Creating an ID vault
The ID Vault tool enables you to perform all of the steps necessary to make a vault operational. However you can choose to perform some of the required steps at a later time using another tool.
About this task
A vault database is created in the \IBM_ID_VAULT directory in the IBM® Domino® server data directory. Creating a vault requires administrator and Create databases and templates access to the server on which you create it, and Editor access to the Domino Directory.
When you create a vault, an associated vault document is also created in the
view of the Domino Directory. The document shows the vault name, description, vault administrators, and vault servers (servers with replicas). Note that you can add vault servers using the tool after the vault is created.Procedure
- From the Domino Administrator, click the Configuration tab.
- Click .
- Specify the following required information at the time
you create a vault.
Table 1. Required Information You Must Provide During Vault Creation Field
Comments
Name of the vault
- The name defines the hierarchical identity of the vault and is also used to form the vault database file name and vault ID file name.
- The name cannot be the same as an organization or organizational unit used in the Domino domain.
- You cannot change the name after the vault is created.
Vault ID file location and password
- It is important to make a back up copy of the vault ID file. If the ID file is lost and there is no backup copy, the vault will need to be deleted and re-created.
- Vault administrators require access to this ID file and password to add or remove vault replicas or to delete the ID vault.
Vault primary server
- You can specify only one server when you create a vault, which becomes the vault primary server.
- To replicate the vault to other servers, and optionally to specify a different vault primary server, use the tool.
Vault administrator
You must specify at least one vault administrator. - Optionally, specify the following information either at
the time you create the vault, or at a later time:
Table 2. Required Information You Can Provide After ID Vault Creation Field
Comments
The organizations that trust the vault for ID storage.
- This information is used to create Vault Trust Certificates in the Domino Directory.
- Requires access to the certifier ID files of the specified organizations or organizational units.
- Can be done after vault creation using the tool.
The names authorized to reset the passwords of IDs in the ID vault.
- This information is used to create Password Reset Certificates in the Domino Directory.
- Requires access to the certifier ID files of the organizations or organizational units with Vault Trust Certificates.
- Can be done after vault creation using the or tool.
The user IDs assigned to a vault.
- This is controlled through user policy configuration.
- Can be done after vault creation using the tool or by configuring a policy manually.