Symantec VIP
Symantec VIP (Validation and ID Protection) is a cloud-based multi-factor authentication service that uses smartphone push notifications, SMS codes, and biometrics to secure user access.
What is Symantec VIP?
What is Symantec VIP?
Symantec VIP (Validation and ID Protection) is a multi-factor authentication (MFA) service offered by Broadcom (formerly Symantec). It provides an additional layer of security beyond passwords by requiring users to verify their identity through a second factor, such as a push notification on their smartphone, a one-time code from the VIP Access app, or a hardware OTP token.
The service operates on a cloud-based model where organizations configure their applications (VPNs, web portals, SSO gateways) to integrate with the VIP platform via standard protocols like RADIUS, SAML, and REST APIs. When a user attempts to log in, Symantec VIP pushes an authentication request to the user's registered device, and the user simply approves or denies it. This "out-of-band" approach makes it extremely resistant to phishing and man-in-the-middle attacks.
Symantec VIP also supports risk-based authentication policies, allowing organizations to require MFA only for high-risk transactions or from untrusted locations. With the VIP Access app, users can generate OTP codes even when offline, ensuring continued access in low-connectivity environments. The platform manages device registration, credential lifecycle, and user self-service through a centralized admin portal.
Analogy
Symantec VIP is like having a personal security guard who calls your smartphone every time someone tries to enter your building. No matter how many keys they have, the guard won't let them in until you confirm it's really you.
Types and Use Cases
- VPN Access: Remote employees connecting to corporate VPNs are challenged with a VIP push notification to their mobile device before the tunnel is established.
- Cloud Application SSO: Organizations integrate VIP with SAML-based IdPs (such as Okta or Azure AD) to add MFA before accessing SaaS applications like Office 365 or Salesforce.
- Privileged User Access: Admin portals for IT infrastructure (servers, databases, cloud consoles) require VIP authentication as a second factor for elevated operations.
- Customer-Facing Portals: Banks and healthcare providers deploy VIP MFA to protect customer account portals, using push or SMS OTP for transaction verification.
How it Works
{
"user": "jane.doe@acmecorp.com",
"authRequest": {
"requestId": "vip-req-9a8b7c6d",
"method": "push",
"deviceId": "device-uuid-abc123",
"application": "Corporate VPN"
},
"symantecVipResponse": {
"status": "approved",
"approvedAt": "2025-06-04T15:00:00Z",
"authContext": {
"ipAddress": "198.51.100.20",
"geoLocation": "San Francisco, CA",
"riskScore": 12
}
},
"session": {
"sessionId": "sess-xyz-987",
"expiresAt": "2025-06-04T17:00:00Z"
}
}Symantec VIP vs RSA SecurID
Symantec VIP
RSA SecurID
Symantec VIP is a cloud-native, push-based MFA service that relies on smartphone notifications
RSA SecurID traditionally uses hardware tokens with time-based PINs (though RSA also offers cloud options).
Symantec VIP integrates via SAML, RADIUS, and REST APIs
RSA SecurID uses RSA Authentication Manager as a centralized on-premise or cloud authentication server with its own agent protocol.
Symantec VIP emphasizes out-of-band push authentication for phishing resistance
RSA SecurID relies on shared secrets and time-synchronized one-time passwords (though both support mobile apps and hardware tokens).
Best Practices for Symantec VIP
- Enforce device registration with user verification (e.g., email confirmation or biometric check) to prevent unauthorized device enrollment.
- Configure risk-based authentication policies to only challenge users with VIP MFA when accessing from untrusted networks, new devices, or during sensitive transactions.
- Regularly audit registered devices and remove orphaned or inactive device records to maintain a clean credential inventory.
- Provide user self-service portals for lost device recovery and VIP credential reset to reduce helpdesk call volume.
How LoginRadius Powers Symantec VIP
LoginRadius integrates with Symantec VIP as a third-party MFA factor, allowing organizations to reuse their existing Symantec VIP credentials for customer-facing applications. The LoginRadius Admin Console provides a simple configuration interface to enable VIP as an authentication step in login, registration, and password reset flows. This allows enterprises to maintain a consistent security posture across both internal and customer-facing apps.
FAQs
Yes. The VIP Access mobile app can generate one-time passcodes (OTPs) offline using a shared seed stored on the device. Users can enter these codes manually for authentication even when their phone has no network connectivity. Push notifications, however, require an active internet or cellular connection.
Symantec VIP integrates with most major identity providers and access management platforms through standard protocols. It supports RADIUS for VPNs and network devices, SAML for web SSO, and REST APIs for custom integrations. Many IdPs and SSO gateways also offer a pre-built VIP connector.
LoginRadius supports Symantec VIP as an external MFA provider through its multi-factor authentication framework. Administrators can configure VIP as an authentication factor in the LoginRadius Admin Console, allowing end users to authenticate using VIP push notifications or OTP codes during login flows. This enables enterprises using Symantec VIP to extend the same MFA credential to their customer-facing applications managed by LoginRadius.