SECURITY

Configuring Web client browsers for Windows single sign-on
To set up Windows® single sign-on for Web clients you must set up browsers to authenticate to the IBM® Lotus® Domino® server using SPNEGO.

To set up Internet Explorer

1. Log in to the Windows® Active Directory domain

2. Start the browser and click Tools > Internet Options

3. Click the Security tab

4. Select "Local intranet" and click Sites.

5. Ensure that the “Include all sites that bypass the proxy server” is checked.

6. Click Advanced

7. Add the URL for the Domino server, and click OK twice. For example, if the Domino server name is domino1.subnet2.acme.com, specify:


8. Click Custom Level, scroll to the User Authentication section, select "Automatic logon only in Intranet zone," and click OK.

9. Click the Advanced tab, scroll to the Security section, verify the option “Enable Integrated Windows Authentication (requires restart)” is selected.

10. If your proxy server configuration is done manually rather than via automatic configuration script:

11. Click OK and restart the browser.

12. From the browser, enter a URL to a database on the Domino server to which you have access and verify that you are not prompted for a name and password. For example,


To set up Mozilla or Firefox:

1. Log in to the Windows Active Directory domain.

2. Start the browser.

3. In the URL address box, type:


4. In the Filter box, type:
5. Double-click network.negotiate-auth.trusted-uris, and enter the URL for the Domino server, for example:
6. Click OK and restart the browser.

7. From the browser, enter a URL to a database on the Domino server to which you have access, and verify that you are not prompted for a name and password. For example,


Related topics