Authenticating web users against the Notes® ID passwords in the ID vault

You can configure HCL Domino® to use the password in an ID vault to authenticate web users that access the server.

When this feature is enabled, HCL Verse, HCL iNotes®, and other web users with Notes® ID files provide their web names and Notes® ID passwords from an ID vault to authenticate with a Domino® server. With this feature, users need to remember just one password, their Notes® ID password, to authenticate to the server and perform secure mail operations. Without this feature, web users provide their HTTP passwords to authenticate to the server and then are prompted for their Notes® ID passwords to perform secure mail operations if the passwords are different than their HTTP passwords.

Note:
  • This feature is ignored for authentication of the following users:
    • Notes® client users
    • Web-only users without Notes® IDs
    • Users who authenticate via SAML federated identity authentication
  • If directory assistance is configured for cross-domain directory lookups, add the notes.ini setting ENABLE_IDV_CROSSDOMAIN_AUTHENTICATION=1 to your Domino servers. Then, when a user accesses a Domino server and the user is registered in a secondary domain, the server is able to access the vault in the secondary domain to verify the user password, if configured.
To enable the feature:
  1. Create or edit a Configuration Settings document in the Domino® directory. (Configuration > Servers > Configurations).
  2. Click the Security tab.
  3. In the Internet Password Verification section, select one of the following options:
    Table 1. Internet Password Verification options
    Option Description
    Check internet password in directory Always use internet passwords in Domino® directory Person documents to authenticate web users. This option is the pre-release 11 behavior and the default selection.
    Check internet password in vault Always use passwords from Notes® ID files in the vault to authenticate web users who have registered Notes® IDs. These web users must have IDs in the vault to authenticate.
    Check vault first, then directory. Try to use passwords from Notes® IDs in the vault to authenticate internet users who have registered Notes® IDs. If the password fails against the Vault, it is checked against the internet password in Domino® directory Person documents to authenticate the users.

    Use this option if some internet users with registered Notes® IDs do not have IDs in the vault or if you are unsure if they do.