SecureDomino is the universal authentication and security tool for Domino web servers.


By extending authentication options beyond the Domino Directory, SecureDomino allows a broader usage of Domino servers.

SecureDomino enhances data security and helps to enforce Sarbanes-Oxley compliance. Domino servers with activated HTTP task are protected by preventing unauthorized users from gaining access.


IBM Domino authentication has several shortcomings:

  • Even with the Domino Directory Assistance and the Active Directory Synchronization users must still handle multiple passwords.
  • Domino does not log authentication successfully and failed attempts efficiently.
  • Domino does not support IP-based authentication.
  • Domino does not allow the definition of log-on hours

SecureDomino Authentication Features

LDAP Authentication

Authenticate against Microsoft or any other LDAP directory and thus eliminate the need for users to remember multiple passwords.

Designated (SPNEGO) Authentication Server (new in R7!)

Use one central SPNGEO activated server to handle automated authentication even on non-SPNEGO supported Platforms and Domino-Versions like Linux or Solaris.

Log-on Hours Definition

Restrict signing in, e.g.: restrict log-in to business days and hours from 8am to 5pm.

Authentication Logging

Log sign-in attempts (either all, successful only or failed attempts only) for analysis, documentation and user-information.

IP-based Authentication

Identify and authenticate users (and proxies) through their IP-address automatically.

Intrusion Prevention

IBM Notes and Domino offer extensive and mature security architecture. Nevertheless, a Domino server in the Intra-, Extra- or Internet is exposed to many risks:

  • Browser clients can endlessly attempt to sign in to a Domino Server. Retrieving a user’s password is just a matter of time.
  • Hackers can access sensitive data or cause a heavy server load by simply using hacking tools provided in the internet (Brute Force Attacks, Denial-of-Service).
  • URL´s like $DefaultNav and $DefaultView often reveal much more information than intended.
  • Loading the HTTP-server task makes all database accessible through browser-clients, not just the desired ones.

SecureDomino Intrusion Prevention Features

Prevent Brute-Force Hacking and Password Guessing Attempts
Effective protection against hacking and denial of service-attacks through HTTP lockout. IPs and user accounts are locked after a number of failed attempts. Unlock on a scheduled interval or have administrators unlock manually.

  • Forgotten Password Handling
    Users may request new http passwords and have them send to their Notes-mail accounts.
  • Access Restrictions
    Restrict http-access with white- and black-lists to directories and databases. Have all other databases accessed through Lotus Notes clients only.
  • Redirection
    Create redirections for custom and unwanted URL-commands like $$DefaultNav, $$DefaultView, %%Source%%. Works even with unicode characters.


SecureDomino benefits

is widely tested and implemented by corporations (including IBM) and governments around the world.

  • is a DSAPI-filter and can simply be plugged into any Domino server
  • can be installed within minutes
  • does not does require any modifications to the Domino directory or even a new Domino directory
  • does not slow down the Domino server
  • does not write into the Domino directory
  • even works with strong password encryption
  • is available on all relevant Domino platforms (Windows, Linux, AIX, Sun OS, others on request)


SecureDomino is available for the following platforms:

  • Windows NT/2000/2003
  • Linux
  • AIX
  • Sun Solaris / Risc on request
  • iSeries and zSeries on request

SecureDomino R7 requires a Domino R6 (or higher) server.