Configuring two-factor authentication with Symantec VIP
If you use Symantec VIP two-factor authentication in your environment, you can configure
Symantec Endpoint Protection Manageradministrators to authenticate with it.
Two-factor authentication adds an extra layer of security to the logon process. When two-factor authentication is enabled, you must provide a unique, one-time verification code when you log on, in addition to a password. You can receive the code by voice, text, or with the free Symantec VIP Access app. This app is recommended because it is the most secure and it is easy to use. For a quick overview of Symantec VIP, see:
You manage the individual two-factor authentication settings for each individual administrator that uses
Symantec Endpoint Protection ManagerAuthentication. Administrators that authenticate with RSA SecurID or Directory authentication cannot use two-factor authentication.
Two-factor authentication is not supported over IPv6, or in a FIPS-enabled environment.
Symantec Endpoint Protection Managerfor two-factor authentication with Symantec VIP
- In the console, clickAdmin > Servers, and then click the local server name.
- UnderTasks, clickConfigure VIP authentication.
- Browse to the PKCS keystore file to select it, enter the keystore's password, and then clickOK.The certificate automatically propagates to otherSymantec Endpoint Protection Managerconsoles in the same site without the need for replication. You do not need to manually add the certificate to eachSymantec Endpoint Protection Manageron the site.To propagate the certificate to aSymantec Endpoint Protection Manageron a different site, the sites must be replication partners.
- To configure the administrator for two-factor authentication with Symantec VIP
- Verify that theSymantec Endpoint Protection Manageradministrator has a corresponding user name on the Symantec VIP Manager that matches exactly, including case sensitivity. The passwords for the two user names do not have to match.Consult Symantec VIP Manager documentation for how to configure a user name. See:
- In the console, clickAdmin > Servers > Administrators.
- Select an existing administrator, and then clickEdit the administrator.You can also add a new administrator to configure.
- On theAuthenticationtab, clickEnable two-factor authentication using VIP.