Using Notes® Client Single Logon to synchronize Notes® and Windows OS passwords

You can use Notes® Client Single Logon to synchronize your Notes® users' Microsoft Windows passwords with their Notes® passwords, allowing them to use the same password.

Consider using the newer Notes® Shared Login (NSL) feature rather than the Notes® Client Single Logon feature. Notes® Shared Login (NSL) is designed to work with ID Vault. Notes® Shared Login is enabled through policy configuration. If Notes® Client Single Logon is installed, it must be uninstalled before Notes® Shared Login (NSL) can be enabled.

Note: To check if the single logon feature is already installed, click File > Security > User Security > Security Basics. If the client single logon feature is installed, the Login to Notes using your operating system login option is enabled.

To understand the distinction between Notes® Client Single Logon and Notes® Shared Login (NSL), including the relationship with ID Vault and with Notes® roaming user, see the Notes® and Domino® wiki articles under Related information.

When users install Notes® they can choose the Notes® option client single logon. When installation is complete, users restart the client to allow single logon to take effect. This option is also available during Notes® silent install and upgrade.

When the user restarts Notes®, the following occurs:

  • The Notes® Single Logon Password Synchronization panel appears.
  • As prompted, click Yes, enter the Notes® password, and click OK.
  • The Change Password panel appears, prompting to enter the new password and re-enter the new password for confirmation. In both password entry fields, enter the Windows system password and then click OK.
Note: The user's computer's name cannot be the same as the operating system (OS) login name when using client single logon. The Notes® Client Single Logon feature does not work when the OS login name is identical to the computer name, and the user logs in with the OS name. If client single logon is not working properly on a user's system, change the OS login user name or the user's computer's name.
Note: To disable the Notes® single login feature, click File > Security > User Security and disable the Login to Notes using your operating system login option in the Your Login and Password Settings area of the Security panel. After disabling single sign-on, use your Windows password to log in to Notes®.

OS and Domino® password policies must be aligned as closely as possible to allow password synchronization to work. During OS password changes, the Notes® Network Provider must be able to change the Notes® ID to the new password provided by the OS. Notes® is notified of the new OS password only after the OS password has been changed. If the new OS password does not meet the Notes® password quality and history requirements, the Notes® password change will fail.

During Notes® password changes, the Notes® client must be able to change the OS password to the new Notes® password.

For bidirectional password synchronization, the Notes® Network Provider must be able to access a user's NOTES.INI file and Notes® ID file. The required location for the NOTES.INI file depends on the type of installation:
  • For single user install, the NOTES.INI file must exist in the Notes® directory as specified in the HKEY_LOCAL_MACHINE registry key.
  • For multi-user install, the NOTES.INI file must be specified in the HKEY_CURRENT_USER registry key: ("HKEY_CURRENT_USER\SOFTWARE\Lotus\Notes\NotesIniPath")

Operating system (OS) password changes occur in the system access control environment; therefore, the NOTES.INI file and the Notes® ID file must reside on a local drive.