It can happen that the sync between your userid used in Notes client and IDVault is broken. It will fail to sync when the password in your local ID file is different from the one in the IDVault.
But there is a way to get it up and running again…..automatically
Put this line in your Domino server notes.ini: ENABLE_AUTORECOVERY_FROMBADPASSWORD=1 and restart the entire Domino server.
Now, when the Notes client tries to sync the id into the IDVault, and fails for 7 days, the IDVault automatically archives the failing id. The next time Notes logs in, the ID is pushed to the IDVault and sync is enabled again.
You can also archive the id manually if you wish to have some kind of control over it.
Archiving an id in IDvault: load qvault -x O=<Vaultname> -u “CN=<USername>/O=<Organization>” -a
Archving means nothing more than the rename of the id to ~<username>
Restoring an archived id: load qvault -x O=<Vaultname> -u “CN=<USername>/O=<Organization>” -r
Now after 7 days we see several archived id’s in the IDVault and the locale ones are uploaded into the IDVault. Sync is restored and SAML is automatically enabled for those users.
Thank you HCL for this solution….works perfectly!