These attempts are registered in the System Log. When a user exceeds the rate limit, they can’t sign in until the rate limit passes. The rate limit is a total of five unsuccessful attempts from any or all of these authenticators within a rolling five-minute period. These authenticators include Google Authenticator, Symantec VIP, and YubiKey OTP. Okta enforces a rate limit on unsuccessful authentication attempts from Okta-enrolled third-party OTP authenticators. They then need to re-enroll in their non-Okta-based Symantec VIP enrollments. Users are unenrolled from their other, non-Okta Symantec VIP enrollments when they remove their Okta-based enrollment from their Okta Settings page. For subsequent sign-ins, they enter the time-based passcode generated by the VIP Access app on their mobile device and continue with the sign-in process. The end user follows instructions for the Okta sign-in process and in the VIP Access app. During the first sign-in, they’re prompted to set up the Symantec VIP authenticator. Enter the password that you used when you obtained the certificate from Symantec VIP Manager.Įnd users install the VIP Access app on their mobile device.Enter the Credential ID displayed on the screen in the Serial Number field. Click Replace certificate and upload the new certificate. On your mobile device, open the VIP Access app.Open the Actions dropdown menu beside the authenticator, and then select Edit.To replace the certificate follow these steps: You can see the certificate expiration date on the Setup tab. The certificate is typically valid for two years. Therefore, you need to replace the VIP certificate before it expires or if it's revoked. Open the Actions dropdown menu beside the authenticator, and then select Edit or Delete.Īn expired or revoked VIP certificate may lead to VIP authentication failures.In Authenticators, go to the Setup tab. Each physical VIP token has a unique serial number, called a credential ID, which is located on a barcode on the back of the token.Edit or delete the Symantec VIP authenticatorīefore you edit or delete the authenticator, you may have to update existing policies that use this authenticator. See Create an authenticator enrollment policy. In Authenticators, go to the Enrollment tab to add the authenticator to a new or an existing authenticator enrollment policy. The authenticator appears in the list on the Setup tab.Īdd the Symantec VIP authenticator to the authenticator enrollment policy On the Setup tab, click Add Authenticator.Ĭlick Add. In the Admin Console, go to Security Authenticators. VIP Manager password you used to obtain the certificate.VIP certificate from Symantec VIP Manager in.You need the following to configure the Symantec VIP authenticator in Okta: It's a cloud-based authentication service that allows users to sign in by entering a time-based passcode generated by the Symantec VIP app. Symantec Validation and ID Protection Service (VIP) is a device-bound possession factor and verifies user presence.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |