Get started Bring yourself up to speed with our introductory content.

An introduction to ID Vault in Lotus Notes/Domino 8.5

ID Vault is a feature in Lotus Notes/Domino 8.5 that lets administrators recover and reset passwords, recover lost IDs, rename users and more. Get an overview of ID Vault benefits, requirements and installment steps in this tutorial.

ID Vault is a feature that's available in Lotus Notes/Domino 8.5 that allows you to natively and securely recover and reset passwords, recover lost IDs, rename users and more. In this tutorial from contributor Mike Kinder, you'll learn about the benefits of using ID Vault in your Notes/Domino 8.5 environment, what you'll need to set it up, the steps to do so and more.

ID Vault gives Lotus Notes/Domino 8.5 administrators the following features:

  • Password recovery/reset
  • Lost ID recovery
  • Ability to synchronize multiple ID copies
  • Ability to renaming users
  • Re-issuing of keys

Although many of these features were available previously, they are now more secure and native to Notes/Domino 8.5. But to get ID Vault up and running, there are a few setup and security requirements:

  • At least one Domino server running version 8.5
  • A Notes client running 8.5 with the Administrator client
  • An ID that has at least Editor access to the Domino Directory (no specific roles are necessary)
  • An ID with the ability to create templates/databases on the server where the vault will be located
  • Access to any certifiers whose IDs will be added to the vault -- even if you use the CA process
  • Appropriately configured Security Policy settings for the vault

Then follow these steps to run ID Vault:

  1. Open the 8.5 Administration Client and go to the Configuration tab.
  2. You will see a new tool on the far lower right side of the screen labeled ID Vaults.
  3. Click on the Create button.
  4. Specify an Organization name for the ID Vault(s). This is a new certifier for the purposes of the ID Vault(s).

    Note: The organization name for the ID Vault is different from your Domino organization and should have a completely different name. For example, if your Domino organization is ABCINC, your ID Vault organization might be ABCVAULT.

  5. Assign a password to the new Organization Certifier ID. It is good to password protect the server ID where the vault is stored.
  6. Specify the Administrators of the ID Vault and any Recovery Authorities.
  7. Specify those able to Reset Passwords for each ID Vault.
  8. Configure a security policy to apply to users and specify the use of an appropriate ID Vault.
  9. A new IBM_ID_VAULT directory and database is created on the ID Vault Server.
  10. Back up the ID Vaults. You must do this on a regular basis.

Keep in mind: These steps assume that the security requirements have been implemented and that you are using a Lotus Notes 8.5 client and a Domino 8.5 server.

Managing ID Vaults

There are several new features for managing any ID Vaults that were implemented in a Notes/Domino environment. For the most part, these features are stored under the new option in the Administrator client. In the Administrator client, go to the Configuration tab, and then navigate to the ID Vaults tool on the lower right side. A new option will appear once the ID Vault is created. That option is called Manage and it reveals the following tools:

  • Edit Vault Description
  • Edit Vault ID Password
  • Manage Vault Replica Servers
  • Add or Remove Vault Administrators
  • Add or Remove Organizations that Trust the Vault
  • Add or Remove Password Reset Authorities
  • Create or Edit Vault Policy Settings

It's highly recommended that you manage any feature that can here. These tools will update documents in the Domino Directory; however, let the tool do that -- don't try to manage those changes in other ways.

Another useful management tool -- Password Reset Authority -- is located just below the Manage tool in the Configuration tab. This tool lets you update user password rights.

This tip was taken with permission from a Lotusphere 2009 presentation by Gabriella Davis. To view the full presentation, visit Gabriella's Website.

Michael Kinder
Michael "Mike" Kinder is a senior application developer and administrator with over 13+ years experience in the Lotus Notes/Domino environment, including work with BlackBerry, Barracuda, Sametime and integration with other systems. He is currently building a Managed Services/Business Development Center in Northern Maine. He is available for consulting opportunities in both development and administration. He can be reached at [email protected].

Dig Deeper on Lotus Notes Domino Password Management

  • Favorite iSeries cheat sheets

    Here you'll find a collection of valuable cheat sheets gathered from across the iSeries/ community. These cheat ...