Using a security settings policy to apply a Notes federated login configuration to client users

After SAML-based federated login is configured on your Domino® server and identify provider (IdP), you can assign its use to Notes® client users through the security policy.

Before you begin

For this task, you will use the security policy already deployed earlier in a previous task of this sequence for users of your ID vault.

Before you can apply the policy to support federated login, you also need to export a copy of the Internet SSL certificate from your federation (ADFS or TFIM 2.0), import that certifier into your Domino Directory, and cross-certify. For the procedure, see the related topic on creating an Internet cross-certificate.

In any security policies that are applied to Notes users whom you plan to include in Notes federated login, disable synchronizing the Notes client password with the Internet password.


1. In the Domino Directory, open the existing Security Settings policy for users of your organization’s ID vault.

2. On the ID Vault tab, make sure there is an assigned vault.

3. Select the Password Management -> Federated Login tab.

4. Select Yes for Enable Notes federated login with SAML IdP.

5. For client users who have upgraded to 9.0.1 Social Edition, when the policy is initially being deployed, under Additional settings for Federated Login (Notes or Web), select Yes for Allow password authentication with the ID vault.

6. Optional: Create custom messages for users to notify them when federated login is either enabled or disabled.

7. Select the Keys and Certificates tab.

8. To add the Notes certifier to the policy, click Update Links.

9. Choose Selected supported and click OK.

10. Click the Notes Certifiers tab, select the certificate, and click OK.

11. Click the Internet Cross Certificates tab, select the SSL certificate exported from either ADFS or TFIM 2.0, and click OK.

12. Optional: Enter a formula under Machine specific formula to apply the policy to specific computers for clients who have multiple computers.

13. Save and close the security policy.


For any Notes user to whom the policy applies, the settings for Notes federated login will be activated on the user's next login.

Parent topic: Supporting federated login on the Notes client
Previous topic: Configuring the ID vault for Notes federated login
Next topic: Using Notes federated login in combination with Notes Shared Login to support offline users (Windows only)

Related tasks
Creating and configuring an ID vault
Creating a security policy settings document
Creating an Internet cross-certificate in the Domino Directory from a certifier document