Configuring Symantec VIP with Specops uReset will extend Symantec VIP’s authentication system to Specops uReset users.
Configure and enable Symantec VIP with Specops uReset
Pre-requisites: The Administrator role is required in Symantec VIP.
- Open the Specops uReset Administration tool, and select Policies and Groups.
- Find the Policies row, select the policy you want to modify, and click Edit.
- Click Symantec VIP from the list of available Identity Services.
- Download the metadata file from the presented URL.
- Click Launch Symantec VIP Manager on the uReset Administration Tool, and sign in to the service.
- From the Policies menu, select the VIP Login
- In the Organization Service Provider Settings, click Browse, and import the metadata file.
- Click Save.
- Return to the Specops uReset Administration Tool.
Select the attribute where the Symantec user ID is stored –
samAccountName is the most common option.
This is not a default setting that can be set for all policies. The attribute must be specified for all policies with Symantec VIP.
- Click OK.
Enrollment with Symantec VIP is required before it can be used with uReset. All affected users must have an account in Symantec VIP and registered credentials (hardware/software device or mobile phone app). Users without registered credentials can use Symantec VIP’s self-service portal to register.
If Symantec VIP is enabled in the policy, all affected users will be enrolled with Symantec VIP on uReset. uReset will use the selected attribute as the Symantec VIP User ID. Since the attribute will always contain the Symantec VIP User ID, users will be enrolled with Symantec VIP on uReset. To authenticate to uReset using Symantec VIP, users will need a complete enrollment in Symantec VIP.
If the user does not exist in Symantec VIP, the user will be created on the first authentication attempt. To secure newly created accounts, it is best practice to enable a second authentication factor for first-time access to the Symantec VIP self-service portal.
- Log in to Symantec VIP Manager.
- Go to Policies.
- In the Components section, click Edit.
- Select Yes next to Require second-factor authentication for first-time access.
- Change the Authentication method as you see fit.
- Click Save.