Configuring VIP Intelligent Authentication in VIP Manager

If you are implementing VIP Intelligent Authentication, you must enable and configure the VIP IA policy in VIP Manager.
  1. To configure VIP Intelligent Authentication in VIP Manager for the first time:
  2. Sign in to your account in VIP Manager.
  3. Select
    Policies
    in the navigation bar at the top of the page.
  4. Select the
    VIP Intelligent Authentication
    tab.
  5. Select the
    Edit
    link.
  6. Enable VIP IA, and then configure the IA policy:
    • Select an appropriate sign-in threshold value for your users by estimating how likely IA requires additional authentication, based on end-user risk.
      By default, the threshold value is set between
      Moderate
      and
      Strict
      , which is the setting that Symantec recommends.
      In general, the stricter that you set the risk threshold value, the more likely VIP IA considers sign-in events suspicious. If an IA risk level for a user's authentication attempt is higher than the set threshold, IA considers the attempt risky. Then IA recommends performing additional authentication before the user is granted sign-in access.
    • Determine whether security codes should always be required for authentication from unrecognized devices.
      This option is checked by default to take advantage of Device Fingerprint (within the VIP Account policy) for evaluating device attributes during user sign-in. Users must always provide a security code in response to a challenge for sign-in authentication, regardless of the current IA threshold or risk-based IA score.
      If this option is disabled, users must respond to the challenge for authentication based exclusively on the following regardless of any unrecognized devices:
      • IA threshold
      • IA policy settings
      • IA risk score
      If this feature is disabled, it effectively makes the IAAuthData parameter optional for applicable IA APIs.
      See the
      VIP User Services Developer's Guide
      for details about IAAuthData.
    • Optionally, specify additional countries with increased risk, from where any user sign-in attempt can increase the user's IA risk score.
    • Optionally, specify IP addresses from where you need to always block (fail) or always accept (succeed) user sign-in attempts.
      Up to 300 entries can be uploaded from a single file (one IP address or one IP address range represents one entry). Each IP address must be in either IPv4 or IPv6 format and a hyphen must separate each IP address range. All entries must be comma-separated.
      For example:
      • For IPv4: 192.0.2.40,203.0.113.255,198.51.100.1-198.51.100.100.
      • For IPv6: 2001:DB8::0:1804:0:15:0:100,2001:DB8:0:1804::15:30:100-2001:DB8:112:1804::15:40:100
  7. Click
    Save
    .
    Next Step: