An introduction to ID Vault in Lotus Notes/Domino 8.5

ID Vault gives Lotus Notes/Domino 8.5 administrators the following features:

• Password recovery/reset
• Lost ID recovery
• Ability to synchronize multiple ID copies
• Ability to renaming users
• Re-issuing of keys

Although many of these features were available previously, they are now more secure and native to Notes/Domino 8.5. But to get ID Vault up and running, there are a few setup and security requirements:

• At least one Domino server running version 8.5
• A Notes client running 8.5 with the Administrator client
• An ID that has at least Editor access to the Domino Directory (no specific roles are necessary)
• An ID with the ability to create templates/databases on the server where the vault will be located
• Access to any certifiers whose IDs will be added to the vault -- even if you use the CA process
• Appropriately configured Security Policy settings for the vault

Then follow these steps to run ID Vault:

1. Open the 8.5 Administration Client and go to the Configuration tab.
2. You will see a new tool on the far lower right side of the screen labeled ID Vaults.
3. Click on the Create button.
4. Specify an Organization name for the ID Vault(s). This is a new certifier for the purposes of the ID Vault(s).

   Note: The organization name for the ID Vault is different from your Domino organization and should have a completely different name. For example, if your Domino organization is ABCINC, your ID Vault organization might be ABCVAULT.

5. Assign a password to the new Organization Certifier ID. It is good to password protect the server ID where the vault is stored.
6. Specify the Administrators of the ID Vault and any Recovery Authorities.
7. Specify those able to Reset Passwords for each ID Vault.
8. Configure a security policy to apply to users and specify the use of an appropriate ID Vault.
9. A new IBM_ID_VAULT directory and database is created on the ID Vault Server.
10. Back up the ID Vaults. You must do this on a regular basis.

Keep in mind: These steps assume that the security requirements have been implemented and that you are using a Lotus Notes 8.5 client and a Domino 8.5 server.

Managing ID Vaults

There are several new features for managing any ID Vaults that were implemented in a Notes/Domino environment. For the most part, these features are stored under the new option in the Administrator client. In the Administrator client, go to the Configuration tab, and then navigate to the ID Vaults tool on the lower right side. A new option will appear once the ID Vault is created. That option is called Manage and it reveals the following tools:

• Edit Vault Description
• Edit Vault ID Password
• Manage Vault Replica Servers
• Add or Remove Vault Administrators
• Add or Remove Organizations that Trust the Vault
• Add or Remove Password Reset Authorities
• Create or Edit Vault Policy Settings

It's highly recommended that you manage any feature that can here. These tools will update documents in the Domino Directory; however, let the tool do that -- don't try to manage those changes in other ways.

Another useful management tool -- Password Reset Authority -- is located just below the Manage tool in the Configuration tab. This tool lets you update user password rights.

This tip was taken with permission from a Lotusphere 2009 presentation by Gabriella Davis. To view the full presentation, visit Gabriella's Website.

ABOUT THE AUTHOR:

Michael Kinder Michael "Mike" Kinder is a senior application developer and administrator with over 13+ years experience in the Lotus Notes/Domino environment, including work with BlackBerry, Barracuda, Sametime and integration with other systems. He is currently building a Managed Services/Business Development Center in Northern Maine. He is available for consulting opportunities in both development and administration. He can be reached at michael.kinder@vmsus.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Lotus Notes Domino Password Management How to manage passwords to secure Lotus Notes/Domino environments An introduction to Lotus Notes password options and essentials Secure Lotus Notes 8 with the Internet password lockout feature Lotus Notes Domino password management tips Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains Multiple new Sober variants spy on passwords Resetting a Lotus Notes password FAQ: Lotus Notes Domino password issues Hashing out stronger password authentication Options for changing passwords Lotus Notes 8 Clear Recent Contacts view and prevent repopulation in Lotus Notes 8.x Using Domino Administrator to manage client settings Setting up a Domino 8.5 XPages example Four-step application rollout with Notes 8.0.1 Widgets IBM Lotus to end Notes/Domino 7.x support Are you ready for LotusLive hosted email services? JavaScript workaround fixes Lotus Notes 8.x PostOpen event issue LotusScript code rebuilds corrupted busytime.nsf file LotusLive spurs IBM's entry into the hosted services market An introduction to iNotes for Lotus Notes/Domino 8.5 Lotus Domino Server 8 Build your own Domino multi-server test environment Setting up a Domino 8.5 XPages example Four-step application rollout with Notes 8.0.1 Widgets Ensure maximum performance from virtualized Lotus Domino servers Build a complete Lotus Domino 8.5 server for $400 Benefits of virtualizing Lotus Domino servers Configuring Domino Domain Monitoring (DDM) How to move Notes databases off Domino 8 servers and save disk space LotusLive spurs IBM's entry into the hosted services market An introduction to Domino Domain Monitoring (DDM)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary