Standard fields
Field Description

Client Certificate

Select the VIP Manager certificate that you downloaded and imported into PingFederate.

VIP Configuration Type

Selection options are:

Pilot
The adapter tests the connection to the VIP API, which is used to verify user-token authentication.
Production
The adapter runs as normal.

If you have a specific URL to use for the API, enter it in the Advanced Fields section.

Note:

The standard one-time passcode (OTP) security-code generators for VIP are usable only for production. They don't provide valid codes for a pilot configuration. Instead, you must obtain the VIP Test Drive OTP generator for pilot testing.

Advanced fields
Advanced fields
Field Description

Default Authentication Method

Determines whether the adapter defaults to push, SMS, or voice, or prompts the user to select an authentication method for the current session. The selection options are:

None
The adapter prompts the user to choose an authentication method or enter a Symantec VIP security code. This is the default selection.
Security Code
The adapter prompts the user to enter a Symantec VIP security code.
Push Notification
The adapter sends a push notification to the Symantec VIP app on the user's mobile device.
SMS and Voice Call
The adapter sends a text or voice authentication message to the user's phone number.
Note:

If the default method isn't valid for a user, the adapter prompts the user to select another authentication method.

Override Default Authentication Method

When enabled, the adapter checks the Security Code Attribute Name defined below. If the user has a security code in the data store, the adapter passes it to Symantec, allowing the user to skip any prompts.

If the user does not have a security code in the data store, the adapter falls back to the default authentication method.

Security Code Attribute Name

The name of the attribute in your data store that contains a user's Symantec VIP security code. The adapter checks this attribute when Override Default Authentication Method is enabled.

Suppress Add Credential

When selected, users are not shown the interface to register new credentials, such as phone numbers or email addresses.

Important:

If you are using this adapter instance in a password reset flow, select this check box. This prevents users from bypassing authentication by adding credentials during the password reset flow.

Push Request Timeout

Timeout for push requests, in seconds.

The default value is 60.

Challenge Retries

The maximum number of times that a user can try to authenticate before authentication fails.

API URL Override

Overrides the API URL defined by the selected VIP Configuration Type. Use a URL override to connect to the API service if you have a non-standard pilot or production instance of Symantec.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_6

Management API URL Override

Overrides the Management API URL defined by the selected VIP Configuration Type. Use a URL override to connect to the Management API service if you have a non-standard pilot or production instance of Symantec.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/ManagementService_1_6.

Query API URL Override

Overrides the Query API URL defined by the selected VIP Configuration Type. Use a URL override to connect to the Query API service if you have a non-standard pilot or production instance of Symantec.

By default, the adapter uses the following URL for a production configuration: https://userservices-auth.vip.symantec.com/vipuserservices/QueryService_1_6

VIP API URL Override

Overrides the VIP API URL defined by the selected VIP Configuration Type. Use a URL override to connect to the VIP API service if you have a non-standard pilot or production instance of Symantec.

By default, the adapter uses the following URL for a production configuration: https://services-auth.vip.symantec.com/mgmt/soap

The adapter contract returns the following attributes when you make a call to it.

Contract attributes
Contract attributes

subject (core attribute)

Specifies the username obtained by the first-factor adapter.

credential_id (non-core attribute)

Specifies the credential ID that was used to sign on to Symantec VIP.

credential_type (non-core attribute)

Specifies the type of credential that was used to sign on to Symantec VIP.