Creating security policy settings for iNotes users

To create or enforce security settings for HCL iNotes® users, you must create a security policy settings document.

About this task

Although there are other security policy settings that can be created for HCL Notes® users, the settings here are applicable to iNotes security, and the explanations in the following table describe how these settings affect iNotes users.

Procedure

  1. Make sure that you have Editor access to the Domino® Directory and one of these roles:
    • PolicyCreator role to create a settings document
    • PolicyModifier role to modify a settings document
  2. From the Domino Administrator, select the People & Groups tab, and then open the Settings view.
  3. Click Add Settings, and then choose Security.
  4. On the tabs listed in the following tables, complete these fields:
    Table 1. Password Management Basics tab
    Setting Description

    Allow users to change Internet password over HTTP

    This setting determines whether the iNotes user preference Change Internet Password displays:

    • Yes (default) - allows users to use a Web browser to change their Internet passwords. iNotes users use the Change Internet Password preference to do so.
    • No - the user preference Change Internet Password will not display.

    Update Internet Password When Notes Client Password Changes

    For iNotes users, this setting determines whether there will be one user preference Change Password, instead of two preferences, Change Notes ID and Change Internet Password. If there is only one preference, the Notes ID password in the mail file is updated when the Internet password is changed.

    Choose one:

    • No (default) -- User preferences include both Change Notes ID and Change Internet Password user preferences, and the user must change both.
    • Yes -- Synchronizes the user Internet password with the iNotes client password. User preferences include only the Change Password preference, which is used to change both passwords.

    Enforce password expiration

    If you enable password expiration for any of the options, the security settings document defaults change. Choose one:

    • Disabled (default) - disables password expiration. If you disable password expiration, do not complete the remaining fields in this section.
    • HCL Notes only - enables password expiration for Notes passwords only. For iNotes users, this enables expiration for the Notes ID stored in the user's mail file.
    • Internet only - enables password expiration for Internet passwords only.
    • Notes and Internet -- enables password expiration for both Notes and Internet passwords. For iNotes users, it enables expiration for both the Notes ID stored in the user's mail file and for the Internet password.
    Note: Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used indefinitely with other Internet protocols, such as LDAP or POP3.
    Note: Do not enable password expiration if users use Smartcards to log in to Domino servers.

    Required password quality

    If you require users to create passwords based on password quality, specify that quality by choosing a value from the drop-down list. To use length instead of password quality, continue to the next field.

    For iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via iNotes user preferences.

    Use length instead

    If you require users to create passwords based on length, click Yes. When you do, the Required Password Quality field changes to Required password length. Specify the minimum password length here.

    For iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via iNotes user preferences.

    Table 2. Custom Password Policy tab
    Setting Description

    Change Password on First Notes Client Use

    Require users to change their passwords the first time they log in using Notes. For iNotes, users must change the embedded Notes ID password before using it the first time.

    Note: This works only if the policy is applied during user registration.
    Table 3. Keys and Certificates tab
    Setting Description

    Warning period

    Specify the number of days prior to certificate expiration at which the user Warning period receives an expiration warning message.

    Table 4. ID Vault tab
    Setting Description

    Allow Notes-based programs to use the Notes ID vault

    Set to Yes to allow iNotes users to use the Notes ID Vault to back up their Notes ID. If this feature is enabled, the user preference Synchronize Notes ID with Vault displays in iNotes security preferences.

    Table 5. Proxies tab (click Edit List to view these fields)
    Setting Description

    Context

    The path of the request to the proxy server, specifies which proxy the rule is for. Examples include:

    xsp/proxy/GoogleProxy
    xsp/proxy/BasicProxy

    URL

    Address of the site to which this policy applies.

    This is the target of the proxy.

    Actions

    The set of HTTP actions this policy allows.

    These can be GET, POST, HEAD, PUT, DELETE. The most frequently used are GET and POST.

    Cookies

    Cookies allowed for this site. That is, the cookies that will be passed from the browser to the target URL server.

    Note: Cookies with specified names will always be proxied to this site. In addition, any incoming (Set-Cookie response headers) received from the site will also be remembered and eventually sent back on subsequent requests to this site.

    Mime-types

    Content types allowed back from the target server, or use * to allow all.

    Headers

    Headers allowed for this site, or use * to allow all. This attribute determines which headers are forwarded to the target server.

    Note: Cookies are not handled as a standard header. Putting the entry "cookie" in the headers list will have no effect.