Configuring two-factor authentication with Symantec VIP

If you use Symantec VIP two-factor authentication in your environment, you can configure
Symantec Endpoint Protection Manager
administrators to authenticate with it.
Two-factor authentication adds an extra layer of security to the logon process. When two-factor authentication is enabled, you must provide a unique, one-time verification code when you log on, in addition to a password. You can receive the code by voice, text, or with the free Symantec VIP Access app. This app is recommended because it is the most secure and it is easy to use. For a quick overview of Symantec VIP, see:
You manage the individual two-factor authentication settings for each individual administrator that uses
Symantec Endpoint Protection Manager
Authentication. Administrators that authenticate with RSA SecurID or Directory authentication cannot use two-factor authentication.
Two-factor authentication is not supported over IPv6, or in a FIPS-enabled environment.
To configure
Symantec Endpoint Protection Manager
for two-factor authentication with Symantec VIP
  1. In the console, click
    Admin > Servers
    , and then click the local server name.
  2. Under
    Tasks
    , click
    Configure VIP authentication
    .
  3. Browse to the PKCS keystore file to select it, enter the keystore's password, and then click
    OK
    .
    The certificate automatically propagates to other
    Symantec Endpoint Protection Manager
    consoles in the same site without the need for replication. You do not need to manually add the certificate to each
    Symantec Endpoint Protection Manager
    on the site.
    To propagate the certificate to a
    Symantec Endpoint Protection Manager
    on a different site, the sites must be replication partners.
  1. To configure the administrator for two-factor authentication with Symantec VIP
  2. Verify that the
    Symantec Endpoint Protection Manager
    administrator has a corresponding user name on the Symantec VIP Manager that matches exactly, including case sensitivity. The passwords for the two user names do not have to match.
    Consult Symantec VIP Manager documentation for how to configure a user name. See:
  3. In the console, click
    Admin > Servers > Administrators
    .
  4. Select an existing administrator, and then click
    Edit the administrator
    .
    You can also add a new administrator to configure.
  5. On the
    Authentication
    tab, click
    Enable two-factor authentication using VIP
    .