SECURING


Deleting an ID from a vault or marking an ID inactive
You can delete an ID from a vault. You can also mark an ID as inactive, which moves it to the Inactive User IDs view of the vault and prevents use of the ID for vault user operations. An inactive ID can be restored, for example if a user returns to the organization after leaving..

About this task

The following table summarizes how to delete IDs from a vault, how to mark IDs in a vault as inactive, and how to restore inactive IDs.

Table 1. IDs management tasks in the vault
TaskSteps Comments
When you delete a user using the administration process, delete the user ID from the vault.From the Domino® Administrator, click People & Groups, select the Person document, click Delete, and select Delete the ID from the vault.
  • You must be a vault administrator to delete an ID in a vault. If you are not a vault administrator and perform these steps, an administration process request marks the ID as inactive in the ID vault with a time bomb icon. A vault administrator must then delete the ID from the vault manually.
  • The option to delete an ID from a vault as you delete a person is not available from the Web Administrator client. Delete an ID from a vault manually in this case.
Delete an ID from the vault manually. Open the vault database located in IBM_ID_VAULT subdirectory, select the user document for the ID in either the Vault Users view or Inactive User IDs view, and click DEL and then press F9.
  • You must be a vault administrator.
When you delete a user using the administration process, mark the user ID in the vault as inactive.From the Domino Administrator, click People & Groups, select the Person document, click Delete, and select Mark the ID as inactive and keep the ID in the vault.
  • Either a Domino administrator or a vault administrator can perform these steps.
  • If performed by a Domino administrator, an administration process request marks the ID in the vault as inactive.
  • The option to mark an ID in a vault as inactive as you delete a person is not available from the Web Administrator client. Mark an ID in a vault as inactive manually in this case.
Mark an ID in a vault as inactive manually. Open the vault database located in IBM_ID_VAULT subdirectory, select the user document for the ID in the Vault Users view, and click Mark ID Inactive.
  • You must be a vault administrator.
Restore an inactive ID. Open the vault database located in IBM_ID_VAULT subdirectory, select the user document for the ID in the Inactive User IDs view, and click Restore ID.
  • You must be a vault administrator.

Related concepts
ID vault management roles
Managing the user IDs in an ID vault

Related tasks
Deleting a user