About VIP Authentication Services and VIP User Services (Source: click here)

You can develop your enterprise application to use VIP Authentication Services to authenticate your users in two ways.

1. The first method is to directly access the VIP Credential Service to authenticate a credential only by the credential ID and security code. This method uses only the credential IDs in the VIP Cloud. Typically, your application maintains the mapping between the user ID and their credential ID by extending your directory to store these mappings. 
2. The second method is to send the User ID + security code to VIP User Services. In this method, you maintain the user ID and password in your own database (such as Active Directory), then pass the username and security code to VIP User Services where the VIP User ID to credential ID mapping is maintained. The VIP User Service will verify the user exists in the VIP Cloud, then passes the user's credential ID and security code to the VIP Credential Service. Your organization is still in control of your users' information, including the corresponding VIP User IDs in the cloud. For example, internal user ID jsmith could be mapped to an obfuscated VIP user ID 8365183 as a way to privately separate personal identifiable information (PIF). Your application can send any user ID to the VIP User Service as long as it uniquely identifies the user. No user passwords are stored in the VIP Cloud.
    

In addition to user and credential validations, VIP Web Services provides APIs to allow your organization to leverage SMS and Voice delivery, PUSH notifications, transaction verifications, risk assessment (Intelligent Authentication), and web auth level controls. For further details on how to implement VIP Web Services into your application, please refer to VIP Web Services and APIs.