Security Settings restrictions

Security Settings are supported in on-premises policies for service users, but with the restrictions described in the following table.

Table 1. Security Settings restrictions
Settings	Restrictions
ID Vault tab	The ID vault settings are enforced by the service and ignored in on-premises policies. The services enforces the following settings for the ID vault in the service: Assigned Vault: A name derived from `customerID` Forgotten password help text: `Contact your administrator for help (default)` Enforce password change after password has been reset: `Yes` Allow automatic ID downloads: `No` Allow ID downloads for: `5 days`
Password Management > Password Management Basics tab, Password Expiration Settings	If you want to enable Notes® ID password expiration, you must do so through SmartCloud Notes Administration. An on-premises Security Settings policy can be used only to enable password expiration warnings that notify users when password expiration approaches. For important details on how to use Security Settings to enable password expiration warnings, see the topic Setting password expiration for Notes IDs.
Password Management > Custom Password Policy tab	You can use SmartCloud Notes Administration to enable password synchronization. When service login passwords change, this feature allows Notes ID passwords to change to match. If you enable this feature, do not make custom password requirements in a policy more restrictive than the service login password requirements. For more information, see the topic Enabling password synchronization.
Keys and Certificates tab	The service does not support key rollover for Notes IDs. The service therefore ignores the values of fields in the Default Public Key Requirements and User Public Key Requirements sections of Security Settings.