Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

My ideas: Security

Showing 272

API-Key Authentication for Domino Web Applications

Provide ability to create a API-Key records in names.nsf for third party applications to connect to Domino resources for various reasons (Mostly REST-API, Web agents, DAS, etc.) Right now customers provide a separate username password and the othe...
almost 2 years ago in Domino / Security 5 Needs Clarification

SAML implementation, can be done safer?

1.) HCL Domino server 12.0.1 (and older) are missing SAML Artifact binding implementation/settings. It has just SAML POST binding :-( Hmm it also works SOAP and inside SAML POST binding, but SAML ARTIFACT binding didn't work for me at all. Is SAML...
almost 2 years ago in Domino / Security 0 Needs Review

IDVault:Need increase one view to display all these archived user id file document

https://help.hcltechsw.com/domino/12.0.0/admin/vault_automatic_restart_id_sync.html?hl=id%2Carchived Now all user ID file documents display under the default "Vault Users" view For these archived user ID file, which display as ~UserName also in th...
almost 2 years ago in Domino / Security 0 Needs Review

Prompt for user content before configuring notes client.

This is to control & monitor user and admin activity in terms of account access. ( just want user consent before configuring notes client on behalf of the user.). Basically, customer have MFA for notes, but none for lotus notes client security...
almost 2 years ago in Domino / Security 1 No Plans to Implement

Option to select whether the LTPAToken should be completely removed/or usable when session has been completely ended.

When enabling Session authentication across servers, the token issued by a server can still be used even after the session has been completely ended on the server and on the browser. If a user issues a request to the server using the same token, y...
almost 2 years ago in Domino / Security 1 Under Consideration

Setting not to display the Access Control List settings

Notes users who don't have administrator privileges cannot change ACLs of Database but can view the settings of Access Control List. We do not want to show the group names, server names, user name etc. displayed in the Access Control List to them...
almost 2 years ago in Domino / Security 0 Under Consideration

Tool to remove the internet certificate from the server ID

The "Delete from ID file" action from the User Security (in Notes) or ID Properties (in Admin client > Configuration tab) is greyed out when trying to remove an internet certificate from the server ID. We would like to request a tool that will ...
almost 2 years ago in Domino / Security 0 Under Consideration

Block users that dont have a smartcard enabled ID-file

Today it is possible for users to smartcard enable their own ID-file and then use the smartcard to login to the Notes environment. Make it possible to block users that dont have a smartcard-enabled ID. Or in some way force users that they must use...
about 2 years ago in Domino / Security 0 Under Consideration

Internet Lockout not per server, but per website or per domain.

When you have a clustered Domino backend for hosting websites or web-apps, and you have a loadbalancer in front of them......and internet lockout only occurs per server.....it's possible that you end up on another cluster-member and can continue t...
about 2 years ago in Domino / Security 2 Assessment

Force logout web mail users (i.e. Verse & iNotes)

Customer wants to apply a force logout to users whose accounts are compromised. Changing their password or restarting http task does not automatically logout the user. Waiting for token expiration could be risky if set for a long duration. Current...
about 2 years ago in Domino / Security 1 Under Consideration