Choosing the authentication method for administrator accounts

You can choose from several authentication methods that the management server uses to check administrators' credentials before they log on.
For the third-party authentication methods,
Symantec Endpoint Protection Manager
has an entry in the database for the administrator account, but the third-party server validates the user name and password.
Authentication methods
When to use
Symantec Endpoint Protection Manager authentication (default)
Authenticates the administrators with the administrator's user name and password that are stored in the
Symantec Endpoint Protection Manager
database. When the administrator logs on to the management server, the management server verifies with the database that the user name and password are correct.
You can display the
Password never expires
option so that an administrator's account does not expire. See:
Two-factor authentication
Authenticates the administrators with Symantec VIP authentication on their smartphone. Administrators provide a unique, one-time verification code when they log on, in addition to a password.
For this option to be available, you must first add the appropriate PKCS keystore file and keystore's password. See:
RSA SecurID authentication
Authenticates the administrators by a using RSA SecurID token (not software RSA tokens), RSA SecurID card, or RSA keypad card (not RSA smart cards).
To authenticate administrators who use an RSA SecurID mechanism, first install the RSA Authentication Manager server and enable encrypted authentication for RSA SecurID. See:
Directory server authentication
Authenticates the administrators with an LDAP server or the Microsoft Active Directory server.
To authenticate administrators using an Active Directory or LDAP directory server, you need to set up an account on the directory server. You must also establish a connection between the directory server and
Symantec Endpoint Protection Manager
. If you do not establish a connection, you cannot import users from an Active Directory server or synchronize with it.
Synchronization is only possible for Active Directory Servers. Synchronization with LDAP servers is not supported.
For more information, see:
Smart card authentication
Authenticates the administrators who work as civilians or military personnel in U.S. Federal Agencies and who must use a PIV card or CAC to log on. See:
  1. To choose an authentication method for administrator accounts
  2. On the
    tab, select the authentication method if you do not want to use
    Symantec Endpoint Protection Manager Authentication
  3. Click
  4. In the
    Confirm Change
    dialog box, type the password that you use to log on to
    Symantec Endpoint Protection Manager
    , and then click
    When you switch between authentication methods, you must type the administrator account's password.