Authenticating web users against the Notes ID passwords in the ID vault

You can configure HCL Domino® to use the password in an ID vault to authenticate web users that access the server.

When this feature is enabled, HCL Verse, HCL iNotes®, and other web users with Notes® ID files provide their web names and Notes ID passwords from an ID vault to authenticate with a Domino server. With this feature, users need to remember just one password, their Notes ID password, to authenticate to the server and perform secure mail operations. Without this feature, web users provide their HTTP passwords to authenticate to the server and then are prompted for their Notes ID passwords to perform secure mail operations if the passwords are different than their HTTP passwords.

Note:
  • This feature is ignored for authentication of the following users:
    • Notes client users
    • Web-only users without Notes IDs
    • Users who authenticate via SAML federated identity authentication
  • If directory assistance is configured for cross-domain directory lookups, add the notes.ini setting ENABLE_IDV_CROSSDOMAIN_AUTHENTICATION=1 to your Domino servers. Then, when a user accesses a Domino server and the user is registered in a secondary domain, the server is able to access the vault in the secondary domain to verify the user password, if configured.
To enable the feature:
  1. Create or edit a Configuration Settings document in the Domino directory. (Configuration > Servers > Configurations).
  2. Click the Security tab.
  3. In the Internet Password Verification section, select one of the following options:
    Table 1. Internet Password Verification options
    Option Description
    Check internet password in directory Always use internet passwords in Domino directory Person documents to authenticate web users. This option is the pre-release 11 behavior and the default selection.
    Check internet password in vault Always use passwords from Notes ID files in the vault to authenticate web users who have registered Notes IDs. These web users must have IDs in the vault to authenticate.
    Check vault first, then directory. Try to use password from Notes IDs in the vault to authenticate web users who have registered Notes IDs. If Notes IDs are not found in the vault, use internet passwords in Domino directory Person documents to authenticate the users.

    Use this option if some web users with registered Notes IDs do not have IDs in the vault or if you are unsure if they do.