Enable Web federated login to allow iNotes users to perform secure operations such as
signing and decrypting messages without being prompted for a Notes ID password.
Before you begin
Complete the following prerequisites:
About this task
Before enabling Web federated login for all iNotes users, enable it for the test user you
created for testing SAML authentication and test that Web federated authentication works for that
user.
Procedure
-
In the Domino directory, open the existing Security Settings policy for users of your
organization’s ID vault.
- On the ID Vault tab, make sure there
is an assigned vault.
- Select the tab.
- Select Yes for Enable Web federated login with
SAML IdP.
- Select Set value whenever modified for How
to apply this setting.
- For iNotes deployments that have been upgraded to the current release,
when the policy is initially being deployed, select Additional
settings for Federated Login (Notes or Web) > Allow
password authentication with the ID vault >Yes.
Note: After a user has been verified to be working with
federated login, a recommended security improvement is to change Allow
password authentication with the ID vault to No.
When password authentication with the ID vault is not allowed, users
are required to authenticate to the vault with federated login in
order to download the user's ID for either Notes or Web use. Change Allow
password authentication wih the ID vault to No only
if it is the case that neither iNotes nor Notes should allow password
authentication to the ID vault.
- Save and close the security policy.
Results
For any iNotes® user
to whom the policy applies, the settings for Notes federated login will
be activated on the user's next login.