Home
Administering HCL Traveler
Information on planning, installing, configuring, and administering HCL Traveler.
Configuring HCL Traveler server
The HCL Traveler configuration settings are part of the Domino® server document. The first time that the HCL Traveler server is started, it performs any necessary configurations. You might want to perform additional configurations beyond the basics. The following topics describe additional configuration options.
Mobile client support for OIDC authentication
HCL Verse for Android, starting with the 14.5.6 (December 2025) version, supports the Traveler server endpoint configured for OIDC authentication. OIDC provides advanced capabilities for securely managing user credentials on a mobile device which can dramatically reduce the need for prompting users for their credentials for months at a time without losing the ability to revoke sessions from stolen or compromised devices. Along with traditional support for entering usernames and passwords, the addition of Domino OIDC support also includes the ability to use passkey based authentication for managing a user's credentials on their mobile devices.

Administering HCL Traveler
Information on planning, installing, configuring, and administering HCL Traveler.
- Planning for installation and configuration
  There are many installation and configuration considerations you should review before installing the HCL Traveler server.
- Installing the HCL Traveler server
  The following topics describe options for installing and uninstalling the server:
- Configuring HCL Traveler server
  The HCL Traveler configuration settings are part of the Domino® server document. The first time that the HCL Traveler server is started, it performs any necessary configurations. You might want to perform additional configurations beyond the basics. The following topics describe additional configuration options.
  - Configuring HCL Traveler on Docker
    This topic describes Traveler specific configuration items for Docker.
  - HCL Traveler server settings
    You can configure a variety of HCL Traveler server settings, including server document settings and notes.ini settings.
  - HTTP
    All communication between HCL Traveler-supported clients and the Traveler server use the HTTP protocol. On the Domino server where HCL Traveler is deployed, this http-based communication is handled by the Domino Web server.
  - Setting the external server URL
    There are times when a device needs to connect to a link sent by the server. For example, downloading client files, web page URLs, and Apple encrypted mail retrieval. To make sure that the server sends an appropriate link that the device can use, you must first set the External Server URL field on the HCL Traveler tab in the Server document.
  - Configuring the server for Certificate Based Authentication with Android devices
    There are several reasons why companies may wish their users to authenticate using a client certificate. Admins can easily issue and revoke certificates using MDM solutions. There is no need for users to remember or provide credentials. And there is additional security with two factor authentication using the certificate.
  - Mobile client support for SAML authentication
    HCL Verse mobile clients now support federated-identity authentication using Security Assertion Markup Language (SAML). This allows mobile users to authenticate to a customer’s identity provider prior to accessing the HCL Traveler services.
  - Mobile client support for TOTP authentication
    HCL Domino 12.0.0 introduces support for requiring a Time-based One-Time Password (TOTP), which is in addition to their user names and passwords for http authentication. For more information, see Time-based One-Time Password (TOTP) authentication. The HCL Verse Mobile clients, starting with the 12.0.0 versions, support the Traveler server endpoint configured for TOTP authentication.
  - Mobile client support for OIDC authentication
    HCL Verse for Android, starting with the 14.5.6 (December 2025) version, supports the Traveler server endpoint configured for OIDC authentication. OIDC provides advanced capabilities for securely managing user credentials on a mobile device which can dramatically reduce the need for prompting users for their credentials for months at a time without losing the ability to revoke sessions from stolen or compromised devices. Along with traditional support for entering usernames and passwords, the addition of Domino OIDC support also includes the ability to use passkey based authentication for managing a user's credentials on their mobile devices.
    - Configuring the HCL Traveler server for OIDC authentication
    - HCL Verse client setup for OIDC authentication
      This topic describes the setup process for HCL Verse clients with OIDC authentication.
  - Configuring the HCL Traveler High Availability Pool
    Configuring HCL Traveler to use a High Availability Pool requires special configuration steps.
  - Configuring the HCL Traveler server for Microsoft Outlook
    For information on how to configure the Traveler server for Microsoft Outlook, see the steps in Configuring Traveler for use with Outlook in the HTMO documentation.
  - Setting auto sync options
    You can use auto sync options to maximize the battery life of mobile devices.
  - Tuning performance of the server
    This topic describes memory, thread, logging and other considerations for the performance of the HCL Traveler server.
  - Configuring ports for a partition
    HCL Traveler supports running on multiple Domino® partition servers on the same physical machine. The server must be configured to avoid port conflicts among the partition instances.
  - Converting Notes® document links to web links
    When a Rich Text document (for example, an email composed in the Notes client) is synced by HCL Traveler to a mobile device, its body is converted from Rich Text to HTML. If the document contains a link to an Application, View, or Document, the HTML reference created by the conversion process is a relative URL which is missing the protocol, hostname, and port number needed by the mobile device to access the linked object.
  - Customizing the device configuration process for Apple
    There is no additional client code that must be installed on an Apple device for it to connect to an HCL Traveler server. However, you must configure the Microsoft™ Exchange account on the device so that it can use Exchange ActiveSync to connect to the HCL Traveler server. Apple devices can be configured either manually or by using profiles. This topic also describes how to customize profiles (also known as .mobileconfig files) to work in your environment.
  - Customizing the generated email for encrypted or private mail
    To enforce security settings, some emails only sync to HCL clients. This includes Notes-encrypted mails and mails marked as private (prevent copy). For any third party client (for example, the iOS Mail app), Traveler syncs a placeholder email indicating that the mail can be viewed with another client.
  - Name lookup
    For HCL Traveler to function properly, it must be able to lookup user information. Depending on the type of lookup, a variety factors can change, including where the lookup is performed, what parameters are used on the lookup, and how long the results are cached.
  - Configuring corporate look up for devices
    The corporate look up feature of HCL Traveler allows mobile users to search for and find information about other users in the Domino® directory. It also allows them to find information using remote directories if directory assistance is configured. This is useful when a user must contact another person in the organization who is not in the user's local contact store.
  - Configuring and using out of office replies
    The out of office service can be managed from your Apple, Android, BlackBerry 10, or Windows™ Phone device.
  - HCL Traveler Companion security settings
    There are security settings available that control how Companion connects to the HCL Traveler server and how attachments in encrypted mails can be used on the mobile device.
- Administering HCL Traveler
  The HCL Traveler server component functions as a Domino® server add-in task and responds to Domino server console commands. Topics in this section describe common administrative tasks for administering a HCL Traveler server.

