Configuring the HCL Traveler server for TOTP authentication

TOTP authentication setup for the HCL Verse mobile clients follows the steps defined in the Domino Administration guide for Configuring TOTP authentication. This topic identifies Traveler server specific setup information.

TOTP is a forms-based authentication. Once TOTP is enabled for the Traveler endpoint, any session override rules allowing basic authentication are ignored. This means that any client configured for the same endpoint that requires Basic authentication will no longer be able to authenticate. To support additional modes of authentication, consider configuring multiple web sites. For more information, see Enabling support for Server Name Indication (SNI).

Traveler server setup

The HCL Traveler server(s) should be configured prior to enabling TOTP authentication. This allows validation that HCL Traveler is functioning prior to making any changes for TOTP authentication.

Preparing for TOTP authentication

Domino TOTP authentication support requires that the Traveler server users have a vaulted user id. Ensure the following setup is completed before configuring Domino for TOTP authentication:

  • Ensure the ID Vault is configured and user IDs are vaulted. For more information, see Notes® ID vault.
  • Upgrade the ID Vault database and Directory database with the HCL Domino 12.0 template designs.
  • Ensure the ID Vault is configured with Allow Notes-based programs to use the Notes ID vault set to Yes. For more information, see Enabling programs that store IDs in databases to use a vault.
  • If the ID Vault database is not on the Traveler server, add the Traveler server as a Vault server, so a replica of the ID Vault database is local to Traveler. For more information, see Planning an ID vault deployment.

Configuring TOTP authentication

Read the following notes, then complete the steps to Configure TOTP authentication as outlined in the HCL Domino Administration guide.

At this point, the Traveler server endpoint is configured for TOTP authentication. Accessing the Traveler Web Administration interface (/LotusTraveler.nsf) or the Traveler Admin APIs (/api/traveler) requires that the administration user be vaulted and authenticate using TOTP. For non-TOTP authentication access, set up an additional web site for /api and /LotusTraveler.nsf requests.

Next review and update the authentication timeout settings for the optimum user experience. For information on configuring the client for TOTP authentication, see HCL Verse Client setup.