Enabling Notes federated login

Enable Notes federated login to allow Notes clients users to start Notes and perform secure operations without being prompted for a Notes ID password.

Before you begin

Complete the following prerequisites:


  1. In the Domino® Directory, open the existing Security Settings policy for users of your organization’s ID vault.
  2. On the ID Vault tab, make sure there is an assigned vault.
  3. Select the Password Management > Federated Login tab.
  4. Select Yes for Enable Notes federated login with SAML IdP.
  5. For client users who have upgraded to 9.0.1 Social Edition, when the policy is initially being deployed, under Additional settings for Federated Login (Notes or Web), select Yes for Allow password authentication with the ID vault.
    Tip: After a user has been verified to be working with federated login, it is a recommended security improvement to change Allow password authentication with the ID vault to No. When password authentication with the ID vault is not allowed, the user is required to authenticate to the vault using federated login in order to download the user's id for either Notes or Web use. Because this policy setting controls both Notes and Web behavior with the ID vault, change the setting to No only if federated login should be used exclusively.
  6. Optional: Create custom messages for users to notify them when federated login is either enabled or disabled.
  7. Select the Keys and Certificates tab.
  8. To add the Notes® certifier to the policy, click Update Links.
  9. Choose Selected supported and click OK.
  10. Click the Notes Certifiers tab, select the certificates which signed the IDs of the Notes users, and click OK.
    Note: If the IDs are signed by an Organization Unit (OU) certificate, include all certificates in the hierarchy, including the Organizational certificate.
  11. Click the Internet Cross Certificates tab, select the SSL certificate exported from either ADFS or TFIM 2.0, and click OK.
  12. Optional: Enter a formula under Machine specific formula to apply the policy to specific computers for clients who have multiple computers.
  13. Save and close the security policy.

What to do next

Testing Notes federated login