HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

FILTER BY CATEGORY

My ideas: Security

Showing 243

Improve $$LoginUserFormMFA so that it only shows Username & Password fields

I think it would be a lot prettier if the new MFA login form only displayed the Username and Password fields and then on submission you were then prompted separately for the TOTP/MFA code (if required). The new prompt for TOTP/MFA code could then ...
over 1 year ago in Domino / Security 1 Needs Review

Add Trusted Device option to suppress MFA requirement for x days

It would be nice if there was the ability to allow Trusted Devices to prevent the use of MFA on a particular device for say 30 days (this should be configurable by the admin). There would also need to be a requirement to remove any existing truste...
over 1 year ago in Domino / Security 1 Under Consideration

Let us choose the attributes for authentication in webapplications like we can in Websphere/Connections: uid;cn;mail

We can now only set this into 2 options: Lower and Higher security which contains several attributes each. We would like to choose the attribute(s) for authenticating into Domino webapps. The 2 options is not good when you want to logon using shor...
over 1 year ago in Domino / Security 2 Under Consideration

Add a blanket grant for the XPages JVM to the default java.policy file

I just lost two days, just to find out that our RuntimePermission exception (getClassLoader) in Java is caused by a missing setting in a java.policy file, somewhere deep in the Domino tree. In the end, after trying several different settings, the ...
over 1 year ago in Domino / Security 3 Under Consideration

Do not overwrite ACL log when pasting an ACL

When doing a copy & paste of an entire ACL also the ACL log gets copied. My expectation was that the target ACL log would not be copied over, the ACL log should only be updated. This is just a suggestion to change the design in such a way t...
over 1 year ago in Domino / Security 2 Assessment

ID Vault to function in Web the same as in the Administrator Client

Some Admins IDvault admins do not have Notes/Admin client installed on their PC. Would it be better if ID vault functions the same in Web or Internet browser to reset and share ID
over 1 year ago in Domino / Security 0 Assessment

TOTP (MFA) Scratch code - set expiry date and limit number of codes generated

When Scratch codes are generated for TOTP setup there are 10 codes generated with no expiry date and I have the following suggestions : 1) Add an "Scratch Code Expiry Time (hrs)" so administrators can set the code to expire for example after 48 ho...
almost 2 years ago in Domino / Security 0 Needs Review

Internet Password History and Complexity

Password history and complexity checks are possible on notes id passwords but for internet password validation so we have to use using custom code, it would be nice to include the internet password history and complexity as part of standard Domino...
almost 2 years ago in Domino / Security 1 Under Consideration

Database/dictionary for storing bad common passwords

Currently, customer does use custom password policy settings. But is requesting to have the ability to create a dictionary/database or a feature for storing bad Notes ID passwords and prevent users to use it as their Notes ID passwords. The purpos...
almost 2 years ago in Domino / Security 1 No Plans to Implement

Turn off responding on / api

If I haven't turned on Data Services in Domino this endpoint should on respond at all. It's an unnecessary security risk to keep it open if not used, common practice is to have endpoints closed if they are not used. Also to be able to enable it fo...
almost 2 years ago in Domino / Security 0 Under Consideration
Copyright © 2023 HCL Technologies Limited