The ID Vault Feature Across IBM Products
|
|
- Mitchell Thomas
- 5 years ago
- Views:
Transcription
1 The ID Vault Feature Across IBM Products August 5, 2015 Amy Knox, Paco Pascua, Patrick Legaspi, Prince Mendoza, Paul Johnson, Quervin Lloyd Buco, Russell Norberg Powered by IBM SmartCloud Meetings
2 Who We Are...
3 Overall Agenda Introduction and Overture (Amy Knox) ID Vault and the Domino Server (Paco Pascua and Patrick Legaspi) 7 Common Scenarios, Tips ID Vault and inotes (Paul Johnson) Configuration, Federated Login ID Vault and Traveler (Quervin Lloyd Buco) Usage, Configuration and Troubleshooting ID Vault and the Notes Client (Prince Mendoza) Background, Notes Shared Login, Notes Federated Login ID Vault in the IBM SmartCloud Notes Environment (Russell Norberg) Usage, Configuration and Troubleshooting Additional Resource links (all products) Additional Slides on ID Vault and Federated Login Q&A
4 Introduction and Overture We live in an integrated world ID vault is a great security tool leveraged by multiple IBM products: Notes/Domino inotes and Traveler IBM SmartCloud Notes ID Vault provides this functionality: Secure, server-based repository for user ID files Simplified provisioning of ID files Automatic synchronization of a user's id file in the environment Simple-to-use tool for resetting passwords Easy administration of the user ids' vault settings, via a Domino security policy Automatic decryption of encrypted mail in web-based mail databases
5 Introduction and Overture Our goal is to: Look at ID Vault feature implementation within these products, different perspectives See how it fits together Start the conversation about integration of products and features Our expectation is NOT to cover all aspects of ID vault, interoperability, and integration, within the next 45 minutes! We hope to cover all we can We hope to introduce you to some new content We hope to provide you with some troubleshooting techniques and tips We hope to provide you with some must gather info, when opening support tickets Please use the Web chat for: OR Asking questions to our panel of experts, during the presentation Informing us of a specific topic you might like to see us expand on in a future Open mic
6 Introduction and Overture Resources for Background and Configuration of the ID Vault: IBM Admin Help Creating an ID vault Open Mic (2012) Notes/Domino ID Vault Lotus Domino Security: NSL, Web SSO, Notes ID vault Open Mic (2011) Lotus Notes ID Vault ID Vault Overview and Best Practices ID Vault Interoperability Open Mic Webcast: Intro to Notes Federated Login (SAML) Open Mic Webcast: Configuring an IBM Domino Web server to use SAMLbased single sign-on Open Mic Webcast: Web Federated Login (SAML) with inotes & Integrated Windows Authentication IBM Domino Wiki ID Vault Resources
7 ID Vault and the Domino Server Paco Pascua and Patrick Legaspi Software Engineers - IBM Domino Server Powered by IBM SmartCloud Meetings
8 Agenda ID Vault and the Domino Server 7 Common Scenarios a Domino Administrator can experience with the ID vault A Few Tips ID Vault and the Domino Server 8
9 Common Scenarios a Domino Administrator can experience with the ID vault Scenario 1: Admin created a vault replica on the secondary server using the File>Replication>New replica method. Admin can extract and reset passwords on the primary vault server; however on the secondary server, admin is getting the error note item not found. Resulting behavior: Unable to extract id from secondary server Explanation/solution: When creating a replica of the ID vault, Admin must use the Manage Vault replica tool, to add a vault replica server 9
10 Common Scenarios a Domino Administrator can experience with the ID vault Scenario 2: Admin is using an 8.5 Admin Client to Manage an Id vault on 9.x server but the manage button is grayed out Resulting Behavior: Unable to manage Id vault Explanation/Solution: ID vault hosted on 9.x servers can only be managed from a Domino Administrator Client version 9.x uid=swg
11 Common Scenarios a Domino Administrator can experience with the ID vault Scenario 3: User can't request for a new set of keys via the File>Security>User Security option Resulting Behavior: Unable to Roll over user keys Explanation/Solution: Users whose ids are uploaded to the vault cannot initiate a key rollover. ID vault is designed to lessen user intervention during the key roll-over process. Users whose ids are uploaded to the vault can only be rolled over via a (Security) policy 11
12 Common Scenarios a Domino Administrator can experience with the ID vault Scenario 4: Domino vault Admin wants to allow additional administrators the ability to manage the ID vault. The names of the persons the admin wants to add are not available in the list of potential vault administrators Resulting Behavior: Unable to add new Administrators to the vault Explanation/Solution: Users should be in LocalDomainAdmin group, in order for them to be added as a vault administrator 12
13 Common Scenarios a Domino Admininstrator can experience with the ID vault Scenario 5: Admin is trying to add a vault replica server but is not able to lookup the name of the server Resulting Behavior: Server is not on the list of Available servers. Explanation /Solution: Do a refresh server action via the Domino Administrator client: Administration menu Refresh server List All domains 13
14 Common Scenarios a Domino Administrator can experience with the ID vault Scenario 6: Admin removed a server from the vault replica server list. After removing the server via the manage tool, the id vault database still appears on the files tab of the server. Resulting behavior: A Replica of the ID Vault database is still present on the old vault replica server Explanation: The Manage id vault only removes the server from the vault replica server list. It does not delete the id vault database itself 14
15 Common Scenarios a Domino Admininstrator can experience with the ID vault Scenario 7: Admin is trying to setup an id vault. When running the command 'show idvault', an error is returned that No policy settings uses <vault name> Resulting behavior: Unable to implement ID vault Explanation/Solution: A "/" is required when specifying the name of the vault on the Security settings document. Check the Security settings ID vault tab, and ensure the Vault name has a / preceding it 15
16 A Few Tips: ID Vault and the Domino Server If you make manual changes to the Domino server's vault db, run updall -R on it: Deleting a user doc manually Re-activating a user (change from inactive to active) Did you know there is a hidden view ($IDVaults) in the Domino Directory? Can view the Vault Name, Administration Server, and Vault Server List If a user's ID is not is in the ID vault: Check that the user is using Lotus Notes 8.5 or higher ( Help menu About IBM Lotus Notes ) Look through client and server log.nsf "Security Events" view for errors or potential clues Check that the user has been assigned to an ID vault by a policy: Run "Policy Synopsis" Check that the user has authenticated with his/her home server, downloading the updated policy Review the user's local names.nsf, ($Policies) view, for the effective policy of the user Check that the vault trust certificates have been created and exist in the directory: In Domino Administrator client: "People & Groups" tab --> "Certificates" Check that a vault trust certificate has been issued by the user's certifier or ancestor to the vault.
