Using Notes Shared Login (NSL) to suppress password prompts

Notes® Shared Login (NSL) allows users to start Notes without having to provide Notes passwords. Instead, they only need to log in to Microsoft™ Windows™ using their Windows passwords.

When Notes Shared Login is enabled, Notes IDs no longer have Notes passwords. Instead, a complex "secret" is used to protect the ID. This secret is encrypted using a Microsoft Windows security mechanism and saved locally on users' computers.

Enabling Notes Shared Login alters the ID so that shared login works only on the computer on which the feature is activated. This is a requirement because the feature relies on a Windows security infrastructure specific to that computer.

Notes Shared Login provides the following benefits:

  • Users need to remember only their Windows passwords.
  • Notes shared login works without interruption when Windows passwords are changed either by users or by administrators on a Windows domain controller.
  • Administrators use policies to control who uses the feature and whether its use is required or optional.
  • Administrators are not required to manage Notes passwords or assist users who have forgotten their passwords because there are no longer Notes passwords.

Notes Shared Login is not supported for Notes IDs that are:

  • used on computers that do not run Windows
  • protected by Smartcards
  • protected by multiple passwords
  • used with Notes on a USB drive
  • used by users who have Windows mandatory profiles
  • used in a Citrix environment
Citrix Notes Shared Login can be used in a Citrix environment by adding the following notes.ini settings to the client:

    EnableUsingAppDataForRoaming=1
    EnableNSLUnderCitrix=1
Note: Notes Shared Login users with Windows roaming profiles should log in to an Active Directory domain controller from one computer at a time. When users are logged in from more than one computer, there is a possibility that Notes may not be able to decrypt the ID file.

When Notes Shared Login is enabled:

  • Security settings for policies that relate to Notes passwords are not supported and are ignored. The User Security dialog box does not display fields relating to Notes passwords.
  • The Check password on Notes ID file security setting is not supported. Domino® servers ignore this setting for IDs enabled for shared login. If you use pre-8.5 Domino servers, the setting should be disabled for users with these IDs.
  • If Notes users were synchronizing Internet passwords with Notes passwords in an earlier release, they must now begin managing their Internet passwords.
  • To use a Notes shared-login ID on more than one computer, a user clicks Copy ID in the User Security dialog box to make a new, Notes-password-protected copy of the ID file.  When the user runs Notes using the copied ID on another computer, the user's effective policy determines whether the ID will be enabled for Notes shared login. It is possible to use the ID Vault to move a Notes shared-login ID from one system to another, but all of the following requirements must be met:
    • The Notes shared-login ID stored in the ID vault must have a password associated with it.  Often this is not the case, because Notes shared-login IDs on a user's computer do not have a password. 
    • The owner of the ID must know the password associated with the copy of the Notes shared-login ID stored in the ID Vault
    • The user must be performing a Notes setup on the new system where the ID will be used, or the NOTES.INI file on the new system where the ID will be used must contain entries specifying the owner of the ID and the location where the ID should be stored.
  • If Notes IDs are stored on a network share, the IDs can be used only from the computers on which shared login is activated.
  • To open an shared login-enabled ID through the Domino Administrator, you must always use the computer and the Windows login name that were used when the ID was shared login-enabled.
  • Roaming users who roam their IDs cannot use Notes shared login.