You can view and configure the policy that applies to both My VIP and the VIP Self Service Portal. The policy includes:
![]() | Whether users can generate temporary security codes for themselves that they can use to Sign In to My VIP or the VIP Self Service Portal, and how the users will receive them (distribution method). You should select distribution methods which correspond to the attributes sent by the VIP Enterprise Gateway. For example, if you have configured the VIP Enterprise Gateway Self-Service Portal to send phone number attributes, you can enable SMS (Text Message) or Voice Call as distribution methods.
|
![]() | Whether users can generate temporary security codes in My VIP that they can use to authenticate to third-party applications such as their banking apps or workplace apps, and how the users will receive them (distribution method). You should select distribution methods which correspond to the attributes sent by the VIP Enterprise Gateway. For example, if you have configured the VIP Enterprise Gateway Self-Service Portal to send phone number attributes, you can enable SMS (Text Message) or Voice Call as distribution methods.
|
![]() | Whether users must enter a security code as a second-factor authentication the first time they attempt to access My VIP or the VIP Self Service Portal. Enabling second-factor authentication prevents unauthorized users from registering credentials on a user's account by sending a security code to your end users before they can register a credential.
|
![]() | Whether end users can register a new credential during the Sign In flow. If you set this option to Disable inline credential registration, end users cannot register a new credential when signing in to a site. Users can register new credentials directly from the My VIP page, or VIP administrators can register credentials for them in VIP Manager.
If you disable inline credential registration, you have the option to customize the message that end users see when signing in to a site. Your custom message can contain a URL, but it cannot exceed 200 characters.
The default message is Contact your administrator for assistance.
|
![]() | Designating a default country code for your users who request temporary security codes via SMS or Voice Call from My VIP or the VIP Self Service Portal. Once temporary security codes and the default country code have been set within this policy, the country code will be prefixed to phone numbers designated for SMS and Voice Call temporary security codes (which are usually retrieved directly from your User Store by the VIP Enterprise Gateway). Note that this default country code is not used for SMS and Voice Call credentials that are explicitly registered through My VIP, the VIP Self Service Portal or VIP Manager. The default country code is used only for automated distribution of temporary security codes.
|
| If no default country code has been set, phone numbers are used "as-is." However, if a default country code has been set, the following guidelines apply:
|
| ![]() | If the phone number begins with that same country code (that has been set) or begins with a "+", the phone number is used verbatim.
| ![]() | Otherwise, the default country code is prefixed to the phone number.
|
|
| For example:
|
| When the default country code has been set to "United States (+1)":
|
| | Input: (650) 555-1212 | | Used: 16505551212 | | Input: 1 (650) 555-1212 | | Used: 16505551212 | | Input: 44 870 243 1080 | | Used: 1448702431080 | | Input: +44 870 243 1080 | | Used: 448702431080 |
|
| When no default country code has been set:
|
| | Input: (650) 555-1212 | | Used: 6505551212 | | Input: 1 (650) 555-1212 | | Used: 16505551212 | | Input: 44 870 243 1080 | | Used: 448702431080 | | Input: +44 870 243 1080 | | Used: 448702431080 |
|
![]() | Whether VIP sends email notifications directly to users when a credential is registered, modified, or deleted, or when a device is remembered in the My VIP portal.
Once enabled, you must configure VIP to send the user email attribute as an out-of-band communication:
|
| ![]() | For VIP Enterprise Gateway, edit the user store to include the Email attribute as a search criteria.
| ![]() | For SAML, configure your IdP to include the email attribute as an out-of-band attribute in the signed SAML assertion to VIP Login.
|
|
| You must customize the email templates that VIP uses to send these emails.
|
![]() | Whether to restrict users from removing their own credentials in My VIP. If this option is set to Yes (the default), users can remove their own credentials in My VIP. If set to No, users must contact a VIP administrator to delete their credentials.
Removed credentials are unbound from the user, but remain available in VIP.
|
![]() | Whether to block all users in your account from accessing My VIP. If enabled, no users can access My VIP.
|
![]() | Whether to restrict access or allow access to My VIP from specified IP addresses. If restricted (blocked), attempts to access My VIP from specified IP addresses are denied. If allowed, only attempts to access My VIP from specified IP addresses are allowed.
|
| Configure blocked or allowed IP addresses by uploading up to 300 entries in a single CSV file (one IP address or one IP address range represents one entry) to the appropriate section. Show each IP address in decimal format, and separate IP address ranges with a hyphen.
|
| Separate each entry in the file by a comma. Do not include other text, line breaks, or headers. Uploading a new list supersedes and replaces the entries you have previously configured.
|
| If you upload an IP address to both the Block policy and the Allow policy, access to the IP address is blocked.
|
| VIP supports both IPV4 and IPV6 formats. The following example shows acceptable IP address and IP address range formats:
|
| For example:
|
| 10.146.2.40,172.31.255.255, 192.168.0.1-192.168.0.100
|
![]() | Which credential types end users can register for themselves in the My VIP portal. Only those credentials that you select are available to end users when they attempt to register for a new credential in the My VIP portal.
The credentials that you allow an end user to self-register must already be allowed by your Credentials policy and Biometric / Security Key Authentication Policy on the Policies > Accounts tab.
|