17 A Few Tips: ID Vault and the Domino Server Server-Side Debug Parameters for ID Vault: Set ID vault notes.ini variables to capture additional information Info is logged into the server's console.log Domino Server: DEBUG_IDV_CONNECT=1 DEBUG_IDV_TRUSTCERT=1 DEBUG_IDV_UPDATE=1
18 ID Vault and inotes Paul Johnson Staff Software Engineer - IBM WebCore Powered by IBM SmartCloud Meetings
19 ID Vault and inotes Configuring ID Vault and inotes 19
20 Configuring ID Vault and inotes Usage: ID Vault provides inotes users with seamless access to their Notes ID, allowing them to sign and encrypt mail If ID Vault is not in use, the ID must be imported into the mail file or added to the mail when the user is first registered. 20
21 Configuring ID Vault and inotes Steps to enable/use: 1) Enable encryption in inotes through the Domino server configuration 2) Set a security policy enabling ID Vault with inotes 3) If users do not already have the Notes ID in the mail file, ID Vault automatically adds it to the mail file Nothing has to be done by end users to get ID Vault enabled for inotes! 21
22 Configuring ID Vault and inotes The IBM inotes tab on the Server Configuration document has settings to enable the use of Notes IDs for encryption, plus other options related to IDs and passwords To use the Notes ID in inotes, Encrypted mail support must be enabled 22
23 Configuring ID Vault and inotes When Encrypted mail support is enabled, options for the Notes ID are available Domino server (mail) configuration document inotes tab: 23
24 Configuring ID Vault and inotes Enabling the ability for users of the server to change the internet password is also set on the Domino Server configuration document inotes tab 24
25 Configuring ID Vault and inotes ID Vault can be used with inotes when a security policy is set for the user enabling Notes-based programs to use the Notes ID Vault 25
26 Configuring ID Vault and inotes ID-Specific security settings are found on the Password Management tab of the security settings document 26
27 Configuring ID Vault and inotes Via the Security settings/policy, users can be granted the authority to change the internet password. If enabled, ensure that the server also allows this in its server configuration document inotes tab. 27
28 Configuring ID Vault and inotes The internet password can be kept synchronized with the Notes password. NOTE: Synchronization is one directional Notes password changes result in the internet password changing, but not vice versa. 28
29 Configuring ID Vault and inotes When Update Internet Password is set and a change is detected to the Notes ID password, the adminp request Change HTTP Password in Domino Directory is created. This changes the contents of the field HTTP Password on the person document This request is processed by the Administration server, and is immediate - usually within less than a minute. Replication then updates other servers. 29
30 Configuring ID Vault and inotes When ID vault is enabled for an inotes user, the inotes preferences security tab provides options for working with the Notes ID 30
31 Configuring ID Vault and inotes The Notes ID info button will display details of the Notes ID, including information on password expiration and the ID vault in use 31
32 Configuring ID Vault and inotes If ID Vault is enabled by policy when a user is registered, the user's ID is added automatically to the ID vault. 32
33 Configuring ID Vault and inotes Several of the options in the inotes preferences may seem confusing to users when ID Vault is in use. If desired, they can be disabled in the server configuration if everyone is vaulted. Disabling = hidden from users The ID is automatically retrieved from vault if it is not present, so the delete button does nothing useful If the ID is vaulted, there is no reason for a user to import the Notes ID. The ID in use needs to be the ID from the vault. Leaving these enabled and visible does no harm either 33
34 Configuring ID Vault and inotes If both internet password changes and password synching are enabled, there will be a single Change password button. 34
35 Configuring ID Vault and inotes If internet password changes are enabled, but password synching is not set, there will be buttons for changing both passwords. 35
36 ID Vault and Traveler Quervin Lloyd Buco Software Engineer - IBM Traveler Powered by IBM SmartCloud Meetings
37 Agenda ID Vault and Traveler Background and Configuration Mail Encryption on IBM Traveler ID Vault Limitations on IBM Traveler 37
38 Background and Configuration Domino ID Vault serves in the same capacity for IBM Traveler as inotes: Mail encryption/ decryption: ID file present in the mail file allows mobile devices to partake in encrypted mail ID file uploaded automatically to the mail file via a Security Policy ID file can also be manually uploaded to the mail file 38
39 Background and Configuration Use the same steps for implementing the ID Vault for IBM Traveler users as inotes users: On the security policy assigned to the Traveler users, ensure that the Allow Notes-based programs to use the Notes ID Vault setting is set to YES 39
40 Mail Encryption on IBM Traveler Encrypting and decrypting Domino mail from mobile devices is achieved through the following: IOS devices IBM Traveler Companion; IBM Verse for ios Android IBM Verse for Android Blackberry Built-in mail app Windows Phone IBM Traveler Companion for Windows Phone 40
41 Mail Encryption on IBM Traveler Encryption and decryption of Notes-encrypted mail is handled at the Traveler server layer and the data is then sent to the device in clear-text like in inotes. As such, SSL is recommended to be enabled on the Traveler server to ensure travels via a secure channel. While Traveler allows encryption/decryption of mail over HTTP, this is not recommended. 41
42 ID Vault Limitations on IBM Traveler ID Vault and IBM Traveler across multiple domains ID Vault is only limited for a single domain. Enhancement Request #YDEN8FFERA ID vault is currently not supported across domains The Traveler server and mail servers must be in the same domain for ID Vault to work in encrypting/decrypting mail over IBM Traveler. If Traveler and the Domino mail servers are in different domains, the Notes ID file must be uploaded on the user's mail file. Either it is already stored on the user's mail file, or the user can manually upload the Notes ID file via the Traveler servlet webpage 42
