Configure Domino ID vault
The Domino ID vault is a secure repository for user ID files. The Domino AppDev Pack requires that users who perform encryption and decryption operations have their ID files stored in the ID vault.
The purpose of this step is to have ID files used by applications and the AppDev Pack to be available in the ID vault. The steps below show one way to enable this and is the simplest to administer. If your domain already uses an ID vault and application IDs are already in the vault there is nothing more to do.
To create a new ID vault and Policy to automatically vault users perform the following actions using the HCL Domino Administrator.
Run the create vault Wizard
Select the Configuration Tab on the top Navigation Bar. Then, Open "ID Vaults" on the right outline. Then, select "Create..." to initiate the Create Vault wizard.
Set the vault name and description
A Domino server may have multiple ID vaults for different policies and administration groups. Set your vault name and description. Click Next.
Set the vault ID password
Set the Vault ID password. Click Next.
Set the vault server
Specify the Domino server on which to create the vault. Click Next.
Set the vault administrator
Specify the Vault Administrator. Click Next.
Set the vault organization
Specify the Vault Organization. Click Next.
Set the names authorized to reset passwords
Specify the user(s) that are authorized to reset passwords. Click Next.
Select how to apply a vault policy to users
Specify to create a new policy and that it will apply to the entire organization. This option is the simplest to manage and configure. You may choose other options as well.
Click Next.
Create the vault policy settings
Select the organization to which this policy will be assigned. Click Next.
Set the forgotten password help text
Specify the help text that will be displayed to the user when they have forgotten their password. Click OK.
Verify configuration
Verify the configuration options selected. Click Create Vault.
Choose Certifier ID
The creation process will start and then will ask for the Domino server's Certifier ID.
Provide the Certifier ID, usually named cert.id. The certifier was created earlier when you created your first Domino
server.
Click OK.
Enter password to Certifier ID. Then click OK.
Final Dialog
The creation process will complete. You may want to save the information shown in this dialog.
You have successfully created the Notes ID vault 'Applications'.
In the process of creating the vault the following tasks have been run.
Created Notes ID vault Document
Created Notes ID vault Trust Certificates
Created Notes ID vault Password Reset Authorities
Created Notes ID vault ID file (c:\Program Files (x86)\HCL\Notes\Data\ids\vault\applications.id).
Created Notes ID Vault /Applications
Vault database path: \IBM_ID_VAULT\Applications.nsf
Add vault trust certificates to the following organizations:
/Jumbo Cloud Services was successfully added.
Policy work done.
Created security setting document ApplicationsVaultSetting
Created master policy */Jumbo Cloud Services
You can find the Notes ID vault document in the Security/ID vaults view of
the Domino directory.
You can find the Notes ID vault certificates in the Security/Certificates/Certificates view of
the Domino directory.
You can make changes to the Notes ID vault configuration by using the 'ID Vaults - Manage tool'
in the Domino Administrator.
Reminders:
Organizations whose users can use this vault:
Vault Trust Certificates to establish trust of the vault for ID storage can be added using the 'ID Vaults - Manage tool' in the Domino Administrator.
Users who can reset passwords:
Password reset certificates can be added using the 'ID Vaults - Manage tool' in the Domino Administrator.
Notes ID vault policy:
Notes ID vault policies can be added using the 'ID Vaults - Manage tool' in the Domino Administrator or you can manually add in the Domino directory.
Click Done.
When we configure the IAM service user in the next step we will perform an extra verification to ensure that the ID vault is available.