Setup ID Vault in Lotus Domino 8.5.3

idvault1

Lotus Domino ID Vault is a users ID Files repository configured in the system that makes ID users and passwords administration easier.

Configuration changes are saved directly in the repository keeping the IDs copies always up-to-date.

Enabling the ID Vault configuration is a quite simple task but it requires a good analysis with the support of a testing period prior production.

 

Procedure

Open Domino Administrator, select menu Configuration Tab > Tools > ID Vaults and click Create.

idvault3

The Wizard starts by showing a short description of the ID vault functionality. Click Next to continue.

idvault4

Type the name of the ID Vault you are creating in the field Notes ID vault name then click Next.

idvault5

Type password and path of the Vault ID file. As done during Lotus Domino installation for the Certifier, Server and Administrator IDs, copy the Vault ID file and keep it in a safe place to avoid problems if the ID file is deleted from the server. Click Next to continue.

idvault6

Specify the server where the ID Vault has to be created then click Next.

idvault7

Select the ID vault administrators through the button Add or Remove. Click Next to continue.

idvault8

Click Add or Remove button, select Organizations will be part of the Vault and click Add.

idvault9

Select Organizations that trust the Vault and where Notes ID vault users will be stored.

idvault10

Specify the Password Reset Authority by organization selecting the requested accounts by organization then click the Add button. It is also possible to assign the right to reset the agent password selecting the user previously added and enabling the Password reset agent authority option. Click Next to continue.

idvault11

Select Create a new policy assigned to an organization option to create automatically the policy that will enable the Vault in the Trusted Organizations. Click Next.

idvault12

Select the Organizations to assign the policy.

idvault13

Click the Add or Remove button and select the Organizations to which the policy will be assigned.

idvault14

Type the text to help the user when the password is forgotten.

idvault15

The next window shows the configuration to be applied on creation. Click Create Vault to go ahead with the installation.

idvault16

The creation progress window is shown during the process.

idvault17

During the installation you need to enter the Certifier credentials for the Organization selected to create the trust certificate. Click Browse to set the cert.id file location.

idvault18

Select the cert.id file and click Open.

idvault19

Type the Certifier password and click OK.

idvault20

Installation continues creating the remaining components.

idvault21

When the installation is complete, a notification window appears showing the run tasks and warnings. It is strongly suggested to copy this information and keep it as documentation. Click Done to quit.

idvault22

You can access the Vault database using the Domino Administrator tool and selecting Files Tab > IBM_ID_VAULT > Vault_name menu. In the database you can check which users have been already stored in the Vault.

idvault23

The Vault administration is performed using the Domino Administrator tool through Configuration Tab > Tools > ID Vaults > Manage menu.

 

Register users in the Vault

During the creation of a new account in the ID Info panel, the default user ID location is set as In Notes ID Vault -/vault_name.

idvault24

For existing accounts, when the user login to Lotus Notes, the previously configured policy will take care of copying the user ID into the Vault.

idvault25

 

Vault configuration for iNotes

In order to synchronize the Lotus Notes and iNotes (WebMail) password, in the ID Vault policy you have to enable Notes-based programs to use the ID Vault.

Allow Notes-based programs to use the Notes ID Vault: YES

idvault26

Access iNotes with the browser and select Preferences > Security then click the Sync with Vault button.

idvault27

 

Reset client password

To reset the user's password you need to select the requested user and in the Tools > ID Vaults menu then click the Reset Password option. Set the new password then click Reset Password button.

idvault28

The password reset is confirmed with a notification window.

idvault29

The system is now fully working and the management of users IDs is enabled. Once configuration has been tested, the Vault can be enabled in production environment without any service interruption.

id vault 1