43 ID Vault Limitations on IBM Traveler Policy to change the Notes password every n # of days does not work if Traveler server is in another domain OR if the current domain does not have an ID Vault configuration Scenario: Enabling "Check passwords on Notes id file" on Domino servers (including Traveler) and creating a policy for a password change after n days will work for Notes and inotes, but when user gets an encrypted mail and wants to decrypt this via Traveler, he can use his old password from the notes.id uploaded on his mailfile. It appears Traveler still allows the user to use the old notes id password even though he has already changed his notes id password per the expiration date set on the policy settings. 43
44 ID Vault Limitations on IBM Traveler Policy to change the Notes password every n # of days does not work if Traveler server is in another domain OR if the current domain does not have an ID Vault configuration (continued) This is working as designed. The user would re-upload the ID file to change the password or use the Traveler change password option for the notes id file that is currently uploaded in the user's mail file. For it to be automatic, one would need to use the ID Vault The uploaded notes id file via the Traveler servlet is completely separated from the notes id managed via the Domino policy. This means that as long as the password entered by the user matches the one stored in the notes.id file on the mail file, then the encryption/ decryption will work. The end user can upload a new id file at any time. In short, the solution is to use an ID vault to effectively manage the notes id and conform with the password policies enforced to the users. 44
45 ID Vault and the Notes Client Prince Mendoza Software Engineer - IBM Notes Client Powered by IBM SmartCloud Meetings
46 Agenda ID Vault and the Notes Client Introduction and Background: Notes Client and the ID Vault Notes Client, Notes Shared Login, and ID Vault Notes Client, Notes Federated Login, and ID Vault Comparison: NSL vs. NFL and the ID Vault Troubleshooting ID Vault on the Notes Client 46
47 Introduction and Background: Notes Client and the ID Vault Harvesting (Uploading) ID files: Upload of User ID happens through the Notes client after the policy has been applied: Within 8 hours (average of 4), ID automatically uploaded to the ID vault. Tip: To force an ID file upload, switch ID to the same ID (*Useful for testing purposes) ID Harvested while user is running Notes (OR Harvested from mail file when user performs a secure mail operation on inotes, Traveler, or Blackberry device) You can also manually upload an ID using ID vault C-APIs Synchronizing ID files: Changes made in one copy of the ID file will resync immediately with the ID in the vault Other clients will periodically poll the ID vault for changes - once every 8 hours User Client Password Experience (Sample Scenario): 1) User changes password on a desktop client, triggering an immediate resynchronization with the ID vault 2) User goes to another computer and uses the new password. 3) The password is first checked against local ID. If it does not match, it is then checked against the vault. 4) ID files are resynchronized, if necessary Summary: When a user changes ID, switches IDs, or provides a new password, the client attempts synchronization immediately; otherwise, client will communicate with the vault every 8 hours. 47
48 Introduction and Background: Notes Client and the ID Vault How does the Notes Client know which Vault server to communicate with? Here is the high level summary of the exchange between Notes client and Domino server: 1. (Login/authentication) User connects to server in home server cluster. 2. Home/mail server (or clustermate) provides a list of available vault servers (in random order): 3. Client connects to first available ID vault server in list. The server name is cached in the Notes.ini variable IDVaultLastServer 4. This server is used for two weeks. 5. Afterwards, the cache is cleared and a new ID vault server is randomly selected again (for load balancing). 48
49 Introduction and Background: Notes Client and the ID Vault A Few More Details: Notes client does not have direct access to the ID vault; however, nserver.exe acts as a proxy between the client and the vault Notes client versions prior to 8.5 work fine in an environment with the ID vault, but do not take advantage of the features provided by the ID vault. If the password on an ID file is changed on a pre-notes 8.5 client, the password change, along with any further changes to the local ID file, will not be recognized by the vault. You must change the password on a Release 8.5 or later Notes client. ID vault also works with the Roaming user feature, as long as the ID file does not roam The ID Vault plays an important role in the implementation of certain Notes/Domino security features such as the Notes Shared Login and Notes Federated Login Notes Shared Login (NSL) and Notes Federated Login (NFL) are both single sign-on solutions that allow passwordless access to Notes client while maintaining security Notes Single Logon, another SSO solution introduced in an earlier release, is not supported with ID Vault. If you would like to use the ID vault, please use the Notes Shared Login (NSL) feature instead. Standalone IBM tool to remove ID from the Personal Address Book 49
50 Notes Client, Notes Shared Login (NSL), and ID Vault NSL Strips password from the Notes ID file, then locks and encrypts it Password reset must be done at the server level (Vault password reset tool) Notes ID does not contain any password; hence, you cannot synchronize your Internet password with your Notes password NSL is supported with Notes Basic and Standard clients NSL is supported with Notes Browser Plugin Works regardless if user is online/offline ID vault is supported in a Citrix environment, but NSL is not NSL does not require ID Vault, but was designed at the same time as ID vault and intended to work well with it NSL, ID vault, and Roaming User feature (file server OR Domino roaming) can work together, when the id roams via the ID Vault. NOTE: Not supported if user.id is stored in user's personal names.nsf 50
51 Notes Client, Notes Federated Login (NFL), and ID Vault How it Works: During NFL enablement, Notes Client interact with ID Vault by sending a SAML token to ID vault to get an unlocked ID file Notes Client sends SAML assertion to ID vault server via Notes RPC channel ID vault server returns user's unlocked ID file via Notes RPC channel The unlocked ID file contents are stored in memory on the client after being downloaded from the ID vault Other Details: NFL not supported with roaming user feature NFL not supported on the Notes Basic client; thus, Domino Administrator may not work immediately TIP: Launch the Notes client first, then the Domino Administrator client NFL not yet supported with Notes Browser Plugin NFL is supported in a Citrix environment User needs to be online Requires ID Vault NOTE: Neither NSL nor NFL work if Notes Single Logon service is running on a user's machine For NFL: just disabling the Notes Single Logon will not work. The Notes Single Logon feature must be uninstalled. 51
52 Notes Client, Notes Federated Login (NFL), and ID Vault Common Question: if a user is set up for NFL on PC A then moves to another PC B, will he/she get prompted for a password? If so, will it require the ID Vault password? Explanation: For every machine, user will be prompted for a password at least once If the user is trying to setup a new Notes client, he will not get prompted for ID vault password in the setup process. (If the IdP is configured to use form-based login, he may get prompted for IdP username/password. If the IdP is configured to use kerberos login, the user will not get prompted at all). If the Notes client is already setup as a Vault user (on the PC the user did not use before), he will need to input ID vault password to login Notes before Notes Federated Login is enabled, because the policy will only be pushed down after user is authenticated. However, with deploy.nsf that contains Notes cert and internet cross cert, you can avoid the password prompt You can't use deploy.nsf on an existing installation, it needs to be used on an fresh install. You will need to create new install packages in order to make use of the deploy.nsf. 52
53 Comparison: NSL vs. NFL and the ID Vault Features Notes Shared Login Notes Federated Login Support for Notes Basic mode Support for Roaming ID Support for Citrix Environment Support for Notes Browser Plugin Requires ID Vault User needs to be online 53
54 Troubleshooting ID Vault-Related issues on the Notes Client Client Quick check: Is the local ID uploaded to the vault? File Security User Security:
55 Troubleshooting ID Vault-Related issues on the Notes Client Debug parameters added to Notes client notes.ini file, unless otherwise indicated: General Debug parameters to enable: CONSOLE_LOG_ENABLED=1 LogStatusBar=1 DEBUG_DYNCONFIG=1 Debug parameters for ID vault: DEBUG_IDV_CONNECT=1 DEBUG_IDV_TRACE=1 DEBUG_IDV_TRUSTCERT=1 DEBUG_IDV_UPDATE=1 DEBUG_IDVAULT_SERVER_SELECTION=1 Debug for Notes Shared Login: DEBUGNSL=1 Debug for Notes Federated Login Client-side: NFL Debug for the Domino Server: Debug_Console=1 Debug_Clock=32 DEBUG_CONSOLE=1 DEBUGGINGWCTENABLED= DEBUG_TRUST_MGMT=1 DEBUG_IDV_TRACE=1 DEBUG_ROAMING=4 DEBUG_BSAFE_IDFILE_LOCKED=8 STX9= DEBUG_SAML = 31
56 Troubleshooting ID Vault-Related issues on the Notes Client What to gather, when opening a support ticket: Local client/domino server LOG.NSF (SECURITY EVENTS) Local client/domino server console.log Local client Contacts database (names.nsf) Local client notes.ini Domino server's Domino Domain Monitoring database (DDM.NSF) Screen shots of all related policy docs (desktop, roaming, security, etc.) OR copy of Domino directory (Domino server names.nsf) with policy docs, Vault trust cert docs, user person doc List (or screen shot) of server-side ID Vault settings *If you suspect the root cause is a policy-related issue, please refer to the information in this Troubleshooting Policies Open Mic Additional Information requested: Notes client version Domino server version Policy Synopsis results for affected user Which security feature(s) are being used? How is the feature not working? Has it ever worked before? Is the problem happening to a single or multiple users? Which error message is encountered and at what point: Popup? Error in Status bar?
57 ID Vault in SmartCloud Notes Russell Norberg Staff Software Engineer - IBM Verse Support and IBM Connections Cloud IBM Collaboration Solutions Powered by IBM SmartCloud Meetings
58 Agenda ID Vault and SmartCloud Notes ID Vault setup in the IBM SmartCloud Notes environment ID Vault management in the IBM SmartCloud Notes environment Troubleshooting ID Vault issues in the IBM SmartCloud Notes environment 58
59 ID Vault setup in the IBM SmartCloud Notes environment Two IBM SmartCloud Notes environment options: Service-only = all users' data on IBM managed servers Hybrid = combination of on-premises Domino servers and IBM managed servers Two types of administrators: IBM Administrator manages the ID Vault, cloud-based mail files, and cloud-based environment off-site Customer administrator local company administrator, who can execute some basic tasks related to users Three potential implementations: Users previously in an on-prem environment that had an ID vault, then migrated to the cloud Users previously in an on-prem environment WITHOUT an ID vault, then migrated to the cloud Users registered originally in a cloud service-only environment (never on-prem, no prior vault) 59
60 ID Vault setup in the IBM SmartCloud Notes environment In cases where ID Vault in use in the cloud service environment, and user mail data stored on IBM managed servers: 1) IBM creates the new ID Vault database and Policy with Security settings document Users migrated from on-premises to SCN are stored there 2) Action item: The customer Admin creates an ID Vault trust Certificate *Best practice: upload User ID files into the mail database before migrating users 3) The User ID file is harvested from Notes clients during authentication OR 4) The Customer Administrator can manually upload the User ID directly to the SCN ID Vault using the Admin UI web client IBM SCN \ Users \ Upload Notes ID File action 5) At this point, the on-premises ID Vault can be removed, deleted, or archived *EXCEPTION: Hybrid users need an ID file for encrypted documents in custom applications. Users switch to the on-prem id when they need to use such applications. Setting up an additional IBM Notes client to SCN without the User ID (TN# ) 60
61 ID Vault Management in IBM SmartCloud Notes The customer administrator can: Reset user passwords Upload a user ID to the SCN ID Vault using the Admin UI web client Hybrid environments: manage password quality in the on-premises security policy documents The customer administrator cannot directly access the ID Vault or the Policy document in the IBM-managed environment Best practice: The customer administrator should use separate Policy documents for onpremises vs. service-only users 61
62 Troubleshooting ID Vault issues in IBM SCN Although the Customer Administrator does not have access to the server implementation, he/she can access users' Notes client and any local mail replica(s) and perform the following investigations: For suspected issues related to ID Vault OR ID file synch : 1.) Check local notes.ini settings for server name and last synch time: IDVAULT_STAMP1=<datetime> IDVaultLastServer=<servername> *is this a current date/time, or old> *is this value present? Is it a known IDV server? 2.) Review local Notes client log.nsf for any errors: Miscellaneous Events view Security Events view 3.) Use Notespeek to verify that the User ID was uploaded to the mail database 62
63 Troubleshooting ID Vault issues in IBM SCN 4.) Review the ($Policies) document in user's local names.nsf to verify the SCN Policy is present: a.) Hold down ctrl+shift key, then open local names.nsf b.) Open the ($Policies) view c.) Search for a document with Effective policy for <username> and PolicySecurity d.) Right-click on the PolicySecurity doc Document Properties. e.) Go to the second tab (Fields tab) Search for VTName field on left. *TIP: Take a screen shot if you plan to open a Support ticket 63
64 Troubleshooting ID Vault issues in IBM SCN 5.) Manually sync with the ID Vault: File Security User Security: "ID Vault Sync" button 64
65 Troubleshooting ID Vault issues in IBM SCN 6.) Client-side debug: Add these parameters to local client notes.ini for the affected user: DEBUG_IDV_API=1 DEBUG_IDV_CONNECT=1 DEBUG_IDV_TRACE=1 DEBUG_IDV_SERVER_SELECTION=1 debug_threadid=1 console_log_enabled=1 7.) What to provide to support, if you need to open a PMR related to ID Vault in the SCN environment: Enable the above debug parameters and collect the following files from the local user's Notes client: a.) local log.nsf b.) local names.nsf c.) local user notes.ini for Vault Notes.ini d.) local client console.log (in \notes\data\ibm_technical_support folder) 65
66 ID Vault across Products High Level Example of OnPrem Environment Notes client users connect internally via NRPC inotes clients connect via HTTPS Domino server with ID vault config Domino server with Traveler Service HTTPS RPC names. nsf vault.nsf Mobile devices connect via HTTPS Domino mail server(s)
67 ID Vault across Products High Level Example of Hybrid Environment SmartCloud Notes users connect to their Cloud mail server with SCN vaulted id Notes client users connect internally via NRPC inotes clients connect via HTTPS IBM SmartCloud Infrastructure with ID vault Migrated SCN Users can connect to OnPrem servers, access encrypted data in custom apps Domino server with ID vault config HTTPS RPC names. nsf vault.nsf Mobile devices connect via HTTPS Domino server with Traveler Service Domino mail server(s)
68 Additional Resources: ID Vault - All Products 68
69 Additional Resources Domino Server and ID vault ID vault overview FAQ Notes/Domino ID Vault Open Mic webcast: ID Vault overview Best Practices Open Mic Webcast Replay: ID Vault in Lotus Notes/Domino 69
70 Additional Resources ID Vault and Notes client Comparison between Notes Single Logon and Notes Shared Login URL: Details on exception allowing support of Notes Single Logon feature for roaming users URL: ID Vault - Implementation, Security and Troubleshooting - for IBM Notes and Domino URL: Open Mic Q&A: ID Vault & Notes Shared Login - 20 October 2010 URL: Open Mic Q&A: Lotus Notes ID Vault - May 19th, 2011 URL: Open Mic Webcast: Intro to Notes Federated Login (SAML) - 26 March 2014 (Q&A, presentation, audio recording) URL: Some administrators should not be enabled for Notes federated login URL: 70
71 Additional Resources ID Vault and Notes client ID vault and Notes shared login FAQ URL: Securing your Notes ID vault server URL: Security Assertion Markup Language (SAML) Notes Federated Login URL: tes_federated_login Upgrading from Notes client single logon to Notes shared login URL: shared_login 71
72 Additional References ID Vault and Traveler Traveler and ID Vault across multiple domains - uid=swg Configuring Traveler Companion on Apple Devices - IBM Traveler Companion for Windows Phone FAQ - How do I process encrypted mail on a Blackberry Device
73 Additional Resource Links - ID Vault and SmartCloud Notes Open Mic: What is IBM SmartCloud Notes Hybrid? Uploading an ID to the Vault (SCN) Issuing a Vault Trust certificate (SCN) Setting up an additional IBM Notes client to SCN without the User ID Managing Notes Ids (hybrid organizations only) Unable to connect to SCN after running the Notes client configuration tool What You Should Know Before You Change a SmartCloud Notes User's Name Common Q&A for IBM SmartCloud Notes Company Administrators ( password and vault issues ) 73
74 Press *1 on your telephone to ask a question. Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: IBM Collaboration Solutions Support page IBM Collaboration Solutions Support 74
75 Backup Slides ID Vault and Federated Login 75
76 Federated Login and ID Vault What is Federated Login? Federation between a user's ID in a non-domino identity provider and the Notes ID Federated Login is implemented through SAML authentication Domino supports Active Directory (ADFS: Active Directory Federation Services) and Tivoli (TIFM: Tivoli Identity Federation Manager) Once logged into the identity provider, seamless access to the Notes ID No Notes ID password needed 76
77 Federated Login and ID Vault SAML authentication in Domino Requires Domino 9.0 SAML - Security Assertion Markup Language A SAML assertion is proof of authentication provided by a trusted identity provider (IdP) XML formatted certificate data Domino validates the SAML assertion against its IdP catalog and grants access based on the authentication with the identify provider 77
78 Federated Login and ID Vault Access to the ID Vault Configuring SAML authentication for Domino uses an IdP catalog entry for the Domino server(s) and a separate IdP catalog entry for the ID Vault The IdP has a relying party trust entry for Domino and another for ID Vault Authentication first takes place over HTTPS with the Domino server Once a user is authenticated, the ID is retrieved in the background from the ID Vault using the IdP catalog entry for the ID Vault No user intervention Does not require the HTTP task to be running on the ID Vault server 78
