Symantec VIP Update: Groups, Groups, Groups!

Symantec would like to announce the new update of the Validation and ID Protection Service (VIP), with new functionality for VIP Manager and Enterprise Gateway v9.3.

Three new groups features – user groups, admin groups, and a Super Admin group – in this release provide greater flexibility in policy-driven identity management to meet diverse needs, as well as reduce risk and complexity for keeping administrator rights up-to-date. Additionally, there is now the option to use Device Identification and Intelligent Authentication independent of each other, for added protection as part of a multi-factor authentication policy. These new features and others are available now in your VIP Manager. Please ensure you download the Enterprise Gateway v9.3 update to use these features.

Summary of New Features

1. Ability to manage credential policies by user group
2. Ability to manage administrator groups and synchronize with LDAP/AD User Stores
3. Creation of Super Admin group
4. Separation of Device Fingerprint and Intelligent Authentication policies
5. Feature enhancements for end users 

Feature Highlights

Ability to manage credential policies by user group

• Users can now be grouped in VIP Manager and administrators can manage the credential policies for each group, including:
  • Customizing hardware and software credentials available by user group
  • Customizing number of credentials available by user group
• New easy-to-use interface for creating, editing and removing user groups
• Added support to filter user groups for user search

Figure 1: Manage User Groups Interface (VIP Gateway)

Figure 2: Add User Group (VIP Gateway)

Figure 3: User Group Configuration for User Store (Enterprise Gateway)

Ability to manage administrator groups and synchronize with LDAP/AD User Store

• Import admins from the Active Directory and assign them VIP Manager administration rights
• Enable synchronization of administrator records from the LDAP User Store, for automatic additions, deletions, and updates to group membership
• New easy-to-use interface for creating, editing and removing administrator groups
• New permissions added for administrator group and user group management

Figure 4: Find/Modify VIP Administrator Group (VIP Manager)

Figure 5: Admin Group Configuration (Enterprise Gateway)

Creation of Super Admin group

• New group for super administrators with access to all administrator permissions   
• Super Admin group cannot be deleted, providing protection from lockout
• Recommended if you are using LDAP Synchronization

Separation of Device Fingerprint and Intelligent Authentication policies

• Admins now have flexibility to manage device ID policy independent from the risk-based policy, whereas the policies were previously tied together
• New option to always require a security code from unrecognized devices

Figure 6: VIP Intelligent Authentication tab (VIP Manager)

Feature enhancements for end users

• Users who have extensions associated with their phone number will now be able to receive out-of-band one-time password security codes, i.e. a user with the phone number and extension 650-555-1234x1111 will be able to get a one-time password by voice message
• For accounts with Intelligent Authentication enabled, pop-ups requesting a user’s security code will now be localized to the same language as in the browser settings
• For users with Internet Explorer on Windows 8 Desktop, the Registered Computer feature is now supported on this browser
• Users can edit the names of Registered Devices in the Self Service Portal

Additional Features for VIP Enterprise Gateway

• VIP Enterprise Gateway now supports Windows Server 2012
• New Installer available for VIP SSP IDP Proxy Service on Windows and Linux platforms

Third-Party Plug-Ins

• Microsoft IIS 7.x and 8.x (Windows Server 2012 and 2008 R2): VIP services integration plugin now integrates with Microsoft IIS 8.x, providing strong authentication to newer versions of applications hosted on these servers
• Cisco Identity Services Engine (ISE): VIP services now integrates with Cisco ISE device identification, which can enhance user validation and protect user identity
• Cisco ASA firewall: VIP services have been enabled to provide strong authentication to these devices and supports the latest versions
• Citrix Ready Xchange Marketplace: Symantec VIP has been qualified as “Citrix Ready” and compatible with Citrix XenApp and XenDesktop products to provide significant enterprise security and identity protection. For more information, please visit the Citrix Ready Xchange Marketplace

Technical Support

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions. Symantec Support can be reached via email at: enterprise_vipsupport@symantec.com or by phone at +1-650-426-3535 or 1-800-579-2848. You can also visit the VIP support Knowledge Center.

Don’t forget to follow us on Twitter: @SymantecVIP