You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Connecting to IBM Domino
EmpowerID IBM Domino connector allows organizations to bring the user and group data in their IBM Domino system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory IBM Domino user accounts
Create, Update and Delete IBM Domino user accounts
Enable and Disable IBM Domino user accounts
Reset user passwords
Group Management
Inventory IBM Domino groups
Inventory IBM Domino group memberships
Create and Delete IBM Domino groups
Add and Remove members to and from IBM Domino groups
Attribute Flow
Users in Box are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.
Domino Attribute | Corresponding EmpowerID Attribute | Description |
---|---|---|
LastName | LastName | Last Name of the user |
FirstName | FirstName | First Name of the user |
MiddleInitial | MiddleName | Middle Initial of the user |
Name | Name | Name of the user |
DisplayName | FriendlyName | Display Name of the user |
ShortName | Login | Login of the user |
InternetAddress | Email address of the user | |
EmployeeNumber | EmployeeID | Employee ID of the user *unique identifier |
EmployeeType | EmployeeType | Employee Type of the user |
JobTitle | Title | Job Title of the user |
Department | Department | Department of the user |
DepartmentNumber | DepartmentNumber | Department Number of the user |
CellPhoneNumber | MobilePhone | Mobile Phone Number of the user |
OfficePhoneNumber | Telephone | Office Phone Number of the user |
Manager | ManagerPersonID | Person ID of the user’s manager |
Location | Location | Location of the user |
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Domino accounts for any person within your organization based on your policy requirements.
In order to connect EmpowerID to Domino, the following prerequisites need to be met:
IBM Domino version 9.0 or above
IBM Domino client installed on a 32-bit machine
IIS
EmpowerID Domino Web Service installed on the same machine as the Domino client. The installer for the EmpowerID Domino Web Service is a separate package that needs to be requested from EmpowerID.
This topic demonstrates how to connect EmpowerID to IBM Domino and is divided into the following activities:
Installing the EmpowerID Domino Web Services
Connecting EmpowerID to your Domino directory
Configuring the Domino Account Store
Install the EmpowerID Domino Web Service
On a 32-bit machine with IIS, double-click the Lotus Notes Connector Service X.X.X.X msi to launch the EmpowerID Lotus Notes Service Setup wizard.
Click Next to begin the installation.
Accept the terms of the license agreement and click Next.
Select the destination folder and click Next.
In the Lotus Notes Server Configuration screen, do the following:
Type YourDominoServerName/Domain in the Registration Server field, replacing "YourDominoServerName" with the name of your actual Domino server and "Domain" with the server's domain.
Type /Domain in the Certifier Name field, replacing "Domain" with the server's domain.
Click the Ellipses (...) for the CertifierID File field, browse to the data folder of your Domino installation (located by default at "C:\Program Files\IBM\Domino\data") and select cert.id.
Click the Ellipses (...) for the ID File Location field, browse to the Domino folder of your Domino installation (located by default at "C:\Program Files\IBM\Domino\data"), select the data folder and click OK.
Specify whether the short name is unique in your system by selecting True (recommended) or False from the Unique ShortName drop-down.
Specify whether you are using an ID File by selecting True or False (recommended) from the No ID File drop-down.
Select your mail system from the Mail System drop-down. Notes is the default.
Type the domain of the mail system in the Mail Domain field, if it differs from the Domino server domain.
Click Next.
In the IIS Settings screen, do the following:
Type the user name and password of the service identity in the Username and Password fields, respectively. These credentials need to be those of a Domino administrator with read and write permissions to the Domino database.
Type the name of the Web site for the service in the IIS Web Site field.
Click Next.
Click Install and then click Finish when the installation completes.
After installing the EmpowerID Domino Web service, the next step is to connect EmpowerID to your IBM Domino Lotus directory.
Connect EmpowerID to your IBM Domino Lotus Directory
In the navigation sidebar, expand Admin > Applications and Directories and then click Account Stores and Systems.
On the Account Stores page, click Create Account Store.
Under System Types, search for Lotus Notes.
Click Lotus Notes to select the type and then click Submit.
On the Lotus Notes Domino form that appears, enter the following information:
Name — Enter a name for the account store
Domino Admin Username — Enter the username of the Domino admin
Domino Admin Password — Enter the password of the Domino admin
ServiceURL — Enter the URL for the EmpowerID Domino Web service you installed above in the ServiceUrl field. When setting the URL, be sure to specify “https” as the scheme and the version of the EmpowerID Domino Web service you are using. The URL should look similar to:
https://192.168.15.99/LotusNotes/LotusNoteService.svc/v1
Certifier Password — Enter the certifier password.
Click Submit to create the account store.
EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.
Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.
Configure account store settings
On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.
This opens the edit page for the Domino account store. This page allows you to specify the account proxy used to connect EmpowerID to your Domino system as well as how you want EmpowerID to handle the user information it discovers in Domino during inventory. Settings that can be edited are described in the table below the image.Edit the account store as needed and then click Save to save your changes.
Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Domino to EmpowerID Persons as demonstrated below.
EmpowerID recommends using the Account Inbox for provisioning and joining.
IN THIS ARTICLE