79 Federated Login and ID Vault Federated Login is enabled through a security policy: Federated Login tab is hidden if no ID Vault is defined on the ID Vault tab Enable Web Federated Login and Enable Notes Federated Login have Don't set value as the default for the How to Apply setting 79
80 Federated Login and ID Vault IdP Catalog entry for the ID Vault: Authentication first takes place over HTTPS with the Domino server Once authenticated, the ID is retrieved over NRPC from the ID Vault using the IdP catalog entry for the ID Vault Does not require the HTTP task to be running on the ID Vault 80
81 Federated Login and ID Vault IdP Catalog entry for the ID Vault: ID Vault's entry uses the same metadata from the Identity Provider as is used by Domino for authentication If the ID Vault is on the same Domino server as the authenticating Domino server, the ID Vault entry uses an alias host name in its configuration The alias is only needed when running vault on the same server that is authenticating users The ID vault on domino-server-name.domain.com would have its host name shown as vault.domino-server-name.domain.com in the IdP catalog This address is not actually used over HTTP, does not have to resolve in DNS Do not use an IP address in the configuration 81
82 Federated Login and ID Vault Configuring an ID Vault to work with Domino 1)Open the ID Vault Configuration view 2) Edit the document, and enter the host name that corresponds to the IdP Catalog entry for the ID Vault 82
83 Federated Login and ID Vault Identity Provider Configuration Separate Relying Party Trust configuration document for the ID Vault The identifier entry matches the host name listed in the Domino IdP catalog entry The URL is not actually used, but needs to look correct to the IdP, including use of https 83
84 Federated Login and ID Vault Identity Provider Configuration The IdP's endpoint is set to the actual Domino server name, not the vault alias Uses a URL pointing to names.nsf with the Argument?SAMLIDLogin Domino recognizes this login string as a SAML request for ID Vault access 84
85 Federated Login and ID Vault Web Federated Login 85
86 Federated Login and ID Vault Notes Federated Login 86
Open Mic on. ID Vault Overview & Best Practices. 19th December, 2012
Open Mic on ID Vault Overview & Best Practices 19th December, 2012 1 Open Mic Team Sunil Chelani Domino SME Presenter Seema Janjirkar Software Engineer Presenter Ranjit Rai Lotus Technical Advisor Focussing
More informationTroubleshooting Policies. Amy Knox Staff Software Engineer, IBM Domino L2 Support team April 29, 2015
Troubleshooting Policies Amy Knox Staff Software Engineer, IBM Domino L2 Support team April 29, 2015 Troubleshooting Policies - Agenda Helpful Vocabulary Policy Flow between Notes client and Domino server
More informationAdminCamp Christian Henseler, Christian Henseler,
AdminCamp 2013 Christian Henseler, 24.09.2013 Christian Henseler, 24.09.2013 1 Introduction What are we coming from Yet another SSO mechanism!? SAML basics Domino 9 requirements and limitations SAML use
More informationIBM Domino WEB Federated Login
IBM Domino WEB Federated Login Open Mic Date: 13-10-2015 IBM Collaboration Solutions Open Mic Team Irfan Jaffery - IBM ICS Support engineer Presenter Deepankar Panda - IBM ICS Support engineer Presenter
More informationTroubleshooting Policies on a Domino Server
Troubleshooting Policies on a Domino Server Open Mic Webcast October 9, 2012 Jana Medlin Domino Server Development IBM Collaboration Solutions 2012 IBM Corporation Agenda Policy, its types and usage Ways
More informationLotus Domino Security NSL, Web SSO, Notes ID vault. Collin Murray Program Director, Lotus Domino Product Management
Lotus Domino Security NSL, Web SSO, Notes ID vault Collin Murray Program Director, Lotus Domino Product Management Challenge: Reduce Cost of Ownership IBM Lotus Notes and Domino have been providing a secure
More informationNew 8.5 Notes Shared Login "Gotchas"
New 8.5 Notes Shared Login "Gotchas" Document information Technote (FAQ) Question The Notes Administrator has enabled Notes Shared Login in a policy for users. The user's Notes IDs are now locked with
More informationOpen Mic Webcast: IBM Client Application Access (ICAA)
Open Mic Webcast: IBM Client Application Access (ICAA) Ruth Charmagne Caray, Ronan Hoyne September 14, 2016 Agenda What is IBM Client Application Access? New Features Supported Domino Configurations Installing
More informationOpen Mic Webcast. IBM Verse Offline Yingle Jia, Mark Wallace April 20, 2016
Open Mic Webcast IBM Verse Offline Yingle Jia, Mark Wallace April 20, 2016 Agenda Verse Offline Overview Offline Architecture Offline UX and Features Offline Troubleshooting Q&A 2016 IBM Corporation 2
More informationSETTING UP A HYBRID DOMINO ENVIRONMENT TO EASE YOUR WAY TO THE CLOUD
SETTING UP A HYBRID DOMINO ENVIRONMENT TO EASE YOUR WAY TO THE CLOUD Gabriella Davis - gabriella@turtlepartnership.com IBM Lifetime Champion for Social Business The Turtle Partnership 1 WHO AM I? Admin
More informationUpdating the Client Access URL using IBM Traveler Server. OPEN MIC WEBCAST March 22, 2017 Alvin John Marron L2 Software Engineer IBM Traveler
Updating the Client Access URL using IBM Traveler Server OPEN MIC WEBCAST March 22, 2017 Alvin John Marron L2 Software Engineer IBM Traveler AGENDA: Overview Why use HTTPS instead of HTTP? Required Components
More informationThe Domino Certificate Authority Key Rollover Process. Author: Graham Farrell IBM Domino server Support Engineer
The Domino Certificate Authority Key Rollover Process Author: Graham Farrell IBM Domino server Support Engineer 1 Introduction.... 3 Terms and Abbreviations... 4 The Domino Certificate Authority and The
More informationLotus Domino Roaming. in Lotus Notes 8.5.x. Presenter: Christian Henseler (roaming (at) henseler.org)
Lotus Domino Roaming in Lotus Notes 8.5.x Presenter: Christian Henseler (roaming (at) henseler.org) Legal Disclaimer 'This is beta software from IBM and does not represent a commitment, promise or legal
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationLotus IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals.
