Connecting to IBM Domino

EmpowerID IBM Domino connector allows organizations to bring the user and group data in their IBM Domino system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory IBM Domino user accounts

    • Create, Update and Delete IBM Domino user accounts

    • Enable and Disable IBM Domino user accounts

    • Reset user passwords

  • Group Management

    • Inventory IBM Domino groups

    • Inventory IBM Domino group memberships

    • Create and Delete IBM Domino groups

    • Add and Remove members to and from IBM Domino groups

  • Attribute Flow
    Users in Box are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.

Domino Attribute

Corresponding EmpowerID Attribute

Description

Domino Attribute

Corresponding EmpowerID Attribute

Description

LastName

LastName

Last Name of the user

FirstName

FirstName

First Name of the user

MiddleInitial

MiddleName

Middle Initial of the user

Name

Name

Name of the user

DisplayName

FriendlyName

Display Name of the user

ShortName

Login

Login of the user

InternetAddress

Email

Email address of the user

EmployeeNumber

EmployeeID

Employee ID of the user *unique identifier

EmployeeType

EmployeeType

Employee Type of the user

JobTitle

Title

Job Title of the user

Department

Department

Department of the user

DepartmentNumber

DepartmentNumber

Department Number of the user

CellPhoneNumber

MobilePhone

Mobile Phone Number of the user

OfficePhoneNumber

Telephone

Office Phone Number of the user

Manager

ManagerPersonID

Person ID of the user’s manager

Location

Location

Location of the user

Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Domino accounts for any person within your organization based on your policy requirements.

In order to connect EmpowerID to Domino, the following prerequisites need to be met:

  • IBM Domino version 9.0 or above

  • IBM Domino client installed on a 32-bit machine

  • IIS

  • EmpowerID Domino Web Service installed on the same machine as the Domino client. The installer for the EmpowerID Domino Web Service is a separate package that needs to be requested from EmpowerID.

This topic demonstrates how to connect EmpowerID to IBM Domino and is divided into the following activities:

  • Installing the EmpowerID Domino Web Services

  • Connecting EmpowerID to your Domino directory

  • Configuring the Domino Account Store

Install the EmpowerID Domino Web Service

  1. On a 32-bit machine with IIS, double-click the Lotus Notes Connector Service X.X.X.X msi to launch the EmpowerID Lotus Notes Service Setup wizard.

  2. Click Next to begin the installation.

  3. Accept the terms of the license agreement and click Next.

  4. Select the destination folder and click Next.

  5. In the Lotus Notes Server Configuration screen, do the following:

    1. Type YourDominoServerName/Domain in the Registration Server field, replacing "YourDominoServerName" with the name of your actual Domino server and "Domain" with the server's domain.

    2. Type /Domain in the Certifier Name field, replacing "Domain" with the server's domain.

    3. Click the Ellipses (...) for the CertifierID File field, browse to the data folder of your Domino installation (located by default at "C:\Program Files\IBM\Domino\data") and select cert.id.

    4. Click the Ellipses (...) for the ID File Location field, browse to the Domino folder of your Domino installation (located by default at "C:\Program Files\IBM\Domino\data"), select the data folder and click OK.

    5. Specify whether the short name is unique in your system by selecting True (recommended) or False from the Unique ShortName drop-down.

    6. Specify whether you are using an ID File by selecting True or False (recommended) from the No ID File drop-down.

    7. Select your mail system from the Mail System drop-down. Notes is the default.

    8. Type the domain of the mail system in the Mail Domain field, if it differs from the Domino server domain.

    9. Click Next.

  6. In the IIS Settings screen, do the following:

    1. Type the user name and password of the service identity in the Username and Password fields, respectively. These credentials need to be those of a Domino administrator with read and write permissions to the Domino database.

    2. Type the name of the Web site for the service in the IIS Web Site field.

    3. Click Next.

  7. Click Install and then click Finish when the installation completes.

After installing the EmpowerID Domino Web service, the next step is to connect EmpowerID to your IBM Domino Lotus directory.

Connect EmpowerID to your IBM Domino Lotus Directory

  1. In the navigation sidebar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, click Create Account Store.

     

  3. Under System Types, search for Lotus Notes.

  4. Click Lotus Notes to select the type and then click Submit.

     

  5. On the Lotus Notes Domino form that appears, enter the following information:

    • Name — Enter a name for the account store

    • Domino Admin Username — Enter the username of the Domino admin

    • Domino Admin Password — Enter the password of the Domino admin

    • ServiceURL — Enter the URL for the EmpowerID Domino Web service you installed above in the ServiceUrl field. When setting the URL, be sure to specify “https” as the scheme and the version of the EmpowerID Domino Web service you are using. The URL should look similar to: https://192.168.15.99/LotusNotes/LotusNoteService.svc/v1

    • Certifier Password Enter the certifier password.

  6. Click Submit to create the account store.

  7. EmpowerID creates the account store and the associated resource system. The next step is to configure the attribute flow between the account store and EmpowerID.

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Configure account store settings

  1. On the Account Store and Resource System page, click the Account Store tab and then click the pencil icon to put the account store in edit mode.

     


    This opens the edit page for the Domino account store. This page allows you to specify the account proxy used to connect EmpowerID to your Domino system as well as how you want EmpowerID to handle the user information it discovers in Domino during inventory. Settings that can be edited are described in the table below the image.

     


  2. Edit the account store as needed and then click Save to save your changes.

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in Domino to EmpowerID Persons as demonstrated below.

EmpowerID recommends using the Account Inbox for provisioning and joining.