Where to find single sign-on options in 8.5 Beta 2?

hcl-bot · September 29, 2008, 12:51pm

Looking for options for single sign-on for the client - just not sure where to find them.

hcl-bot · September 29, 2008, 2:12pm

Subject: Two options

The existing “Notes Single Login” feature from prior releases is still supported (runs as Windows service and synchronizes passwords between Notes and Window). It’s an optional install component which is not installed by default. To enable, check the box for “Log into Notes using your operating system login” in the User Security dialog (File\Security\User Security\Basics tab)

The new feature “Notes Shared Login” is administratively controlled via policies. I’ve included the overview topic below. Details on how to configure is in the Admin Help.

Using Notes shared login to suppress password prompts

Notes® shared login allows users to start IBM® Lotus® Notes® without having to provide Notes passwords. Instead, they only need to log in to Microsoft® Windows® using their Windows passwords.

When shared login is enabled, Notes IDs no longer have Notes passwords. Instead, a complex “secret” is used to protect the ID. This secret is encrypted using a Microsoft® Windows® security mechanism and saved locally on users’ computers.

Enabling shared login alters the ID so that shared login works only on the computer on which the feature is activated. This is a requirement because the feature relies on a Windows security infrastructure specific to that computer.

Shared login provides the following benefits:

Users need to remember only their Windows passwords.

Notes shared login works without interruption when Windows passwords are changed either by users or by administrators on a Windows domain controller.

Administrators use policies to control who uses the feature and whether its use is required or optional.

Administrators are not required to manage Notes passwords or assist users who have forgotten their passwords because there are no longer Notes passwords.

Shared login is not supported for Notes IDs that are:

used on computers that do not run Windows

protected by Smartcards

protected by multiple passwords

used with Notes on a USB drive

used by users who have Windows mandatory profiles

used in a Citrix environment

Note Shared login users with Windows roaming profiles should log in to an Active Directory domain controller from one computer at a time. When users are logged in from more than one computer, there is a possibility that Notes may not be able to decrypt the ID file.

When Notes shared login is enabled:

Security Settings for policies that relate to Notes passwords are not supported and are ignored. The User Security dialog box does not display fields relating to Notes passwords.

The “Check password on Notes ID file” security setting is not supported. Domino servers ignore this setting for IDs enabled for shared login. If you use pre-8.5 Domino servers, the setting should be disabled for users with these IDs.

If Notes users were synchronizing Internet passwords with Notes passwords in an earlier release, they must now begin managing their Internet passwords.

Shared login-enabled IDs that are stored in a Notes ID vault can be used from more than one Microsoft Windows computer without requiring users to make copies of the ID file. To use an ID on more than one computer when a Notes ID vault is not used, a user clicks “Copy ID” in the User Security dialog box to make a new, Notes-password-protected copy of the ID file. When the user runs Notes using the copied ID on another computer, the user’s effective policy determines if the ID will be enabled for Notes shared login.

If Notes IDs are stored on a network share, the IDs can be used only from the computers on which shared login is activated.

To open an shared login-enabled ID through the Domino Administrator, you must always use the computer and the Windows login name that were used when the ID was shared login-enabled.

Roaming users who roam their IDs cannot use Notes shared login.