Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting to IBM Notes

Managing IBM Notes Environments Setting up IBM Notes Synchronization Basic Configuration Data Notes Domains Notes Certificates Notes Templates Notes Policies Notes user accounts Notes Groups Mail-In Databases Notes Server Using AdminP Requests for Handling IBM Notes Processes Reports about Notes Domains Appendix: Configuration Parameters for Synchronization with a Notes Domain Appendix: Default Project Template for IBM Notes

Managing IBM Notes Environments

IBM Notes environment objects such as user accounts, groups, mail-in databases, servers, policies, and certificates can be administrated with One Identity Manager. By defining Notes domains in One Identity Manager, you are able to manage several productive IBM Notes environments in parallel with a One Identity Manager database. Notes users and employee documents are managed as user accounts in One Identity Manager.

One Identity Manager provides company employees with the necessary user accounts. You may use different mechanisms for connecting employees to their Notes user accounts. These user accounts can also be managed separately from employees and therefore administrative user accounts can be set up.

When you certify a new user, a series of user specific files are generated, which must be available to the user for working with IBM Notes. When you add a user with the IBM Notes connector, the user ID file for authentication, the mailbox file, and the user’s personal address book are created.

Groups and mail-in databases are managed by One Identity Manager along side user accounts. Groups are used to provide users the access permissions they need or they can be used for email distribution lists. Users can send or receive messages through shared mail-in databases. Users can access these mail-in databases when access permissions have been granted. If you add a mail-in database using One Identity Manager, the necessary mailbox file is created.

Server documents, certificates, policies, and templates for mailbox files are only loaded into the One Identity Manager database so they can be referenced when you set up user accounts and groups. One Identity Manager access lists can be defined for server documents in order to specify who has access to a server for what reason.

Architecture overview

The visible area of a productive IBM Notes environment is mapped to a Notes domain in One Identity Manager. One Identity Manager needs access to this IBM Notes's Domino Directory for synchronization.

A server is defined within the One Identity Manager environment to execute all administrative task effecting the IBM Notes environment. This server is named the gateway server in the rest of this chapter. The gateway server performs the function of the synchronization server. It is not a productive Domino server. An IBM Notes client, the One Identity Manager Service, and the IBM Notes connector are installed on the gateway server.

All IBM Notes connector actions are executed from the gateway server. The gateway server communicates with the productive environment's Domino server when actions are running in the target system. This Domino server is a selected server with a good network connection to the gateway server. The IBM Notes connection requires access to the Domino Directory, preferably therefore, you should use a directory server.

For synchronization, provide an ID file with sufficient administrative permissions for accessing the productive IBM Notes environment. If you want to work with a Certification Authority process (CA process), a certifier ID file must be provided. Both files must be available on the gateway server.

The gateway server executes One Identity Manager Service actions, like certifications, adding, modifying and deleting document in the Domino Directory. In addition to this, databases can be also added to servers for users, mailbox files or mail-in databases on Domino servers. The One Identity Manager Service provides an IBM Notes client context using the IBM Domino COM library and processes all necessary function for exchanging data with the Domino server in it (access to Domino objects, running Notes agents, creating administrative processes (AdminP), error handling).

Figure 1: IBM Notes Connectors communication with IBM Notes

The objects in IBM Notes are mapped as follows in the One Identity Manager database:

Table 1: Mapping object types from this IBM Notes installation in the One Identity Manager
IBM Domino One Identity Manager
Domino server Notes servers
Domino domain No direct mapping
 

Notes domain

Properties of Notes objects to assign them to different IBM Notes environments.

User Notes user account
Group Notes group
Mail-in DB Notes mail-in database
Notes certificate Notes certificate
Template Notes template
Policy Notes policy

One Identity Manager users for managing a IBM Notes system

The following users are included in setting up and managing an IBM Notes environment.

Table 2: User
User Tasks
Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role:

  • Administrate application roles for individual target systems types.

  • Specify the target system manager.

  • Set up other application roles for target system managers if required.

  • Specify which application roles are conflicting for target system managers

  • Authorize other employee to be target system administrators.

  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to Target systems | IBM Notes or a sub-application role.

Users with this application role:

  • Assume administrative tasks for the target system.

  • Create, change or delete target system objects, like user accounts or groups.

  • Edit password policies for the target system.

  • Prepare groups for adding to the IT Shop.

  • Can create employees with an identity that differs from the Primary identity.

  • Configure synchronization in the Synchronization Editor and defines the mapping for comparing target systems and One Identity Manager.

  • Edit the synchronization's target system types and outstanding objects.

  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

One Identity Manager administrators
  • Create customized permissions groups for application roles for role-based login to administration tools in Designer as required.

  • Create system users and permissions groups for non-role-based login to administration tools in Designer as required.

  • Enable or disable additional configuration parameters in Designer as required.

  • Create custom processes in Designer as required.

  • Create and configures schedules as required.

  • Create and configure password policies as required.

Administrators for the IT Shop

Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role.

Users with this application role:

  • Assign groups to IT Shop structures.
Administrators for organizations

Administrators must be assigned to the application role Identity Management | Organizations | Administrators.

Users with this application role:

  • Assign groups to departments, cost centers and locations.
Business roles administrators

Administrators must be assigned to the application role Identity Management | Business roles | Administrators.

Users with this application role:

  • Assign groups to business roles.

Setting up IBM Notes Synchronization

One Identity Manager supports synchronization with IBM Notes environments in versions 8 and 9 of the IBM Domino Server and the IBM Notes Client version 8.5.3 or later.

To load IBM Notes objects into the One Identity Manager database for the first time

  1. Prepare a user with sufficient permissions for synchronizing in IBM Notes.
  2. One Identity Manager components for managing IBM Notes environments are available if "TargetSystem\NDO" is set.
    • Check whether the configuration parameter is set in the Designer. Otherwise, set the configuration parameter and compile the database.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.
  3. Install and configure the gateway server.
  4. Create a synchronization project with the Synchronization Editor.
  5. If user accounts in IBM Notes are to be registered by the IBM Notes connector, modify the required certificates in One Identity Manager. Enter the path for the certifier's ID file or the name of the CA database.
Detailed information about this topic
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents