Using administrative accounts to manage client plug-ins

Using administrative accounts (sometimes called "managed" accounts) in a Domino® policy lets you provide Notes® users with pre-defined settings for Eclipse-based client features and plug-ins such as IBM® Connections or IBM® Sametime®. Administrative accounts simplify the use of sidebar applications such as Connections and Sametime®, and can meet authentication needs for embedded browser-based components such as Feeds, Widgets and Live Text. You can assign values such as a Connections server name and address, simplifying the user's experience and reducing help desk calls.

About this task

You create and manage administrative account documents in the Domino® Directory (names.nsf). Then you can use a Domino® policy to assign accounts to client users' Contacts application. Administrative account settings are preset for, and by default are not editable by, client users, but if necessary, you can enable some settings as editable. For some applications, Sametime® and custom or third-party features and plug-ins, you can attach a custom desktop icon.

Tip: You can also assign administrative accounts settings using a deploy.nsf or customizing a plugin_customization.ini file during install or upgrade. For example, an alternate method is required for a Connections server using Domino® single sign-on. For details on these alternatives, see the related information topics.

Creating administrative accounts using the Domino® Directory

About this task

Use the Accounts view in the Domino® server's Domino® Directory to create, edit, delete, or view an administrative account.

Procedure

  1. From the Domino® Administrator client, open the Domino® Directory on the server.
  2. Select People > Policies > Accounts.
  3. Click Add Account.
    On the Basics tab, complete the following fields:
    • Account name – Specify a unique name.

      This account name is visible to Notes® users (File > Preferences > Accounts) but is not editable. A column in the user's Accounts preferences page displays a lock icon for administrative accounts.

    • Account type – Select or create an account type value.

      Options include Sametime®, Connections, and Other. You can also specify a new key word such as MyCustomAppAcct1. If you select Connections or Sametime®, additional options appear.

    • Account server name – Specify the server name, for example a Domino® server name or a Web server address such as http://your_server_address\/activities.
    • Account protocol – Specify HTTP or Other.

      Other can be any protocol that the plug-in uses; for example, VP protocol.

      Predefined authentication types for HTTP protocol include the following; you can also add custom authentication types:
      • Basic authentication
      • Form based authentication
      • PORTAL
      • Tivoli® Access Manager (TAM)
      • SiteMinder
      • TAM with SPNEGO Authentication (Simple and Protected GSSAPI Negotiation Mechanism)
      • Domino® LTPA (lightweight 3rd party authentication)
      Example protocol keyword entries include the following:
      • SM-FORM
      • USERNAME_TOKEN
      • PORTAL-FORM
      • OS-CRED
      • TAM-SPNEGO
      • TAM-FORM
      • J2EE-FORM
      • HTTP
    • Is primary account – Specify whether the account is the user's primary account.

      If the account is a Sametime® or Connections account type, there are multiple Account Type-specific settings available on the form .

      Note: For a Connections account, always select this option. You can configure only one primary Connections account for a single client user.
    • You can use the Edit list option to add Name Value pairs.
    • You can use the Advanced tab to specify certain settings as editable by the user.
  4. Click Save & Close.

Assigning administrative accounts using a Domino® policy

About this task

You can assign administrative accounts created or edited in the Domino® Directory to clients using the Administrative Account Defaults section on the Accounts tab of the Domino® desktop policy settings document. Options are as follows:
  • Overwrite preexisting account document, if found in Contacts application
    Use this option to overwrite the same name account in the user's Contacts application (local names.nsf). Or, disable to keep the existing account but rename the managed account to a unique name -- and continue to assign the administrative account settings to the user.
    Restriction: This option should not be used with the client's Switch ID feature. When multiple users of the same client are assigned to the same policy, one user could overwrite another user's account settings.
  • Update links
    Use this option to assign all or selected administrative account settings to target users.
    Note: No changes are assigned if the only update to the desktop setting document is to select this option. The administrator must update one of the listed accounts or click the Update Links button in order for the updated desktop setting to take effect.
  • Trusted Sites

    You can add any trusted sites you want to use for administrative accounts.

    For Tivoli® Access Manager (TAM) or SiteMinder accounts, a trusted site specification is required. By default, the login form on the authentication server for an TAM or SiteMinder administrative account must be accessed using SSL and the server must be contained in a list of trusted sites. Click New to add or Edit to modify a specified trusted site for any such account specified.