Symantec VIP

Configuring Symantec VIP with Specops Authentication for uReset 8 will extend Symantec VIP’s authentication system to uReset 8 users.

Configure and enable Symantec VIP with uReset 8

Pre-requisites: The Administrator role is required in Symantec VIP.

  1. Login to the Specops Authentication Web : https://login.specopssoft.com/authentication/admin
  2. From the Policies menu, enable Symantec VIP in the desired authentication policy.
  3. Click Identity Services from the top menu.
  4. Select Symantec VIP.
  5. Download the metadata file from the presented URL.
  6. Launch Symantec VIP manager, and sign in to the service.
    • From the Policies menu, select VIP Login.
    • In the Organization Service Provider Settings, click Browse, and import the metadata file.
    • Click Save.
  7. Return to the Specops Authentication Web . Select the attribute where the Symantec VIP user ID is stored. If Symantec VIP is enabled in the policy, all affected users will be enrolled with Symantec VIP on Specops Authentication for uReset 8. Enrollment with Symantec VIP is required before it can be used with Specops Authentication for uReset 8.

First-time access

If the user does not exist in Symantec VIP, the user will be created on the first authentication attempt. To secure newly created accounts, it is best practice to enable a second authentication factor for first-time access to the Symantec VIP self-service portal.

  1. Log in to Symantec VIP Manager.
  2. Go to Policies.
  3. In the Components section, click Edit.
  4. Select Yes next to Require second-factor authentication for first-time access.
  5. Change the authentication method as you see fit.
  6. Click Save.

Upgrading to the new Symantec VIP configuration

Customers with existing Symantec VIP configurations are recommended to upgrade to the new configuration introduced with version 8.19. Since the old configuration will not be deleted, it is always possible to downgrade afterwards. New customers will automatically start with the new configuration.

  1. Generate a new cerificate through Symantec VIP Manager.
    1. Select Account in the navigation bar at the top of the page.
    2. Click Manage VIP Certificates in the Links pane on the right side of the page.
    3. On the Manage VIP Certificates page, click Request a Certificate.
    4. Read the instructions on the Certificate Instructions page, and click Continue.
    5. Type a name for the certificate in the Certificate Name field.
    6. Click Submit Request.
    7. Provide the required information (format and password), and then click the link to download your certificate. VIP Manager supplies a VIP certificate that you can download to your hard drive.
      NOTE
      The certificate format needs to be PKCS#12 for it to be used with Specops Authentication.
      For more information, please see the Symantec VIP Manager page.
  2. In Authentication Web, access the Identity Services in the left navigation, and click on Symantec VIP in the list to configure the service.
  3. In the Select certificate file field, click Browse, navigate to the new certificate, and upload it.
    NOTE
    The certificate file is not saved until you click the Save button. Navigating away from this page before saving will undo all changes made to the configuration.
  4. In the Password field enter the password used to create the certificate and click Upload. The certificate details will be displayed at the top of the field.
  5. Optional: test the connection by clicking the Test connection button.
  6. Set the Active Directory user attribute that contains the Symantec VIP username, and configure the Auto-enroll setting.
  7. Click Save.