Using Notes® Shared Login (NSL) to suppress password prompts

Notes® Shared Login (NSL) allows users to start Notes® without having to provide Notes® passwords. Instead, they only need to log in to Microsoft Windows using their Windows passwords.

When Notes® Shared Login is enabled, Notes® IDs no longer have Notes® passwords. Instead, a complex "secret" is used to protect the ID. This secret is encrypted using a Microsoft Windows security mechanism and saved locally on users' computers.

Enabling Notes® Shared Login alters the ID so that shared login works only on the computer on which the feature is activated. This is a requirement because the feature relies on a Windows security infrastructure specific to that computer.

Notes® Shared Login provides the following benefits:

  • Users need to remember only their Windows passwords.
  • Notes® shared login works without interruption when Windows passwords are changed either by users or by administrators on a Windows domain controller.
  • Administrators use policies to control who uses the feature and whether its use is required or optional.
  • Administrators are not required to manage Notes® passwords or assist users who have forgotten their passwords because there are no longer Notes® passwords.

Notes® Shared Login is not supported for Notes® IDs that are:

  • used on computers that do not run Windows
  • protected by Smartcards
  • protected by multiple passwords
  • used with Notes® on a USB drive
  • used by users who have Windows mandatory profiles
  • used in a Citrix environment
Citrix Notes Shared Login can be used in a Citrix environment by adding the following notes.ini settings to the client:

    EnableUsingAppDataForRoaming=1
    EnableNSLUnderCitrix=1
Note: Notes® Shared Login users with Windows roaming profiles should log in to an Active Directory domain controller from one computer at a time. When users are logged in from more than one computer, there is a possibility that Notes® may not be able to decrypt the ID file.

When Notes® Shared Login is enabled:

  • Security settings for policies that relate to Notes® passwords are not supported and are ignored. The User Security dialog box does not display fields relating to Notes® passwords.
  • The Check password on Notes ID file security setting is not supported. Domino® servers ignore this setting for IDs enabled for shared login. If you use pre-8.5 Domino® servers, the setting should be disabled for users with these IDs.
  • If Notes® users were synchronizing Internet passwords with Notes® passwords in an earlier release, they must now begin managing their Internet passwords.
  • To use a Notes® shared-login ID on more than one computer, a user clicks Copy ID in the User Security dialog box to make a new, Notes-password-protected copy of the ID file.  When the user runs Notes® using the copied ID on another computer, the user's effective policy determines whether the ID will be enabled for Notes® shared login. It is possible to use the ID Vault to move a Notes® shared-login ID from one system to another, but all of the following requirements must be met:
    • The Notes® shared-login ID stored in the ID vault must have a password associated with it.  Often this is not the case, because Notes® shared-login IDs on a user's computer do not have a password. 
    • The owner of the ID must know the password associated with the copy of the Notes® shared-login ID stored in the ID Vault
    • The user must be performing a Notes® setup on the new system where the ID will be used, or the NOTES.INI file on the new system where the ID will be used must contain entries specifying the owner of the ID and the location where the ID should be stored.
  • If Notes® IDs are stored on a network share, the IDs can be used only from the computers on which shared login is activated.
  • To open an shared login-enabled ID through the Domino® Administrator, you must always use the computer and the Windows login name that were used when the ID was shared login-enabled.
  • Roaming users who roam their IDs cannot use Notes® shared login.