This article describes synchronization relationships between various passwords you may be using in your whole environment, with a focus on comparing on-premises Notes and Domino password synchronization options to IBM SmartCloud Notes password synchronization options.
Q: When my SmartCloud for Social Business service password is changed, does the new password synchronize to my IBM Notes ID password?
A: Yes. If you use the IBM Notes Client, you have at least two passwords to keep track of for SmartCloud:
service login name and service password
IBM Notes client
Notes ID file and Notes ID password
When you change your service password, used for logging into SmartCloud from a web browser, the change synchronizes to your Notes ID password. Please note: An administrator must enable this capability. Password synchronization occurs in only one direction; from service password (web password) --->Notes ID password. If you would like to understand more about what to expect from this feature, visit the online documentation on this feature: Enabling Password Synchronization
There is a possibility that your SmartCloud account is configured so that you use your organization's login page and your company credentials, not your SmartCloud service credentials, to access the SmartCloud service in a browser . When using a browser to access SmartCloud components such as Meetings and Files, you do not log in from the SmartCloud login page and you do not use any SmartCloud credentials. If that describes you, the password synchronization feature does not apply.
Q: If a user changes his or her Notes ID password, does this change the SmartCloud service password?
A: No, it does not. This does not happen automatically and it is not configurable. Password synchronization occurs in only one direction; from service password (web password) --->Notes ID password.
Q: In a hybrid environment, an Administrator enables password synchronization to synchronize users' SmartCloud login passwords to their Notes ID passwords. When the SmartCloud login password is changed and it synchronizes to a user's Notes ID, are the password digest and Last change date fields in the Person document for the user in the on-premises directory updated automatically?
A: No, changing the password in SmartCloud does not update the password data for the user in the on-premises person document in the Domino directory. In order for the password data to be updated in the user's person document, the user's on premises policy must be enabled for password expiration and the user must authenticate to the on-premises server, using the Notes ID file with the changed password. That should generate an Administration Process (adminp) request to update the user's password data in the on-premises Domino directory.
Background - You can configure your on-premises Domino environment for password verfication so that a Notes user can authenticate with a server only after providing the correct password that is associated with the user's Noes ID. The server verifies the password entered by the user with the password stored in the user's Person document, in the password digest field. To read more about password verification in a Domino on-premises environement, see Verifying user passwords during authentication.
If a user changes his/her Notes ID password, then authenticates with an on-premises server that requires password verification, the Administration Process generates a Change User Password in Domino Directory request which updates the Password digest and Last change date fields in the user's Person document in the Domino directory on-premises. Once the adminp request is carried out, the password digest and Last change date fields will be updated.
A lockout could occur if the user's Notes ID password is changed, but the user does not authenticate with any on-premises Domino servers until after the required change interval has expired and the grace period has also expired. The grace period is the number of days after the required change interval has expired that users are allowed before they are locked out of the server. In this case, delete the entry in the Password digest field, and ask the authorized user to authenticate with a Domino server immediately and enter a the new password.
Troubleshooting - Do a policy synopsis of the user on the on-premises directory. Check for adminp requests to see if they are present and processing on the proper admin server on-premises.
Q: For users of SmartCloud Notes mail, can the Notes ID password be eliminated with the feature called Notes Shared Login, available to on-premises Notes and Domino users?
A: Yes. If your Administrator has configured this in your SmartCloud Notes Hybrid environment (not available in service-only), the Notes
Shared Login feature will encrypt your local ID file with your Windows workstation credentials (via DPAPI) instead of a password. After a user logs in to his or her Windows operating system account they will not be prompted for a Notes ID file password. If configured, Notes Shared Login will behave the same way as it does for Notes users whose Domino mail servers are on-premises. To configure
Notes Shared Login, a SmartCloud Administrator uses a Security Settings document and an explicit group security settings policy which is applied to SmartCloud Notes users. As in Notes and Domino on-premises, there are many variations on setting up Notes Shared Login for users.
To learn how to mimic on-premises policy settings (such as those for Notes Shared Login) in a Hybrid SmartCloud Notes environment, see Using administrative policies
Q: For users of SmartCloud Notes mail, can the Notes ID password be synchronized with the Notes and Domino web/internet password?
A: No, this feature is not available to users of SmartCloud Notes mail. The Notes and Domino web/internet (http) password is not used in the SmartCloud for Social Business service. Rather, SmartCloud users have a service password that is stored in the service and used to access web-based service components such as Files, Meetings, instant messaging and Activities, as well as their mail files from a web browser, or IMAP client, if used, or other mobile clients.
In an on-premises Notes and Domino environment, the administrator has an option, to "update internet password when Notes client password changes" to allow users to optionally synchronize their Notes ID password with their internet password. In Notes and Domino on-premises, the Domino web/internet (http) password is the password you need for HTTP, POP3, IMAP, LDAP, and DIIOP access, as well as for logging in to Domino Web applications and databases through a Web browser, for logging into Sametime instant messaging.
Q. If a user changes one of his or her application passwords, does this change the SmartCloud service password or Notes ID password?
A. No. To learn more about application passwords, see Enabling application passwords and Managing application passwords.