Configuring the Self Service Portal IdP

Complete these steps to configure the Self Service Portal IdP.
Your users manage their VIP credentials from the My VIP portal or the Self Service Portal. On the My VIP portal and the Self Service Portal, end users can register, test, or reset credentials. End users can also remove credentials from their accounts (for example, if they are lost or stolen).
You can configure how end users access the Self Service Portal, as well as how logs are rotated, from the
Self Service Portal IdP
tab. You can also enable the My VIP portal from this tab. Additionally, this page displays the Service Status and the Self Service Portal URL and the My VIP portal URL:
  • Service Status: Once you have configured end-user access to the My VIP portal or the Self Service Portal, the service runs by default. Click the slider at the top of the
    Self Service Portal IdP
    tab to start or stop the My VIP portal and Self Service Portal. Additionally, each time that you modify configuration settings and click
    Apply Changes
    , the service is stopped and restarted automatically.
  • My VIP portal URL and Self Service Portal URL: These are the URLs your end users use to access the My VIP portal or the Self Service Portal. They are generated dynamically, based on your configuration settings on this page. You will need to provide these URLs to your end users.
  1. To configure My VIP and the Self Service Portal:
    Make sure that the time on the computer on which you install VIP Enterprise Gateway is synchronized with the local time zone.
  2. From the
    Self Service Portal IdP
    link of the
    Identity Providers
    tab, do one of the following:
    • If you are accessing the Self Service Portal IdP for the first time, you are prompted to configure access. Select
      Yes
      to continue.
    • If you have already configured the Self Service Portal IdP, click
      Edit
      at the bottom of the page.
  3. Under
    End User Access Settings
    , enter the parameters as described in the following table and click
    Apply Changes
    :
    Field
    Description
    Host
    Enter the IP address (in IPV4 format) or fully-qualified domain name (FQDN) of the machine running the IdP service. This is typically the Configuration Console host, unless a third-party IdP service is configured. If entering a FQDN, make sure that the entry can be resolved by DNS.
    Port
    Enter the port number on which the service will listen.
    Load Balancer URL
    If you are using a load balance, enter the URL or fully qualified domain name that will act as a reverse proxy to distribute network or application traffic across a number of servers. The Load Balancer URL is used to mask the local IP, so that it is not exposed when you deploy your application in production.
    Logging Level
    Select how much debugging and auditing information you want to capture:
    • Debug: The log captures general details, and stack traces of all exception events.
    • Info: The log captures general details needed to track how the server is functioning. The Logging component accepts and logs any other component’s debug messages.
    • Warn: The log captures details of potentially harmful events such as rejected transactions and exception events that affect the server.
    • Error: The log captures details of events that hinder the server or transaction, but which may still allow the server to function (except events that affect the server.)
    Number of Files to Keep
    From the drop-down list, select the number of old log files that must be stored in the server.
    Log Rotation Interval
    Set the interval at which log files roll: at midnight each day, on the first day of the week, or at the beginning of each month.
    Enable Syslog
    Select
    Yes
    to allow Self Service Portal to send log messages to the syslog. You must configure Syslog Settings (
    Logs
    >
    Syslog Settings
    ) for this feature to work.
    Protocol
    Select
    https
    to use SSL to secure communication to the Self Service Portal. Otherwise, select
    http
    .
    If you select the HTTPS protocol, you must select an SSL key from the list.
    Security Code Distribution Settings
    Enable Automatic Distribution
    Select
    Yes
    to allow users to receive security codes through email, SMS, or voice credentials. You must configure the Self Service Portal Policy in VIP Manager.
    IdP Proxy Service Settings
    Enable IdP Proxy Service
    Select
    Yes
    to enable SSP IdP Proxy Service. Enable the SSP IdP Proxy Service to start an additional service to honor the HTTP POST request from an external SSP IdP Proxy (from outside the firewall)
    If you enable SSP IdP Proxy Service, you must configure the port and encryption key.
    Port
    Enter the port on which the service listens.
    Encryption Key
    Encryption key is used to decrypt the attributes coming from the SSP IdP proxy.
    Password Management
    Password Management
    Select
    Allowed
    to enable Password Management. Once enabled, a user can reset an expired password on the SSP IdP portal, after successfully logged in with the old password.
    If you allow Password Management, you must select
    https
    (SSL Enabled) in the
    Protocol
    field. You must also generate the VIP Integration Code for JavaScript and add the domain names of the Self Service Portal IdP and load balancer in VIP Manager.
    Forgot Password Link
      Set whether a
    Forgot password
    link appears in the My VIP authentication flow for users with registered credentials. Note that users that have enabled Remembered Devices will not be prompted for second-factor authentication when resetting passwords.
    My VIP IdP
    Enable My VIP IdP
    Select
    Yes
    to create a new IdP context for the My VIP portal. Once enabled, the My VIP portal URL is displayed at the top of the page.
    Enable Passwordless Credentials
    Select
    Yes
    to allow users to authenticate with FIDO-enabled passwordless credentials as a strong first factor.
    Redirect SSP to My VIP
    Set this slider to
    On
    to automatically redirect users accessing the existing SSP URL to the My VIP portal for credential registration and management.
    If you have added the VIP Integration Code for JavaScript into your application sign-in pages, you must also add the My VIP portal URL to your JavaScript integration for the redirect to work. See the
    Symantec VIP Intelligent Authentication (IA) Enterprise Integration Guide
    or the
    Symantec VIP Remembered Device Integration Guide
    for details on configuring the VIP Integration Code for JavaScript.
Optionally, once you have configured the Self Service Portal IdP, you can configure Trusted Service Access settings for Microsoft AD FS.