SECURING
Before you begin
A Notes user's SAML assertion contains an e-mail address for the user. Domino must be able to map each user's e-mail address to the user's Notes distinguished name. This required mapping is why all users affected by the policy must have an Internet e-mail address specified in their Person documents in the Domino Directory, so that the IdP can use that e-mail address in its SAML assertion.
Procedure
1. Create the ID vault by running the ID vault creation wizard; for instructions, see the related topics.
2. As part of deploying the ID vault, create the security policy. On your client users’ home server, the policy exists in the Domino Directory (names.nsf). The policy should also exist in the Domino Directory on the Notes ID vault server.
3. Apply the security policy to user organizations (or to specific users) who will have their id files stored in this ID vault.
4. In the policy, disable synchronizing the Notes client password with the Internet password.
5. As a test user, start the Notes client. Assuming the Notes client has connectivity to the user's home server, the user's id file will be uploaded to the vault automatically when Notes starts.
6. Examine the User Security dialog box, where an individual user can see that his id file is uploaded to the vault by looking for the following information:
Parent topic: Supporting federated login on the Notes client Next topic: Setting up the SAML identity provider and federation
Related tasks Creating and configuring an ID vault Creating a security policy settings document