HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Thx Thomas, I saw that link, but my question was whether 2FA will be part of Nomad Web. Since Nomad Web requires/is part of Domino 12, I assume yes. I read some of the supporting material and I think I know the answers to my questions.
However, I did note here... https://help.hcltechsw.com/domino/12.0.0/admin/conf_totp_enabling_for_server_through_internetsite.html
that "TOTP is not supported with Basic authentication or with SAML." Sounds like they are mutually exclusive, regardless of the price of SAML?
How to enable two factor authentication is documented here: https://help.hcltechsw.com/domino/12.0.0/admin/conf_totp_overview.html
Our background is as a SAAS vendor of an Inspection system, which is used by Government Agencies in the US to inspect a number of different types of Establishment, ranging from Restaurants to Schools to Septic Facilities. Our application was written for a Browser UI and has used Domino Offline Services (DOLS) to allow Users to work while offline. Our Clients can have one or more Applications/DBs that we support for them.
As illustrated in the attached screenshot, "Paragon Login screen.jpg", Users currently have to Login with their "Username" and "Password" in order to access the system. This requirement applies to both Online and Offline access. With Nomad Web, the user will Login to Nomad Web and, on the Home Page, be presented with only the Applications/DBs that they have subscribed to.
As illustrated, in addition to being able to Login and access the system, Registered Users also have access to the following functions:
Forgot your password. In this instance, if the User has forgotten their password, they can enter their Username and Email Address and the system will send a new, system generated password to their Email address. They can then reset their password using the function described in #3 below.
Forgot your username: In this instance, if the User has forgotten their username, they can enter their Email Address and the system will send an email with their username to their Email address.
Update your registration profile (needs login). In this instance, the User can change their Profile, which includes their username, email address and password. Any or all can be changed at one time. Many of our Clients are required by their IT department to change all of their passwords periodically; although I'm not sure how that policy is enforced.
The business requirements for this type of functionality are obvious, and stem from one or more of the following:
The User has forgotten their password.
The User's IT department requires that all Passwords be changed periodically, and/or
The User needs to change their name, typically because they have gotten married
We would expect that the Nomad Web Login screen will include a similar kind of functionality.
I'd be happy to join a web call to demonstrate/discuss this requirement.
Separate question... my understanding is that Domino 12 supports Time-based one-time (TOTP) Multi Factor Authentication. Will that be incorporated in Nomad Web? If yes, I would propose that:
It be enabled/disabled by the Server Administrator. Not all Clients will opt for this level of security.
The Server Administrator also has the ability to adjust the expiry time frame from 30 seconds to something more.
Paul Ryan
Ok, you want to change the password of the Notes ID file (in the Vault) from a web browser.
What you can do is to set up the self service password reset application
https://help.hcltechsw.com/domino/12.0.0/admin/conf_settingupthesampleselfserviceapplicationtoallowi_t.html
and then adding a (custom) new quick link into the app switcher dialog of Nomad web, which is pointing to the URL of the self service PW reset application.
https://help.hcltechsw.com/nomad/1.0_admin/config_application_switcher.html
Smaller customers can't afford SAML. Need native password change capability.
Most potential customers of Nomad Web is Notes users that uses Change Password feature in most cases due to enterprise security policy.
SAML federated login is optional. If SAML federated login is on system requirements, there is not problem, but actually not.
"Change Password" feature will be mandatory to promote Nomad Web for those customers.
If HCL has no plan to implement it, declare on product documentation that "HCL Nomad Web does not support "Change Password" feature. Consider SAML federated login instead to maintain password security poilicy." This declaration is important.
You can eleminiate the password prompt completely by configuring Nomad Web with SAML authentication. With this configuration in place, do you still need a password change dialog? if yes, please explain why. https://help.hcltechsw.com/nomad/1.0_web/nomad_web_new.html
It is very very critical for both HCL Software Sales and all customers. This is security issue.
Yes, we'd like to have this feature since we are not using Notes client