Symantec Validation and Identity Protection
User Quick Reference Guide
Introduction
In an effort to better protect applications and services, Wolters Kluwer with assistance from Symantec has implemented a new two-factor authentication (2FA) service using the Symantec “Validation and Identity Protection” (VIP) solution.
Symantec VIP is a cloud-based authentication service that enables enterprises to further protect secure access into Internal and external facing Applications and Services to meet compliance standards and to reduce fraud risk. VIP provides an additional layer of protection beyond standard user name and password through a wide variety of additional authentication capabilities including:
· Two-factor authentication - dynamic, one-time-use security codes generated by a user's VIP credential in the form of mobile apps, desktop software, security tokens, and security cards
· Out-of-band authentication - dynamic, one-time-use security codes delivered via phone call, SMS text message or email
The Symantec VIP Service provides ‘out of the box’ Administrator (VIP Manager) and User (Self-Service) portals for VIP lifecycle management.
The new VIP 2FA service will be used for secure VPN remote access into Wolters Kluwer applications and services that are accessible through Citrix remote access service.
Each time users require VPN remote access into the Wolters Kluwer corporate network they must login via the VPN client with their user name, password, and a new security code to authenticate. Because users generate a security code only when they need to access their accounts, unauthorised users cannot guess or otherwise discover the security code like they can with a traditional password. If a credential is lost or stolen, an unauthorised user still has to enter a user name and password accessing a user's accounts, making the credential useless for unauthorised access.
The Symantec VIP service provides remote access Users with a “VIP Self Service Portal” web based portal (accessible from within the Wolters Kluwer network or via the Internet) to perform basic VIP User lifecycle management tasks including;
· Obtaining a new VIP Credential
· Registering a new VIP Credential (to be used for VPN remote access authentication)
· Requesting a Temporary VIP Credential Security Code (due to lost or forgotten Credentials)
· Resetting (sync) of User VIP Credentials, and
· VIP Administrator/Helpdesk assistance
This document is a quick reference guide for Users requiring or in possession of a VIP Credential used for VPN remote access strong two-factor authentication into the corporate environment.
NOTE: For VIP User’s that are not on the corporate network or do not have access to the VIP Self Service portal are to contact Wolters Kluwer VIP Administrators for assistance. VIP Administrators can perform all activities listed in this document on behalf of the User using a special VIP Manager portal. VIP Administrator contact details are provided in Appendix B of this document.
Contents
Part I – Obtaining a new Mobile Credential 3
Part II – Registering a New Credential 5
Part III – Lost or Forgotten Credential 7
Part IV – Testing a User VIP Credential 9
Appendix I –VIP Administrator/Helpdesk Assistance 11
Prerequisites
To perform VIP Credential and Credential User tasks, the following is required;
· You must be an authorised Active Directory (AD) and VPN remote access user belong to the “Access Gateway Users” AD group.
· You have a VIP Credential (“VIP Access Desktop” software for PC’s or “VIP Access Mobile” application for Smartphone/Tablet mobile devices)
· You have access to the Wolters Kluwer “VIP Self Service” portal, http://tokenmanager.wkap.int:8234 for internal users or https://tokenmanager.wkasiapacific.com for Internet users. OR you are able to contact the Wolters Kluwer Administrator/Helpdesk team as per Appendix I
General Requirements
“VIP Self Service Portal” Operating System/Browser Support
VIP Self Service Portal is a web based portal hosted within the customer environment that allows a remote access user to perform basic VIP Credential tasks.
Browser Requirements;
One of the following browsers (to access the VIP Self Service Portal):
· Microsoft Internet Explorer 8.0 and later
· Firefox 3.6 and later.
Part I – Obtaining a new Mobile Credential
In order to perform 2-factor secure remote access into the Wolters Kluwer corporate environment a User must first obtain a VIP Credential. A VIP Credential is available in many form factors including mobile phone application, Desktop application, physical hardware token, SMS, Voice, and smartcard. Wolters Kluwer has elected to allow the use of mobile phone and Desktop VIP Credentials which is a secure application that is downloaded and run on the User’s mobile phone OR Desktop PC.
This guide will provide instructions for obtaining the VIP Access Desktop credential and the VIP Access mobile credential.
I-1 Obtaining a VIP Access Desktop Credential
If you have confirmed that a VIP Access Desktop Credential is not already installed on your PC, perform the following steps;
I-2 Obtaining a VIP Access Mobile Credential
Perform the following steps to obtain a new VIP mobile (Smartphone/tablet) Credential;
Once you have successfully downloaded and installed the Symantec “VIP Access” for Mobile application you will observe a new “VIP Access” application on your mobile phone that displays a “CredentialID” and a “Security Code” value. This is your VIP (mobile) Credential that will be used to perform 2-factor secure remote access to the Wolters Kluwer VPN.
Sample “VIP Access” for mobile application…
Sample “VIP Access” for desktop application…
NOTE:: Before you can use your new VIP Credential you must register your new VIP Credential by performing the steps in Task B.
Part II – Registering a New Credential
There are two (2) methods to assign (register) a Credential to a User;
1. The User self registers a Credential using the VIP Self Service Token Portal
2. The VIP Administrator registers a Credential on behalf of a User via the VIP Manager portal.
The following instructions relate to method 1. (Contact the Wolters Kluwer Help desk or VIP Administrator if you require assistance with registering your new VIP Credential)
Part III – Lost or Forgotten Credential
The following instructions are performed by the VIP User to obtain a VIP Temporary Credential Security Code due to the User not currently being in possession of their primary VIP Credential. (Credential possibly lost or left at home).
There are two (2) methods to obtaining a VIP Temporary Credential Security Code, namely;
1. The User can generate a VIP Temporary Credential Security Code via the Self Service Portal, or
2. The User can request a VIP Temporary Credential Security Code by contacting the Wolters Kluwer Helpdesk/VIP Administrator.
The following instructions relate to method 1.
Sample Temporary Credential Security Code delivered via email…
Part IV – Testing a User VIP Credential
If the User is finding that the Credential Security Code entered into the VPN login screen is being rejected it could be due to the token either being out of synchronisation or locked. The User can verify by testing the Credential via the Self Service Portal.
Perform the following instructions to test your VIP Credential…
NOTE: If the Credential is failing the Security Code test the User can request a Temporary Credential Security Code as per Part III instructions and/or contact the Helpdesk/VIP Administrator as per Appendix I for further assistance.
Only a Helpdesk/VIP Administrator has permission to re-synchronise and/or unlock a VIP Credential.
Refer to Appendix I to contact your VIP Administrator.
Appendix I –VIP Administrator/Helpdesk Assistance
Wolters Kluwer authorised VIP Administrators can perform all the activities performed in this guide plus further User Credential activities like Credential resynchronisation, Credential unlock and Enable from a disabled state.
Please direct all initial Support enquiries to the Wolters Kluwer VIP Administrator Team.
Please contact your Symantec Sales representative or Sales Engineer for information about additional products, services and implementations. For all ongoing escalation technical support and service availability issues please contact the VIP Helpdesk.
VIP Administrator/Helpdesk Contact Details;
Group Name:Email Address:
Business Hours Phone Number:
After Hours Phone Number:
Fax Number:
Other:
3