Lotus 190-980 IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals http://killexams.com/exam-detail/190-980 QUESTION: 190 When creating the ID Vault for your domain, which of the following
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationOpen Mic - Troubleshooting & Best Practices for Read/Unread Marks. Manisha Parida and Sandeep R Deshpande 29 Feb 2012
Open Mic - Troubleshooting & Best Practices for Read/Unread Marks Manisha Parida and Sandeep R Deshpande 29 Feb 2012 OPEN MIC LOTUS TEAM Manisha Parida - Lotus Technical support engineer Presenter Sandeep
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationAgenda. Open Mic Webcast. Manage-Settings, Managed-Community-Configs and Domino Policies
Open Mic Webcast Agenda When to use managed-settings.xml, Domino custom policies and managed-community-configs.xml Where to find client preference settings you can set How to avoid problems with managed-settings.xml
More informationIBM Notes Browser Plug-in
IBM Notes Browser Plug-in Raj Patil Senior Technical Staff Member - Notes Client Archana Pawar QE Lead - Notes Browser Plugin (Notes Client) Date: 3rd September, 2014 Open Mic Team Raj Patil Senior Technical
More informationDIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION. Gabriella Davis The Turtle Partnership
DIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION Gabriella Davis The Turtle Partnership In This Session Review possible use cases for multiple directories Understand security implications
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationIBM SmartCloud Notes (SCN) Mail Routing
IBM SmartCloud Notes (SCN) Mail Routing Open Mic Date: 21 st Oct, 2015 IBM Collaboration Solutions Open Mic Team Naresh Luthra L3 Smart Cloud Notes Presenter Ranjit Rai - IBM ICS SWAT Focusing on entire
More informationHorizon Workspace Administrator's Guide
Horizon Workspace Administrator's Guide Horizon Workspace 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationA IBM. Assessment: IBM Notes and Domino 9.0 Social Edition System Administration U
IBM A2040-405 Assessment: IBM Notes and Domino 9.0 Social Edition System Administration U Download Full Version : https://killexams.com/pass4sure/exam-detail/a2040-405 Answer: A QUESTION: 86 Jeri has installed
More informationConfiguration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2
Configuration Guide BlackBerry UEM Version 12.7 Maintenance Release 2 Published: 2017-12-04 SWD-20171130134721747 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSetting Up the Server
Managing Licenses, page 1 Cross-launch from Prime Collaboration Provisioning, page 5 Integrating Prime Collaboration Servers, page 6 Single Sign-On for Prime Collaboration, page 7 Changing the SSL Port,
More informationLogging IBM Traveler Server and Client Issues
Logging IBM Traveler Server and Client Issues Presented by: Marcelo B. Alejo III May 17, 2017 Agenda Introduction Basic Overview of Logs Knowing When and How to Collect Logs (Server and Device) User Connectivity
More informationUnity Connection Version 10.5 SAML SSO Configuration Example
Unity Connection Version 10.5 SAML SSO Configuration Example Document ID: 118772 Contributed by A.M.Mahesh Babu, Cisco TAC Engineer. Jan 21, 2015 Contents Introduction Prerequisites Requirements Network
More informationTips for Using the Integrated Solution Console (ISC) and Sametime System Console (SSC) with IBM Sametime
Tips for Using the Integrated Solution Console (ISC) and Sametime System Console (SSC) with IBM Sametime October 28, 2015 Miguel Macias, Sandy Lee, Casey Toole IBM Corporation 2015 1 Agenda Integrated
More informationBlackBerry UEM Configuration Guide
BlackBerry UEM Configuration Guide 12.9 2018-11-05Z 2 Contents Getting started... 7 Configuring BlackBerry UEM for the first time... 7 Configuration tasks for managing BlackBerry OS devices... 9 Administrator
More informationConfiguration Guide. BlackBerry UEM. Version 12.9
Configuration Guide BlackBerry UEM Version 12.9 Published: 2018-07-16 SWD-20180713083904821 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the first time...9 Configuration
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationLEI Installation Basics - on Windows and Linux platforms
LEI Installation Basics - on Windows and Linux platforms Open Mic Webcast Date : 16 December 2015 Speakers: Pauline Pagsuyuin and Chester Page Pelaez Agenda LEI/IEI Overview Installation Pre-requisites
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationSINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS
SINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS Gabriella Davis - gabriella@turtlepartnership.com IBM Lifetime Champion for Social Business The Turtle Partnership 1 Admin of all things and especially quite complicated
More informationBest Practices of IBM Notes Traveler Deployment. Date: 27 Aug 2015
Best Practices of IBM Notes Traveler Deployment Date: 27 Aug 2015 Open Mic Team Sandip Singh - IBM ICS Support engineer Presenter Sukanya Yenneti - IBM ICS Support engineer Presenter Ranjit Rai - IBM ICS
More informationCloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6
for Office Contents 2 Contents Cloud Help for Community Managers...3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6
More informationAbout This Document 3. Overview 3. System Requirements 3. Installation & Setup 4
About This Document 3 Overview 3 System Requirements 3 Installation & Setup 4 Step By Step Instructions 5 1. Login to Admin Console 6 2. Show Node Structure 7 3. Create SSO Node 8 4. Create SAML IdP 10
More information8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6
for Office Contents 2 Contents 8.0 Help for Community Managers... 3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6
More informationClick to add text IBM Collaboration Solutions
IBM Connections Search: Troubleshooting and Best Practices 5/14/2014 Greg Presayzen Client Technical Professional Mark McCarville Advisory Software Engineer Click to add text IBM Collaboration Solutions
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationUnified Communications Manager Version 10.5 SAML SSO Configuration Example
Unified Communications Manager Version 10.5 SAML SSO Configuration Example Contents Introduction Prerequisites Requirements Network Time Protocol (NTP) Setup Domain Name Server (DNS) Setup Components Used
More informationUpgrade Procedures and best practices for migrating to Sametime
Upgrade Procedures and best practices for migrating to Sametime 9 12-4-2013 Tony Payne Senior Software Engineer - Sametime IBM Collaboration Solutions Powered by IBM SmartCloud Meetings Agenda A few notes
More informationIntegrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)
Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML) 1. Overview This document is intended to guide users on how to integrate their institution s Dell Cloud Access Manager
More informationOpen Mic Webcast. Troubleshooting Sametime Policies
