Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Domino > Domino security > Adding an ID vault password reset authority from a different organization
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

Notes URLs
Notes URLs The launching of Notes URLs is the mechanism the client uses to create bookmarks and launch components. This document describes various configurations of that URL and the results of launching them. Format: notes:serverdbviewdocument?Commandparamsvalues Server Examples: NPD1, ...

IBM's phase 1 deployment of the Notes ID vault
IBM has begun its internal deployment of the Notes ID vault, the new Notes ID file recovery and management feature in Lotus Notes and Domino 8.5. This article provides a window on phase 1 of our ID vault deployment during which we deployed the ID vault in one of the domains used by the Lotus ...

Security Assertion Markup Language (SAML) Notes Federated Login
This article will cover the following topics for Security Assertion Markup Language (SAML) Notes Federated Login: Notes Federated Login Overview, Notes Federated Login Deployment Overview, Debug Tips. This content was provided by Na Pei of the IBM Notes Development team

Adding an ID vault password reset authority from a different organization
If a password reset authority is in an organization different from the organization assigned to your vault, you may need to take additional steps in order for the password reset authority to be able to reset passwords successfully. If not already created, you will need to create crosscertificates ...

Upgrading from Notes client single logon to Notes shared login
Lotus Notes 8.5 supports both Notes client single logon (introduced in an earlier release) and Notes shared login (new in 8.5). Notes single logon is not a supported configuration if you use the ID vault. Therefore, if you use the ID vault, use Notes shared login instead, which is designed to work ...
Community articleAdding an ID vault password reset authority from a different organization
Added by Michael Stewart on April 27, 2021 | Version 1
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
No abstract provided.
Tags: Notes ID Vault
If a password reset authority is in an organization different from the organization assigned to your vault, you may need to take additional steps in order for the password reset authority to be able to reset passwords successfully. If not already created, you will need to create cross-certificates so that both organizations can establish trust with each other.
Cross-certificates can be pushed to Notes clients. See this article "Pushing trusted certificates to Lotus Notes clients" from the IBM Lotus Notes and Domino Information Center.

For example, your company has a Domino domain with two organizations, "Acme" and "Star." You have created a vault called "AcmeVault" for the organization Acme. You would like to add a user "Admin User/Star" as a password reset authority for the organization Acme .
Using the vault manage tool in the Administrator client, you add the user Admin User/Star as a password reset authority for the organization Acme, thus creating a password reset certificate for Admin User/Star for the organization Acme. Through this password reset certificate, Acme trusts Admin User/Star to reset passwords. However, Admin User/Star may still not be able to reset passwords and you may receive a "Missing or invalid Password Reset/Vault Trust Certificate" error. The password reset authority's organization, Star, needs to be able to establish trust with Acme as well, and you will need to create a cross-certificate issued by Star to Acme.

1. Using the Notes Administrator client, create a cross certificate from Star to Acme.
Select the "Configuration" tab, expand "Tools" -> "Certification" and click "Cross Certify."

2. Copy the certificate issued by Star to Acme created in Step 1 to the password reset authority's local Personal Address Book.
One way to do this is to open the server's directory from the password reset authority's computer, then select the cross certificate and click on the "Copy to Personal Address Book" button. (See picture below.)

3. Check that a copy of Acme's Notes certifier certificate exists on the server in the "Certificates" view under "Notes Certifier". If it does not exist, you will need to make a copy of the certificate and store it on the server.

Afterwards, "Admin User/Star" will be able to successfully reset password for users in the organization "Acme."

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (1)Apr 27, 2021, 6:52:57 PMMichael Stewart  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility