VIP Policy Configuration
Integrating Microsoft Entra ID with VIP
If your user identities are in Entra ID and you want to use authentication with Entra ID to protect user access to applications that integrate directly with Entra ID, integrate VIP to enable multi-factor authentication. Microsoft Azure uses Conditional Access to secure web applications using multi-factor authentication. In this case, VIP is the access condition that your users must meet to be fully authenticated.
Note: New users must always access the VIP Self Service Portal or My VIP portal to register a credential before Conditional Access settings are applied to that user.
You must have an Azure Active Directory Premium P1 subscription to integrate your Microsoft Entra ID with VIP.
To integrate Microsoft Entra ID with VIP, you must first add the Microsoft Entra ID tenant to VIP:
If your user identities are in Entra ID and you want to use authentication with Entra ID to protect user access to applications that integrate directly with Entra ID, integrate VIP to enable multi-factor authentication. Microsoft Azure uses Conditional Access to secure web applications using multi-factor authentication. In this case, VIP is the access condition that your users must meet to be fully authenticated.
Note: New users must always access the VIP Self Service Portal or My VIP portal to register a credential before Conditional Access settings are applied to that user.
You must have an Azure Active Directory Premium P1 subscription to integrate your Microsoft Entra ID with VIP.
To integrate Microsoft Entra ID with VIP, you must first add the Microsoft Entra ID tenant to VIP:
| Select Policies in the navigation bar at the top of the page. | |||||
| Select Entra ID in the secondary navigation bar at the top of the page. | |||||
| Click Add Microsoft Entra ID Tenant. You are redirected to the secure sign-in page for Microsoft Entra ID. | |||||
| Sign in as the appropriate tenant administrator, and grant permission for VIP Two-Step Verification to access your tenant, and to grant access to out-of-band information such as email addresses and phone numbers for your Azure users. Note: If you click Cancel, VIP Two-Step Verification still has access to your tenant and will still be able to perform multi-factor authentication for your Microsoft Entra ID tenant. However, any multi-factor authentication attempts that require out-of-band authentication will fail until you grant this access. You are returned to VIP Manager, and your Microsoft Entra ID tenant information is displayed. | |||||
Complete the following fields:
| |||||
| Click Save to add the tenant to VIP. You can view or download the Microsoft Entra ID JSON code after you save this page. You can add up to 5 Entra ID tenants, or edit the friendly name and user ID attribute for an existing tenant from this page. Note that changes to the user ID can take at least an hour to take effect. After you add your tenant to VIP, you configure Microsoft Entra ID to redirect multi-factor authentication requests to VIP. See Symantec VIP Integration Guide for Entra ID for more complete integration procedures.  |