Open Mic Webcast Troubleshooting Sametime Policies Date: March 30, 2016 Speaker: Sandy Lee Panelist: Casey Toole, Jennifer Isola-Mayes and Nancy Pittman Troubleshooting Sametime Policies 2 Agenda What
More informationUser Guide. Version R94. English
AuthAnvil User Guide Version R94 English March 8, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationPush Notifications (On-Premises Deployments)
Push Notifications Overview, page 1 Push Notifications Prerequisites, page 5 Push Notifications Configuration Task Flow, page 6 Push Notifications Troubleshooting, page 15 Push Notifications Interactions
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationSalesforce Mobile App Security Guide
Salesforce Mobile App Security Guide Version 3, 0 @salesforcedocs Last updated: October 11, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationBest Practices. Ranjit Rai Ranjit Rai 8April 2010
Best Practices Ranjit Rai Ranjit Rai 8April 2010 OPEN MIC LOTUS TEAM Ranjit Rai - Lotus Technical Advisor Presenter Focussing on entire Notes/Domino Hansraj Mali - Lotus Technical Advisor Focussing on
More informationIBM Lotus Notes in XenApp Environments
IBM Lotus Notes in XenApp Environments Open Mic Webcast September 28, 2011 11:00 AM EDT 2011 IBM Corporation Open Mic Webcast: IBM Lotus Notes in XenApp environments September 28 th @ 11:00 AM EDT (15:00
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationDeploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3
Deploying VMware Identity Manager in the DMZ SEPT 2018 VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationUser Guide. Version R92. English
AuthAnvil User Guide Version R92 English October 9, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationSECURING DOMINO LDAP. Open Mic June 10th 2015
SECURING DOMINO LDAP Open Mic June 10th 2015 AGENDA Background Domino Directory Assistance Domino LDAP Server Domino LDAP in a Post-Poodle World Questions 2 BACKGROUND We consider this presentation a continuation
More informationAccess Manager Applications Configuration Guide. October 2016
Access Manager Applications Configuration Guide October 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights,
More informationADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration
IBISTIC TECHNOLOGIES ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration Magnus Akselvoll 19/02/2014 Change log 26/06/2012 Initial document 19/02/2014 Added
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationOpen Mic Webcast A Guide to Connection Cloud Mobile Features
Open Mic Webcast A Guide to Connection Cloud Mobile Features Speakers: Declan Joyce, Imran Khan Panelists: Mark Benge, Asia Bashadi Gaganpreet Kaur Saini,Joshua Edwards Khalid Abbas,Sandy Lee Tony Payne,
More informationGetting Started with MarvelClient Essentials IBM
Getting Started with MarvelClient Essentials IBM ii Getting started with MarvelClient Essentials Contents Getting started with MarvelClient Essentials.............. 1 Overview............... 1 Deployment
More informationBox Connector. Version 2.0. User Guide
Box Connector Version 2.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate Box Connector User Guide Version 2.0 March, 2016 Ping Identity Corporation 1001 17th Street, Suite
More informationQuickr Configuration/Administration
IBM Software Group Quickr Configuration/Administration Managing Quickr An IBM Proof of Technology 2008 IBM Corporation Presentation objectives Define configuration and administration of IBM Lotus Quickr
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationCisco TelePresence Management Suite Extension for IBM Lotus Notes
Cisco TelePresence Management Suite Extension for IBM Lotus Notes Installation and Getting Started Guide Software version 11.3.3 D13561.21 Revised October 2014 Contents Introduction 4 How to use this document
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationNotes Domino 8.5 STEW
Upgrading to Notes/Domino 8.5 Nithitus Upatumvipanon IBM Lotus Software Specialist nupatumvipanon@th.ibm.com Lotus Worldwide Technical Sales 2008 IBM Corporation About Lotus Worldwide Technical Sales The
More informationDomino Integration DME 4.6 IBM Lotus Domino
DME 4.6 IBM Lotus Domino Document version 1.3 Published 10-05-2017 Contents... 3 Authentication and authorization: LDAP... 4 LDAP identity...4 Access groups...5 User information retrieval...6 Configuration...6
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationCONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE MARCH 2019 PRINTED 28 MARCH 2019 CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE VMware Workspace ONE Table of Contents Overview Introduction Audience AD FS
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationBlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide
BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0 Administration Guide SWDT487521-636611-0528041049-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationCisco TelePresence Management Suite Extension for IBM Lotus Notes
Cisco TelePresence Management Suite Extension for IBM Lotus Notes Installation and Getting Started Guide Software version 11.3.2 D13561.19 April 2013 Contents Introduction 4 How to use this document 4
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationConfiguration Guide. BlackBerry UEM Cloud
Configuration Guide BlackBerry UEM Cloud Published: 2018-04-18 SWD-20180411125526296 Contents About this guide... 7 Getting started... 8 Configuring BlackBerry UEM Cloud for the first time... 8 Administrator
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationIBM Lotus Notes Traveler
IBM Lotus Notes Traveler Marco Paolini Client Technical Professional IBM Collaboration Solutions IBM Disclaimer Information regarding potential future products is intended to outline our general product
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationQuick Start Guide for SAML SSO Access
Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 2 Understanding SAML Protocol 3 SSO Mode 4
More informationSecureAuth IdP Realm Guide
SecureAuth IdP Realm Guide What is a Realm? A realm is a configured workflow that leads end-users to a target resource (application, IdM page, certificate enrollment page, etc.). Each SecureAuth IdP realm
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationCloud Secure Integration with ADFS. Deployment Guide
Cloud Secure Integration with ADFS Deployment Guide Product Release 8.3R3 Document Revisions 1.0 Published Date October 2017 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 http://www.pulsesecure.net
More informationDomino Clouds Public AND Private. Collin Murray Program Director, Lotus Domino Product Management
Domino Clouds Public AND Private Collin Murray Program Director, Lotus Domino Product Management Disclaimer The information on the new product is intended to outline our general product direction and it
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More information