Configuring the ID vault for federated login

The Domino® ID vault administrator sets up the vault to specify the name of the IdP Catalog document for the SAML identity provider (IdP).

About this task

The ID vault administrator must approve the use of an IdP that will provide SAML credentials. The ID vault administrator decides which IdP is trustworthy. Only credentials from a trusted IdP can be used for downloading an id file stored in this ID vault. The administrator supplies host names for identity provider (IdP) partnerships to the ID vault in a vault document. The vault server uses the host names to look up IdP information from the IdP Catalog application (idpcat.nsf).

Tip: The Domino® Web (HTTP) server is not using the Notes® ID vault to retrieve ID files unless the web server is also configured as an iNotes® server supporting Web federated login. Therefore, the vault configuration does not apply to the Domino® Web server, and no changes need to be made to the vault document for the Domino® Web server unless the web server is also configured as an iNotes® server with Web federated login.

You might specify more than one entry in the list of approved IdP configurations if you need more than one IdP federation to handle the volume of user logins. If you add more than one entry into the list of Notes® federated login approved IdP configurations, then at user login time, one of the approved IdP configurations will be chosen at random to be used to authenticate the user.

Procedure

  1. From the Domino® Administrator, open the ID vault application (idvault.nsf), which by default is stored in the IBM_ID_VAULT directory.
  2. From the Configuration view, open the vault document for the vault that will be configured for SAML authentication.
  3. Complete the following fields, according to the type of federated login you are using. If you are using both types, complete both fields. In both cases, you specify the ID vault server host name as specified in the ID vault IdP configuration document.
    FieldValue to enter
    Notes federated login approved IdP configurations Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for example vault.domino1.us.renovations.com
    Web federated login approved IdP configurations Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for example vault.domino1.us.renovations.com
  4. Save and close the vault document.