Mobile client support for OIDC authentication

HCL Verse for Android, starting with the 14.5.6 (December 2025) version, supports the Traveler server endpoint configured for OIDC authentication. OIDC provides advanced capabilities for securely managing user credentials on a mobile device which can dramatically reduce the need for prompting users for their credentials for months at a time without losing the ability to revoke sessions from stolen or compromised devices. Along with traditional support for entering usernames and passwords, the addition of Domino OIDC support also includes the ability to use passkey based authentication for managing a user's credentials on their mobile devices.

Support requirements

HCL Verse for Android 14.5.6 (December 2025) and later clients.
Traveler server endpoint configured for OIDC authentication (requires HCL Domino 14.5.1 EA1 and higher).
TLS must be enabled on the Traveler server endpoint.
TLS certificates can be configured easily using the Domino CertMgr server task. See Managing TLS certificates with Certificate Manager

Limitations

For the 14.5.1 EA1 preview OIDC support in HCL Verse for Android is limited to a single OIDC account. Other authentication type accounts such as basic auth, CBA, SAML and TOTP can also be created on the same device but only a single OIDC account is supported at this time.
OIDC authentication support is limited to the HCL Domino support. Authentication proxies that may provide multi-factor authentication are not supported.
HCL Verse for iOS, HCL Companion, and To Do applications for iOS do not support OIDC Authentication at this time.
OIDC authentication is not supported by clients that use the Microsoft Exchange ActiveSync protocol, including the Apple iOS Mail client.
The HCL Traveler for Outlook client does not support OIDC Authentication.
OIDC authentication is not available when working with encrypted mail. The end user is prompted for their Notes ID password.
For HCL Verse Android, application passwords are not supported when configured for OIDC authentication. A Traveler server setting or policy setting requiring application passwords will be ignored.
Android 10 or above are required for passkey support with OIDC.