I can successfully reset a users password using the ID Vault but the client will not pull down the updated ID from the server until I disable to Lotus Signle Sign on service (Notes shared Login). Does anyone know if it is even possible to use the ID Vault while having the SSO enabled on the client. If so how can I get the ID to pull down from the Vault?
Subject: Notes Shared Login and the ID vault
Yes, you can use Notes Shared Login with the ID vault. Notes Shared Login and the Notes ID vault are designed to work together!
After a password reset, your local (NSL-enabled) ID file will continue to resynchronize with the ID vault when appropriate. What is the problem you are running into? Is there an error message?
If you are using Notes Shared Login, your ID file is not protected by a Notes password. Your Windows credentials are used to lock and unlock the Notes ID file.
Also, see this page in the Lotus Notes and Domino wiki: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/id-vault-and-notes-shared-login-faq
Subject: No error message
Hi There,
Thanks for getting back to me. I dont receive any error message, it simply just wont accept the new password, its as if with the SSO service enabled it will not look at the ID Vault for an update and only look at the ID file locally.
I head a read of FAQ’s but I didn’t really cover what Im experiencing. I had the SSO enabled before the ID Vault was setup.
Thanks
Subject: Notes Shared Login and some questions
When you say SSO, are you talking about the Notes Shared Login feature introduced in 8.5?
When you type in the password, is it a Windows prompt or a Notes prompt asking for your password?
If you are using Notes Shared Login, your ID file is not protected by a Notes password. Your Windows credentials are used to lock and unlock the Notes ID file. After a password reset, your local (NSL-enabled) ID file will continue to resynchronize with the ID vault when appropriate.
Can you explain the situation more? Why are you resetting the password for a user who has Notes Shared Login enabled? Is it because he has lost his ID file?
If you are not getting an error message, what makes you think something is wrong? Are you getting a wrong password message or something else?
Subject: Password manaully synced with AD
From what I undestand of it am I using notes Single Sign on. This was enabled in the client install of Notes 8.5.1 and is controlled by the Windows Service “Lotus Notes Single Logon”.
Every month when as user changes their AD password they are prompted at first logon of Notes advising their password does not match that of the Windows account, and they have to manually sync it every month.
If you reset the users account in AD it does not reset the notes ID file, this is why we are trying to use the vault.
If you reset the users AD account Notes will still prompt them for a password as their passwords no longer match, at this point Notes is still looking at their old ID file locally and advises that you are entering the incorrect password. As soon as I stop the windows service “Lotus Notes Single Logon” and launch Notes again it prompts for a password but accepts the new password set from the vault.
Hope this clears it up.
Subject: Client Single Logon vs. Notes Shared Login
Client Single Logon is the feature which uses the Windows Service "Lotus Notes Single Logon."With Client Single Logon, if an administrator changes the user’s password directly in AD, the password for the user’s Notes ID file will not be synchronized. Is this what is occurring in your situation?
If a user changes his password on his workstation, his Notes ID file password should automatically be synchronized if everything is set up correctly.
Lotus Notes 8.5 supports both Notes client single logon and Notes shared login, which is new in 8.5.
You may want to review Notes Shared Login and see if it may work better for you. Notes Shared Login (and not Client single logon) is also recommended if you choose to use the ID vault.
Subject: Client Single Logon is Enabled
Hi Nancy,
Client Signle Logon is enabled and is currently what we are using. I have had a look into Shared Login and do agree it would of been more beneficial to go with instead of the Client Single Logon. As you would know to enable the Shared Login feature I would have to disable to Client Signle Logon on every desktop install, which at the moment is not an option.
So thats why I wanted to know if it is possible to use the ID Vault while Client Single Logon is enabled on the desktop client.
Thanks
Subject: Using Client Single Logon
Using Client Single Logon with the ID vault is not a supported configuration. We are not currently aware of any issues that would occur if you use them both. However, there may be edge cases where problems may occur.
Notes shared login was designed to work with the ID vault and is recommended to use with the vault. However, be sure to review its limitations to see if will work for your organization.
In case it may be helpful, there is a wiki article “Upgrading from Notes client single logon to Notes shared login.”