Integrating HCL Domino and Microsoft 365
- Justin Hill
- Dec 7, 2021
- 4 min read
Updated: May 14
There are times when you need to use multiple technologies and you need them working well together. One example is: Office 365 and Domino. Why would you need them both you ask? Well, maybe you have your email on Domino and also using O365 apps or your email is on Exchange and you have data and apps on Domino.
HCL Notes, Domino and Microsoft 365
Domino gives you a lot of great things, flexibility it offers you. You can be on prem, hybrid or in cloud and have the same level of security and all.
Collaboration client-server application
Email/Calendar/Contacts
Applications – business workflow, document libraries…
Sametime
Domino Server – Windows, Linux, OS/400, AIX, Docker containers, Kubernetes, OpenShift
Notes client, Verse, Traveler, Web Browser, Nomad, Outlook
Microsoft on the other hand is all about the cloud.
Subscription based cloud services
Email/Calendar/Contacts
SharePoint
Teams, Skype for Business (deprecated)
Outlook and OWA
Powersuite – Apps/Automate/AI/BI – a great tool but quite on the expensive side of things.
Directory
As we all know already the Domino Directory is the heart and soul of Domino. It’s where you find all your server config and how you manage your users.
Domino Directory – names.nsf
Microsoft is a bit more complex:
Active Directory – on premises
Azure Active Directory – cloud
Hybrid considerations
AAD requires additional licenses to behave more like AD in the cloud
Directory Components
These are the Directory Components you will find and use most often in Domino:
Person
Group
Multi, Server, ACL, Mail, Servers, Deny
Mail in Database
Resource
Server
Configuration
Connection
Program
Policy/Setting
Internet Site
Here is what Microsoft has to offer in this regard:
User
Mailbox user, mail user, mail contact
Group
Distribution, Dynamic Distribution, Security
Shared mailbox
Resource
Server vs Service Management
Endpoint Management
What is HCL Nomad?
Similar to the HCL Notes Client Basic experience all within a web browser
Designed for users to access HCL Domino applications (NSFs) from the users’ desktops and/or laptops
Available as a fully native application for Android, Chromebook, and iOS mobile devices
Secure access to mail and/or HCL Domino applications
Ironclad security leveraging HCL’s Safelinx technology (built-in, secure, VPN) in addition to updated Domino security layers (e.g., physical, OS, network, server, ID, application, application design, and workstation)
Includes:
Biometric authentication for iOS mobile devices (face or touch ID)
Secure proxy integration (SafeLinx)
Two factor authentication (2FA)
Username detection for secure access
Local replica enablement to work off-line (on the native mobile version)
Field level security for applications
No specific design modifications required (to existing apps)!
Here is how Nomad looks like on Tablets and Smartphones
Domino V12: Nomad for Web Browsers
Coexistence Considerations
Directory synchronization
SSO Authentication
Bi-directional mail routing with correct content and format
Calendar free/busy time lookups/scheduling
Instant Messaging coexistence
Application inter-operation
Client options
Outlook as a Domino client
HCL Traveler for Microsoft Outlook 3.x (HTMO)
Email/Calendar/Contacts
Future – Open Client
DOMI – Domino Online Meeting Integration
Teams at the center of everything Microsoft – Viva
Active Directory and Domino synchronization can prove to be a drag. Here is a scheme of how you can make this work.
Domino Directory Sync
objectGUID field added
New Users – Register Selected Person
User Renames
Person document only – automatic
Registered Notes user – admin4.nsf, Rename common name requests
User Deletions
Person document only – automatic
Registered Notes user – No
Group Deletions – automatic
Groups
AD Controller Password Sync Components
Domino Utility server registered and installed note: does not run
Domino Configuration Directory
Directory Assistance Database (New)
Document for directory of administration server
Domino Password Library (npwsync.dll)
Request Creator (names.nsf)
Password Change Request Database – adpwsync.nsf
Domino Domain Server Password Sync Components
Request Processor (names.nsf)
Configuration Settings document (names.nsf)
Password Change Request Database – adpwsync.nsf
Directory Assistance Database (New)
ID Vault
Password Flow – AD Controller
Local Security Authority
Processes password change in AD
Passes user name and password to Domino Password Library
Domino Password Library
Finds objectGUID from user’s AD document
Uses Directory Assistance database to find objectGUID in Domino Directory (on Request Processor)
Creates document in Password Change Request database that contains the objectGUID and password
Copies document to Request Processor’s Password Change Request database
Password Flow – Domino
Request Processor Server sees new request
Uses objectGUID to find Person document in names.nsf
Updates Internet Password in Person document in names.nsf of administration server
Updates Notes ID Password in ID Vault
Authentication Coexistence
LDAP provides a way to authenticate, but both AD/AAD/O365 and Domino require they are the directory ”master” so Dirsync is necessary for these two systems to work together
SAML – supported 90% by Domino and 100% by AAD, so this is a good path to pursue IMHO, however:
Assertions not supported (If this could be supported then we could support Domino ACLs for SAML users)
Managed logout not supported
OAuth – OAuth2 Support for Domino Web Applications
OAuth2 Support for Domino Web Applications allows administrators to configure token-based access to Domino-hosted ReST API’s.
Available with Domino V12
HCL Domino – Security Enhancements
For any questions you might have we are here to help.
Comments