When VIP is enabled for a user, the user completes a two-part process to log in to our user interface. The user will enter login credentials (login name and password) followed by VIP credentials (VIP credential ID and one-time security code). Note - VIP two factor authentication impacts UI access only (not API access).
Managers can go to Users > Setup > Security and select the option "Require VIP two-factor authentication for all users".
If not enabled globally, a Manager can enable VIP authentication individually for specific users. Go to Users > User Accounts and edit the account you're interested in. Then select the option "VIP two-factor authentication" under Security.
All users with login privileges can opt in for VIP authentication by registering their own VIP credential with our security service. Edit your own user account, go to the Security section and register your credential.
You can get a credential from the VeriSign Identity Protection Center at: https://idprotect.vip.symantec.com or https://vip.symantec.com. Each VIP credential bears a credential ID and allows the user to generate one-time security codes as needed.
Just click the Deactivate Credential button in the user's account settings. If you are deactivating your own credential, you will be prompted to validate your credential by providing two security codes from your credential device. Important - If you deactivate your credential and VIP authentication is required for your account, you'll need to register your VIP credential the next time you log in.
You can unlock any user's credential, except your own. Once unlocked, the user will need to enter their VIP security code the next time they log in. Need to unlock your own VIP credential? Ask a Manager to do it. If you are the only Manager in your subscription, please contact Support.
You'll see one of these status indicators in each user's account settings:
VIP is required and the user has registered a VIP credential.
VIP is required and the user has not registered a VIP credential.
VIP is required and the user's credential is locked.
VIP is not required and the user has registered a VIP credential.
VIP is not required and the user has not registered a VIP credential.
VIP is not required and the user's credential is locked.
We support the use of VeriSign VIP or SAML SSO. If both are turned on for the same account, SAML SSO will be used and the VeriSign VIP setting will be ignored.
Not sure how to locate the security code or credential ID? Check these out:
Display a VIP Security Code on your VIP device
Locate your VIP Credential ID