SECURING


Configuring user name mapping when you manage Domino users through Domino Directory
Follow the steps in this topic to configure user name mapping for a Windows™ single sign-on environment if you manage IBM® Domino® user information primarily through Domino Directory. You might want to use a directory synchronization tool such as IBM Tivoli® Directory Integratorto populate required Active Directory information into Domino.

About this task

If you use a separate IBM application to manage Internet access to Domino, for example IBM Tivoli Access Manager WebSEAL reverse proxy or IBM WebSphere® DataPower® security gateway, the application can be set up to authenticate the Internet user against the user's Active Directory record rather than the Domino Person document. In this case:


Procedure

1. Make the following edits to participating Web users' Person documents in the Domino Directory.


2. If some SSO servers are authenticating users against Active Directory, specify the following setting in the Web SSO Configuration document:
Related concepts
Configuring user name mapping in a Windows single sign-on for Web clients environment

Related tasks
Creating a Web SSO configuration document
Setting up Windows single sign-on for Web clients

Related information
Troubleshooting Windows single sign-on for Web clients (SPNEGO)