NotesMail - HCL Domino Administrator 11.0.1 Help

SECURING

Using Notes Shared Login (NSL) to suppress password prompts

Notes® Shared Login (NSL) allows users to start Notes without having to provide Notes passwords. Instead, they only need to log in to Microsoft™ Windows™ using their Windows passwords.

When Notes Shared Login is enabled, Notes IDs no longer have Notes passwords. Instead, a complex "secret" is used to protect the ID. This secret is encrypted using a Microsoft Windows security mechanism and saved locally on users' computers.

Enabling Notes Shared Login alters the ID so that shared login works only on the computer on which the feature is activated. This is a requirement because the feature relies on a Windows security infrastructure specific to that computer.

Notes Shared Login provides the following benefits:

Users need to remember only their Windows passwords.
Notes shared login works without interruption when Windows passwords are changed either by users or by administrators on a Windows domain controller.
Administrators use policies to control who uses the feature and whether its use is required or optional.
Administrators are not required to manage Notes passwords or assist users who have forgotten their passwords because there are no longer Notes passwords.

Notes Shared Login is not supported for Notes IDs that are:

used on computers that do not run Windows
protected by Smartcards
protected by multiple passwords
used with Notes on a USB drive
used by users who have Windows mandatory profiles
used in a Citrix environment

Note: Notes Shared Login users with Windows roaming profiles should log in to an Active Directory domain controller from one computer at a time. When users are logged in from more than one computer, there is a possibility that Notes may not be able to decrypt the ID file.

When Notes Shared Login is enabled:

Security settings for policies that relate to Notes passwords are not supported and are ignored. The User Security dialog box does not display fields relating to Notes passwords.
The Check password on Notes ID file security setting is not supported. Domino® servers ignore this setting for IDs enabled for shared login. If you use pre-8.5 Domino servers, the setting should be disabled for users with these IDs.
If Notes users were synchronizing Internet passwords with Notes passwords in an earlier release, they must now begin managing their Internet passwords.
To use a Notes shared-login ID on more than one computer, a user clicks Copy ID in the User Security dialog box to make a new, Notes-password-protected copy of the ID file. When the user runs Notes using the copied ID on another computer, the user's effective policy determines whether the ID will be enabled for Notes shared login. It is possible to use the ID Vault to move a Notes shared-login ID from one system to another, but all of the following requirements must be met:
- The Notes shared-login ID stored in the ID vault must have a password associated with it. Often this is not the case, because Notes shared-login IDs on a user's computer do not have a password.
- The owner of the ID must know the password associated with the copy of the Notes shared-login ID stored in the ID Vault
- The user must be performing a Notes setup on the new system where the ID will be used, or the NOTES.INI file on the new system where the ID will be used must contain entries specifying the owner of the ID and the location where the ID should be stored.
If Notes IDs are stored on a network share, the IDs can be used only from the computers on which shared login is activated.
To open an shared login-enabled ID through the Domino Administrator, you must always use the computer and the Windows login name that were used when the ID was shared login-enabled.
Roaming users who roam their IDs cannot use Notes shared login.
Enabling shared login
Use a Security Settings document and a Policy document to enable shared login. The feature is disabled by default.
Disabling shared login
If you previously allowed or required users to use shared login but now want to prevent its use, edit the Security Settings document. Alternatively you can remove users from the policy assignment or remove the Security Settings document.
Notifying users when shared login is activated or deactivated
You can display a pop-up window to notify users after shared login is activated or deactivated on their Notes clients. The pop-up window can display a standard system message, or a system message along with your own custom message.

Parent topic: Domino server and Notes user IDs

Help on Help

All Help Contents

Help on Help

All Help Contents