SECURING

Configuring the ID vault for Notes federated login
The Domino® ID vault administrator sets up the vault to specify the name of the IdP Catalog document for the SAML identity provider (IdP).

About this task

The ID vault administrator must approve the use of an IdP that will provide SAML credentials. The ID vault administrator decides which IdP is trustworthy. Only credentials from a trusted IdP can be used for downloading an id file stored in this ID vault. The administrator supplies host names for identity provider (IdP) partnerships to the ID vault in a vault document. The vault server uses the host names to look up IdP information from the IdP Catalog application (idpcat.nsf).

Tip: The Domino Web (HTTP) server is not using the Notes® ID vault to retrieve ID files unless the web server is also configured as an iNotes® server supporting Web federated login. Therefore, the vault configuration does not apply to the Domino Web server, and no changes need to be made to the vault document for the Domino Web server unless the web server is also configured as an iNotes server with Web federated login.

The ID Vault document includes two fields for SAML configuration. For Notes federated login, you need only supply a value for the first field, Notes federated login approved IdP configurations.

You might specify more than one entry in the list of approved IdP configurations if you need more than one IdP federation to handle the volume of user logins. If you add more than one entry into the list of Notes federated login approved IdP configurations, then at user login time, one of the approved IdP configurations will be chosen at random to be used to authenticate the user.

Procedure

1. From the Domino Administrator, open the ID vault application (idvault.nsf), which by default is stored in the IBM_ID_VAULT directory.

2. From the Configuration view, open the vault document for the vault that will be configured for SAML authentication.

3. In the Notes federated login approved IdP configurations field, specify a host name. Enter a value from the Host names or addresses mapped to this site field of the IdP Configuration document that corresponds to a trusted IdP which is approved to log in the Notes users in this vault.


4. Save and close the vault document.

Parent topic: Supporting federated login on the Notes client
Previous topic: Enabling the Domino ID vault server to support Notes federated login
Next topic: Using a security settings policy to apply a Notes federated login configuration to client users

Related tasks
Creating and configuring an ID vault
Using a security settings policy to apply a Notes federated login configuration to client users