SECURING


ID vault FAQs

Here are answers to some frequently asked questions about the ID vault.

What release of Domino and Notes is required to use an ID vault?

To use a vault Notes® clients must run at least release 8.5. Vault servers must run at least 8.5. A user's home server or at least one server in a home server cluster must run at least 8.5 but does not have to be a vault server. The Domino® Directory administration server must run 8.5 but does not have to be a vault server.

How are users assigned to a vault?

Users are assigned to a vault through a Security Settings document that is assigned to a policy.

Can users from different organizational hierarchies be assigned to one vault?

Yes, for example, you can use multiple organizational policies and assign each one to the same vault.

Can users with home servers in different Domino domains be assigned to one vault?

No, currently the home servers of all users of a vault must be in the Domino domain that contains the vault. In addition, users cannot recover from a forgotten password if they switch to a location that refers to a server that is in a different domain than the vault.

Can one vault be used in more than one Domino domain?

No, all replicas of a vault must exist within one domain.

Can the vault and the ID recovery feature available previously both be used?

Although you can implement both of these ID management features in your environment, a specific ID can be set up to use only one of them.

How can I tell whether a user ID is stored in a vault?

The vault database contains a document with the ID attached. The Notes User Security window also indicates when an ID is vaulted.

How is the vault useful if users forget their passwords?

Users who forget their Notes passwords can see instructions from their administrator in the Notes login window. Authorized people or applications can reset the passwords of IDs in the vault without requiring access to the ID vault or the ID files. After a user's password has been reset, the user can log in to Notes using the new password.

Are all password management features available for users with vaulted IDs?

Yes, the ID vault supports use of all of the features available in the Password Management tab of the Security Settings policy document.

Is the ID vault compatible with users who have roaming IDs?

Yes, the two features work together. The roaming feature provides a consistent Notes user experience on different computers. The ID vault ensures that changes made to an ID file are synchronized across all client computers that support the ID vault.

Do users retain local copies of their ID files?

Yes, local copies of ID files remain on users' computers so users can encrypt and decrypt documents and mail when not connected to the network.

Are the benefits of an ID vault available for users who switch IDs?

Yes, but before an ID can be acquired from the vault, a user must enter a password or the current ID, as usual when switching IDs.

Is it possible to create more than one vault?

Yes, you can set up more than one vault and assign a different set of users to each one.

Are certifier IDs and server IDs stored in a vault?

No.

Can programs that use the Notes API interact with a vault?

Yes, developers can use the ResetUserPassword method available in C, Java™, JavaScript™ or LotusScript® to develop a custom application for resetting passwords. This can be a self-service application that allows users to reset their own passwords or an application that help desk personnel use to reset user passwords.

Can Notes clients access the vault through a Notes pass-through server?

No, access to the vault using pass-through is not supported.

Parent topic: Notes ID vault

Related concepts
Notes ID vault

Related tasks
Assigning users to a vault
Viewing user IDs in a vault