Overview
IAM runs as a Node.js application. The following picture illustrates how IAM works with other Domino components to provide authorization services for your applications:
Note the following characteristics of an IAM deployment:
- IAM requires the Node.js runtime.
- IAM stores its data to its own Domino nsf.
- The communication with Domino is through domino-db.
- To encrypt data, IAM uses the domino-db encryption feature. This encryption requires the use of the Domino ID vault.
- To authenticate users, IAM refers to the Domino LDAP directory or to Microsoft Active Directory to retrieve user information. IAM doesn't itself manage user information.
- Besides the storage server role, Domino also need to be configured as IAM's Resource Provider. So it can trust the tokens IAM grants to your application and return data to you.
In summary, IAM setup need five major steps:
- Preparation: See Preparation
- Config Domino as IAM Storage Server: See Domino Configuration
- Setup IAM server: See IAM Configuration
- Configure IDP to connect with LDAP: See IAM Management
- Config Domino as IAM's resource provider See OAuth DSAPI extension
There are quite a few steps here to setup a secure and stable IAM environment. In case to get an IAM server up quicker to start your explore, IAM provides 'Pilot mode' as a shortcut:
- Pilot mode: See Setup Pilot Mode
Following chapters will cover these topics.