Additional settings for Federated Login (Notes or Web) > Allow password authentication with the ID vault >Yes.
    Note: After a user has been verified to be working with federated login, a recommended security improvement is to change Allow password authentication with the ID vault to No. When password authentication with the ID vault is not allowed, users are required to authenticate to the vault with federated login in order to download the user's ID for either Notes or Web use. Change Allow password authentication wih the ID vault to No only if it is the case that neither iNotes nor Notes should allow password authentication to the ID vault.
  7. Save and close the security policy.

Results

For any iNotes® user to whom the policy applies, the settings for Notes federated login will be activated on the user's next login.

What to do next

Test Web federated login