Enabling password synchronization

When users change their service login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM® Notes® client.

About this task

Password synchronization benefits users who are active users of both the web and Notes clients by allowing them to use one password for both clients.

After you enable password synchronization, when users change their service login passwords, the new passwords are added to the Notes ID files in the ID vault. Users can then use the new passwords the next time they log in to the service from the Notes client.

Password synchronization occurs whenever users change their service login passwords. Users can change the service login passwords at any time through Connections Cloud My Account Settings. They also change the passwords:
  • After they log in to the service for the first time with temporary passwords;
  • After they log in to the service after an administrator resets their service login passwords;
  • After they log in to the service when service login password expiration is enabled and their passwords expire.
Before you enable password synchronization, be aware of the following information:
  • The feature does not apply to users who log in to the service with a federated identity that your organization defines.
  • Synchronization occurs in one direction: from the service login password to the Notes ID password. Changing the Notes ID password does not change the service login password.
  • When service login passwords change, Notes client users are not required to use the new passwords. Their old passwords remain valid until they use the new passwords to log in to the service from the Notes client. Because the continued use of the old password prevents ID synchronization with the ID vault, as a best practice, recommend to users that they use the new passwords on the Notes client.
  • Synchronization occurs after Notes clients are connected to the service.
  • Notes client users can change their Notes ID passwords, either by choice or because you enable the Password Expiration setting in SmartCloud Notes Administration and their passwords expire. When Notes users change the Notes ID passwords, the service login passwords do not change automatically. However, users can use Connections Cloud My Account Settings to change the service login passwords to match the new Notes ID passwords.
  • If you enable password expiration for Notes IDs, a Notes ID password might expire before a user logs in to Notes with a new service login password. In this case, the user can log in to the Notes client with the old Notes ID password but the user is prompted to change the password when opening mail or another application. At this point the user can provide the new service login password.
  • If you use an on-premises policy to specify Notes ID password requirements for service users, as a best practice, do not make the requirements more restrictive than the service login password requirements. If the Notes ID password requirements are more restrictive, a password that is acceptable for the service password can be unacceptable for Notes. For example, if the policy requires that passwords be 10 characters and a user's service login password is only 8 characters, the service login password cannot be used for Notes. Service login passwords must:
    • Include at least eight characters
    • Include at least one non-alphabetic character and four alphabetic characters
    • Include no more than two repeated characters
    • Be different from the previous eight passwords
    • Not include the user's given name, surname, or email address
    • Not include the space character
    Note: Although service login passwords can be any length, Notes ID passwords must be 63 or fewer characters. If you use password synchronization, tell users to use service login passwords that are within the 63 character limit so they can be used for the Notes ID, too.

To enable password synchronization, complete the following procedure.

Procedure

  1. Log on to the service as an administrator.
  2. If your account also has the User role, click Admin > Manage Organization.
  3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings.
  4. Click Password Management.
  5. In the Password Synchronization section of the page, select Enable password synchronization.
  6. Click Save.

Results

When users change their service login passwords, they can use the new passwords to log in to the Notes client.

If users change the Notes ID password, the service login password does not change automatically.

What to do next

Notify users that the feature is enabled. Recommend that when they change the service login passwords that they use the new passwords to log in to the Notes client.