When Symantec VIP is enabled for a user, the user completes a two-part process to log in to our user interface. The user will enter login credentials (login name and password) followed by Symantec VIP credentials (Symantec VIP credential ID and one-time security code). Note - Symantec VIP two factor authentication impacts UI access only (not API access).
Managers can go to Users > Setup > Security and select the option "Require Symantec VIP two-factor authentication for all users".
If not enabled globally, a Manager can enable Symantec VIP authentication individually for specific users. Go to Users > User Accounts and edit the account you're interested in. Then select the option "Symantec VIP two-factor authentication" under Security.
All users with login privileges can opt in for Symantec VIP authentication by registering their own Symantec VIP credential with our security service. Edit your own user account, go to the Security section and register your credential.
You can get a credential from the Symantec VIP Center at: https://idprotect.vip.symantec.com or https://vip.symantec.com. Each Symantec VIP credential bears a credential ID and allows the user to generate one-time security codes as needed.
Just click the Deactivate Credential button in the user's account settings. If you are deactivating your own credential, you will be prompted to validate your credential by providing two security codes from your credential device. Important - If you deactivate your credential and Symantec VIP authentication is required for your account, you'll need to register your Symantec VIP credential the next time you log in.
You can unlock any user's credential, except your own. Once unlocked, the user will need to enter their Symantec VIP security code the next time they log in. Need to unlock your own Symantec VIP credential? Ask a Manager to do it. If you are the only Manager in your subscription, please contact Support.
You'll see one of these status indicators in each user's account settings:
Symantec VIP is required and the user has registered a Symantec VIP credential.
Symantec VIP is required and the user has not registered a Symantec VIP credential.
Symantec VIP is required and the user's credential is locked.
Symantec VIP is not required and the user has registered a Symantec VIP credential.
Symantec VIP is not required and the user has not registered a Symantec VIP credential.
Symantec VIP is not required and the user's credential is locked.
We support the use of Symantec VIP or SAML SSO. If both are turned on for the same account, SAML SSO will be used and the Symantec VIP setting will be ignored.
Please refer to the Symantec documentation for your device if you're not sure how to locate the security code or credential ID.