VIP Policy Configuration
Your organization can use VIP to act as the SAML Identity Provider to identify and authenticate users for web applications hosted by your organization.You can choose to configure VIP Login to authenticate the security code as the second factor, or the user name and password (or the user name and user PIN) as the first factor and the security code as the second factor.
Important: Symantec recommends that you refer to Integrating VIP Login for details on how to integrate VIP Login with your SAML solution before you configure this policy. This guide is available online at https://help.symantec.com/home/vip_login. It is also available as a PDF document at https://www.symantec.com/docs/DOC11133.
You can create up to 5 Service Provider configurations (entities), each with its own settings. To configure or edit your Service Provider settings, enter your Service Provider information, or upload a metadata file containing this information in XML format. You must also upload a verification certificate that the SAML protocol will use to secure communications with the Service Provider. You can download a copy of the VIP Login Identity Provider metadata by clicking the appropriate Metadata XML link for your configuration:
You can also download a copy of the SAML certificate that Symantec uses to secure communications with your SAML solution.
Note: Periodically, Symantec must renew this SAML certificate, which may cause interruptions in your SAML service. If you experience interruptions in your SAML service, verify that you are using the most recent version of this SAML certificate. If not, download the latest version and install it using the procedures provided by your SAML solution.
To set your VIP Login Service Provider settings:
Important: Symantec recommends that you refer to Integrating VIP Login for details on how to integrate VIP Login with your SAML solution before you configure this policy. This guide is available online at https://help.symantec.com/home/vip_login. It is also available as a PDF document at https://www.symantec.com/docs/DOC11133.
You can create up to 5 Service Provider configurations (entities), each with its own settings. To configure or edit your Service Provider settings, enter your Service Provider information, or upload a metadata file containing this information in XML format. You must also upload a verification certificate that the SAML protocol will use to secure communications with the Service Provider. You can download a copy of the VIP Login Identity Provider metadata by clicking the appropriate Metadata XML link for your configuration:
| Use the VIP Login IdP (Second Factor Only) metadata file to configure your SAML solution to work with VIP Login as an IdP. This configures your solution so that VIP prompts for and authenticates your user's second factor (security code or PIN). Your SAML solution will need to authenticate the user's first factor. | |
| Use the VIP Login IdP (First and Second Factor) metadata file to configure your SAML solution to work with VIP Login as an IdP. |
You can also download a copy of the SAML certificate that Symantec uses to secure communications with your SAML solution.
Note: Periodically, Symantec must renew this SAML certificate, which may cause interruptions in your SAML service. If you experience interruptions in your SAML service, verify that you are using the most recent version of this SAML certificate. If not, download the latest version and install it using the procedures provided by your SAML solution.
To set your VIP Login Service Provider settings:
| Select Policies in the navigation bar at the top of the page. | |
| Select the "VIP Login" tab. | |
| Click the Edit link to configure the Organization Service Provider settings, or click Add Service Provider to configure an additional Service Provider. Each Service Provider can have unique settings for the following: |