Configuring the Self Service Portal IdP
Complete these steps to configure the Self Service Portal IdP.
Your users manage their VIP credentials from the My VIP portal or the Self Service Portal. On the My VIP portal and the Self Service Portal, end users can register, test, or reset credentials. End users can also remove credentials from their accounts (for example, if they are lost or stolen).
You can configure how end users access the Self Service Portal, as well as how logs are rotated, from the
Self Service Portal IdP
tab. You can also enable the My VIP portal from this tab. Additionally, this page displays the Service Status and the Self Service Portal URL and the My VIP portal URL:- Service Status: Once you have configured end-user access to the My VIP portal or the Self Service Portal, the service runs by default. Click the slider at the top of theSelf Service Portal IdPtab to start or stop the My VIP portal and Self Service Portal. Additionally, each time that you modify configuration settings and clickApply Changes, the service is stopped and restarted automatically.
- My VIP portal URL and Self Service Portal URL: These are the URLs your end users use to access the My VIP portal or the Self Service Portal. They are generated dynamically, based on your configuration settings on this page. You will need to provide these URLs to your end users.
- To configure My VIP and the Self Service Portal:Make sure that the time on the computer on which you install VIP Enterprise Gateway is synchronized with the local time zone.
- From theSelf Service Portal IdPlink of theIdentity Providerstab, do one of the following:
- If you are accessing the Self Service Portal IdP for the first time, you are prompted to configure access. SelectYesto continue.
- If you have already configured the Self Service Portal IdP, clickEditat the bottom of the page.
- UnderEnd User Access Settings, enter the parameters as described in the following table and clickApply Changes:FieldDescriptionHostEnter the IP address (in IPV4 format) or fully-qualified domain name (FQDN) of the machine running the IdP service. This is typically the Configuration Console host, unless a third-party IdP service is configured. If entering a FQDN, make sure that the entry can be resolved by DNS.PortEnter the port number on which the service will listen.Load Balancer URLIf you are using a load balance, enter the URL or fully qualified domain name that will act as a reverse proxy to distribute network or application traffic across a number of servers. The Load Balancer URL is used to mask the local IP, so that it is not exposed when you deploy your application in production.Logging LevelSelect how much debugging and auditing information you want to capture:
- Debug: The log captures general details, and stack traces of all exception events.
- Info: The log captures general details needed to track how the server is functioning. The Logging component accepts and logs any other component’s debug messages.
- Warn: The log captures details of potentially harmful events such as rejected transactions and exception events that affect the server.
- Error: The log captures details of events that hinder the server or transaction, but which may still allow the server to function (except events that affect the server.)
Number of Files to KeepFrom the drop-down list, select the number of old log files that must be stored in the server.Log Rotation IntervalSet the interval at which log files roll: at midnight each day, on the first day of the week, or at the beginning of each month.Enable SyslogSelectYesto allow Self Service Portal to send log messages to the syslog. You must configure Syslog Settings (Logs>Syslog Settings) for this feature to work.ProtocolSelecthttpsto use SSL to secure communication to the Self Service Portal. Otherwise, selecthttp.If you select the HTTPS protocol, you must select an SSL key from the list.Security Code Distribution SettingsEnable Automatic DistributionSelectYesto allow users to receive security codes through email, SMS, or voice credentials. You must configure the Self Service Portal Policy in VIP Manager.IdP Proxy Service SettingsEnable IdP Proxy ServiceSelectYesto enable SSP IdP Proxy Service. Enable the SSP IdP Proxy Service to start an additional service to honor the HTTP POST request from an external SSP IdP Proxy (from outside the firewall)If you enable SSP IdP Proxy Service, you must configure the port and encryption key.PortEnter the port on which the service listens.Encryption KeyEncryption key is used to decrypt the attributes coming from the SSP IdP proxy.Password ManagementPassword ManagementSelectAllowedto enable Password Management. Once enabled, a user can reset an expired password on the SSP IdP portal, after successfully logged in with the old password.If you allow Password Management, you must selecthttps(SSL Enabled) in theProtocolfield. You must also generate the VIP Integration Code for JavaScript and add the domain names of the Self Service Portal IdP and load balancer in VIP Manager.Forgot Password LinkSet whether aForgot passwordlink appears in the My VIP authentication flow for users with registered credentials. Note that users that have enabled Remembered Devices will not be prompted for second-factor authentication when resetting passwords.My VIP IdPEnable My VIP IdPSelectYesto create a new IdP context for the My VIP portal. Once enabled, the My VIP portal URL is displayed at the top of the page.Enable Passwordless CredentialsSelectYesto allow users to authenticate with FIDO-enabled passwordless credentials as a strong first factor.Redirect SSP to My VIPSet this slider toOnto automatically redirect users accessing the existing SSP URL to the My VIP portal for credential registration and management.If you have added the VIP Integration Code for JavaScript into your application sign-in pages, you must also add the My VIP portal URL to your JavaScript integration for the redirect to work. See theSymantec VIP Intelligent Authentication (IA) Enterprise Integration Guideor theSymantec VIP Remembered Device Integration Guidefor details on configuring the VIP Integration Code for JavaScript.
Optionally, once you have configured the Self Service Portal IdP, you can configure Trusted Service Access settings for Microsoft AD FS.