Lotus Domino Administrator 8.5 Help - Using Notes shared login to suppress password prompts

SECURITY

Using Notes shared login to suppress password prompts
Notes® shared login allows users to start IBM® Lotus® Notes® without having to provide Notes passwords. Instead, they only need to log in to Microsoft® Windows® using their Windows passwords.

When shared login is enabled, Notes IDs no longer have Notes passwords. Instead, a complex "secret" is used to protect the ID. This secret is encrypted using a Microsoft® Windows® security mechanism and saved locally on users' computers.

Enabling shared login alters the ID so that shared login works only on the computer on which the feature is activated. This is a requirement because the feature relies on a Windows security infrastructure specific to that computer.

Shared login provides the following benefits:

Users need to remember only their Windows passwords.
Notes shared login works without interruption when Windows passwords are changed either by users or by administrators on a Windows domain controller.
Administrators use policies to control who uses the feature and whether its use is required or optional.
Administrators are not required to manage Notes passwords or assist users who have forgotten their passwords because there are no longer Notes passwords.

Shared login is not supported for Notes IDs that are:

used on computers that do not run Windows
protected by Smartcards
protected by multiple passwords
used with Notes on a USB drive
used by users who have Windows mandatory profiles
used in a Citrix environment

Note Shared login users with Windows roaming profiles should log in to an Active Directory domain controller from one computer at a time. When users are logged in from more than one computer, there is a possibility that Notes may not be able to decrypt the ID file.

When Notes shared login is enabled:

Security Settings for policies that relate to Notes passwords are not supported and are ignored. The User Security dialog box does not display fields relating to Notes passwords.
The "Check password on Notes ID file" security setting is not supported. Domino servers ignore this setting for IDs enabled for shared login. If you use pre-8.5 Domino servers, the setting should be disabled for users with these IDs.
If Notes users were synchronizing Internet passwords with Notes passwords in an earlier release, they must now begin managing their Internet passwords.
Shared login-enabled IDs that are stored in a Notes ID vault can be used from more than one Microsoft Windows computer without requiring users to make copies of the ID file. To use an ID on more than one computer when a Notes ID vault is not used, a user clicks "Copy ID" in the User Security dialog box to make a new, Notes-password-protected copy of the ID file. When the user runs Notes using the copied ID on another computer, the user's effective policy determines if the ID will be enabled for Notes shared login.
If Notes IDs are stored on a network share, the IDs can be used only from the computers on which shared login is activated.
To open an shared login-enabled ID through the Domino Administrator, you must always use the computer and the Windows login name that were used when the ID was shared login-enabled.
Roaming users who roam their IDs cannot use Notes shared login.

Related topics

Enabling shared login

Disabling shared login

Notifying users when shared login is activated or deactivated

Setting up password verification

Enabling Notes Client Single Login during install or upgrade

Using Notes client single logon to synchronize Notes and OS passwords

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary