Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
HCL Domino V12 - TOTP
1. SUTOL Café Online 2021
Aleš Lichtenberg
Whitesoft s.r.o. www.whitesoft.cz
www.whitesoft.cz
e-mail: ales.lichtenberg@whitesoft.eu
Twitter: @a_lichtenberg
blog: alichtenberg.cz
HCL Domino V12 – TOTP
2FA without the need for 3rd party software
2. SUTOL Café Online 2021
Time-based one-time password (TOTP)
• Timed One-Time Password (TOTP) provides an additional layer of security for
web browser access
• When TOTP is enabled, users are required to provide a one-time password
(token) in addition to their names and passwords - a six-digit PIN that is valid for
30 seconds.
• Users must have an Authenticator installed, such as Google Authenticator
• Vault ID required with V12 template
3. SUTOL Café Online 2021
• use the mfamgt server command to issue a multifactor authentication certificate
Command: mfamgmt create trustcert <Notes DN to allow> <certifier ID file> <certifier
password>
Configuration Time-based one-time password
(TOTP)
4. SUTOL Café Online 2021
• Check the „Multi-Factor Authentication Certificates“ created in Configuration /
Security / Certificates
5. SUTOL Café Online 2021
• Edit or create a new configuration document and on the "Security" tab
• Enable TOTP
6. SUTOL Café Online 2021
• Enable TOTP authentication in the server document (or in internet sites)
7. SUTOL Café Online 2021
• Enable authentication for the http protocol in the server document (Ports/Internet
ports/web)
8. SUTOL Café Online 2021
• Open the ID Vault policy settings
• Enable "TOTP-based ID Download" on the "ID Vault" tab
9. SUTOL Café Online 2021
• Open the Vault ID
• Don't forget to update from template version 12 - a prerequisite!
10. SUTOL Café Online 2021
• Open "Configuration"
• Select the server in "TOTP autenticated vault login"
11. SUTOL Café Online 2021
• Open the Domino Web Server Configuration application - domcfg.nsf
• If you do not have one, create it from the DOMCFG5.NTF template
• Open an already created "Mapping" document (or create a new one)
• Add to "Target Database": "domcfg.nsf" and add to "Target form„
„$$ LoginUserFormMFA"
12. SUTOL Café Online 2021
• Open the Domino Web Server Configuration ACL (domcfg.nsf)
• Set the "Reader" right for "-Default-" and enable "read public documents"
• Restart the server
13. SUTOL Café Online 2021
• Open the link to your Domino server in a web browser
• The TOTP login form is displayed
• Enter User name and Password(same as in iNotes / Verse)
• Click on „Set up Multi Factor Authentication“
14. SUTOL Café Online 2021
• Set up mobile authentication
• Install the Autenticiator app on your mobile phone
• Name your account
• Scan the QR code in the Authentificator application
• Then enter the verification code generated by the application
15. SUTOL Café Online 2021
• Save tokens in case an authentication application is not available
• And now you can use 2FA authentication to your Domino server