ID Vault gives Lotus Notes/Domino 8.5 administrators the following features:
- Password recovery/reset
- Lost ID recovery
- Ability to synchronize multiple ID copies
- Ability to renaming users
- Re-issuing of keys
Although many of these features were available previously, they are now more secure and native to Notes/Domino 8.5. But to get ID Vault up and running, there are a few setup and security requirements:
- At least one Domino server running version 8.5
- A Notes client running 8.5 with the Administrator client
- An ID that has at least Editor access to the Domino Directory (no specific roles are necessary)
- An ID with the ability to create templates/databases on the server where the vault will be located
- Access to any certifiers whose IDs will be added to the vault -- even if you use the CA process
- Appropriately configured Security Policy settings for the vault
Then follow these steps to run ID Vault:
- Open the 8.5 Administration Client and go to the Configuration tab.
- You will see a new tool on the far lower right side of the screen labeled ID Vaults.
- Click on the Create button.
- Specify an Organization name for the ID Vault(s). This is a new certifier for the purposes of the ID Vault(s).
Note: The organization name for the ID Vault is different from your Domino organization and should have a completely different name. For example, if your Domino organization is ABCINC, your ID Vault organization might be ABCVAULT.
- Assign a password to the new Organization Certifier ID. It is good to password protect the server ID where the vault is stored.
- Specify the Administrators of the ID Vault and any Recovery Authorities.
- Specify those able to Reset Passwords for each ID Vault.
- Configure a security policy to apply to users and specify the use of an appropriate ID Vault.
- A new IBM_ID_VAULT directory and database is created on the ID Vault Server.
- Back up the ID Vaults. You must do this on a regular basis.
Keep in mind: These steps assume that the security requirements have been implemented and that you are using a Lotus Notes 8.5 client and a Domino 8.5 server.
Managing ID Vaults
There are several new features for managing any ID Vaults that were implemented in a Notes/Domino environment. For the most part, these features are stored under the new option in the Administrator client. In the Administrator client, go to the Configuration tab, and then navigate to the ID Vaults tool on the lower right side. A new option will appear once the ID Vault is created. That option is called Manage and it reveals the following tools:
- Edit Vault Description
- Edit Vault ID Password
- Manage Vault Replica Servers
- Add or Remove Vault Administrators
- Add or Remove Organizations that Trust the Vault
- Add or Remove Password Reset Authorities
- Create or Edit Vault Policy Settings
It's highly recommended that you manage any feature that can here. These tools will update documents in the Domino Directory; however, let the tool do that -- don't try to manage those changes in other ways.
Another useful management tool -- Password Reset Authority -- is located just below the Manage tool in the Configuration tab. This tool lets you update user password rights.
This tip was taken with permission from a Lotusphere 2009 presentation by Gabriella Davis. To view the full presentation, visit Gabriella's Website.
|ABOUT THE AUTHOR:|
| Michael Kinder
Michael "Mike" Kinder is a senior application developer and administrator with over 13+ years experience in the Lotus Notes/Domino environment, including work with BlackBerry, Barracuda, Sametime and integration with other systems. He is currently building a Managed Services/Business Development Center in Northern Maine. He is available for consulting opportunities in both development and administration. He can be reached at firstname.lastname@example.org.