If you use Symantec VIP two-factor authentication in your environment, you can configure Symantec Endpoint Protection Manager administrators to authenticate with it.
Two-factor authentication adds an extra layer of security to the logon process. When two-factor authentication is enabled, you must provide a unique, one-time verification code when you log on, in addition to a password. You can receive the code by voice, text, or with the free Symantec VIP Access app. This app is recommended because it is the most secure and it is easy to use. For a quick overview of Symantec VIP, see:
You manage the individual two-factor authentication settings for each individual administrator that uses Symantec Endpoint Protection Manager Authentication. Administrators that authenticate with RSA SecurID or Directory authentication cannot use two-factor authentication.
Two-factor authentication is not supported over IPv6, or in a FIPS-enabled environment.
To configure Symantec Endpoint Protection Manager for two-factor authentication with Symantec VIP
In the console, click Admin > Servers, and then click the local server name.
Under Tasks, click Configure VIP authentication.
Browse to the PKCS keystore file to select it, enter the keystore's password, and then click OK.
The certificate automatically propagates to other Symantec Endpoint Protection Manager consoles in the same site without the need for replication. You do not need to manually add the certificate to each Symantec Endpoint Protection Manager on the site.
To propagate the certificate to a Symantec Endpoint Protection Manager on a different site, the sites must be replication partners.
To configure the administrator for two-factor authentication with Symantec VIP
Verify that the Symantec Endpoint Protection Manager administrator has a corresponding user name on the Symantec VIP Manager that matches exactly, including case sensitivity. The passwords for the two user names do not have to match.
Consult Symantec VIP Manager documentation for how to configure a user name.