Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

Security

Showing 298

Disabling local processes or external processes using the Domino Server

A way to disable executing local processes and commands on Domino using powershell, cmd, etc
over 2 years ago in Domino / Security 0 Planning to Implement

Prompt for user content before configuring notes client.

This is to control & monitor user and admin activity in terms of account access. ( just want user consent before configuring notes client on behalf of the user.). Basically, customer have MFA for notes, but none for lotus notes client security...
over 2 years ago in Domino / Security 1 No Plans to Implement

Option to select whether the LTPAToken should be completely removed/or usable when session has been completely ended.

When enabling Session authentication across servers, the token issued by a server can still be used even after the session has been completely ended on the server and on the browser. If a user issues a request to the server using the same token, y...
over 2 years ago in Domino / Security 1 Under Consideration

Tool to remove the internet certificate from the server ID

The "Delete from ID file" action from the User Security (in Notes) or ID Properties (in Admin client > Configuration tab) is greyed out when trying to remove an internet certificate from the server ID. We would like to request a tool that will ...
over 2 years ago in Domino / Security 0 Under Consideration

Restrict users from viewing person and server configurations in Domino Directory

Currently all users (with reader access) are able to access Person document > Basics/ Work/ Other/ Misc/ Certificates/ Roaming/ Administration tab. Can we restrict the users to only access to Basics tab for security best practice?By right, user...
almost 3 years ago in Domino / Security 1 Under Consideration

Provide some way to find back password of root cert.id or change / reset it to a new one when forgetting the old password

The customer's old Domino Server administrator moved to another company, but did not tell the new administrator the password for the root cert.id used for this customer. The customer asked the HCL to provide some way find back the password or chan...
almost 3 years ago in Domino / Security 3 No Plans to Implement

Enable Internet password expiration for other protocols such as LDAP/POP3/IMAP/DIIOP

From Domino Administrator Help: https://help.hcltechsw.com/domino/11.0.0/conf_creatingsecuritypolicysettingsforlotusinotesusers_t.html Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwor...
over 3 years ago in Domino / Security 4 No Plans to Implement

Installing Domino Utility Server in the AD domain controller for AD Password Sync

Installing Domino Utility Server in the AD domain controller is required for AD password sync, but this is a security risk as third-party softwares should not be installed in the AD domain controller.
over 3 years ago in Domino / Security 3 No Plans to Implement

Improve $$LoginUserFormMFA so that it only shows Username & Password fields

I think it would be a lot prettier if the new MFA login form only displayed the Username and Password fields and then on submission you were then prompted separately for the TOTP/MFA code (if required). The new prompt for TOTP/MFA code could then ...
over 3 years ago in Domino / Security 1 Needs Review

Turn off responding on / api

If I haven't turned on Data Services in Domino this endpoint should on respond at all. It's an unnecessary security risk to keep it open if not used, common practice is to have endpoints closed if they are not used. Also to be able to enable it fo...
over 3 years ago in Domino / Security 0 Under Consideration