Enabling Web federated login
Enable Web federated login to allow iNotes users to perform secure operations such as signing and decrypting messages without being prompted for a Notes ID password.
Before you begin
- See the table of client configurations that are incompatible with federated login in the topic Using Security Assertion Markup Language (SAML) to configure federated-identity authentication.
- Complete all the steps in the section Configuring basic SAML authentication for Web servers.
- Complete all the steps in the section Configuring ID vault servers for Notes or Web federated SAML login.
About this task
Procedure
- In the Domino directory, open the existing Security Settings policy for users of your organization’s ID vault.
- On the ID Vault tab, make sure there is an assigned vault.
- Select the tab.
- Select Yes for Enable Web federated login with SAML IdP.
- For iNotes deployments that have been upgraded to the current release,
when the policy is initially being deployed, select Additional
settings for Federated Login (Notes or Web) > Allow
password authentication with the ID vault >Yes.
Note: After a user has been verified to be working with federated login, a recommended security improvement is to change Allow password authentication with the ID vault to No. When password authentication with the ID vault is not allowed, users are required to authenticate to the vault with federated login in order to download the user's ID for either Notes or Web use. Change Allow password authentication wih the ID vault to No only if it is the case that neither iNotes nor Notes should allow password authentication to the ID vault.
- Save and close the security policy.