Implementing SMS OTP or Voice OTP in Symantec VIP
search cancel

Implementing SMS OTP or Voice OTP in Symantec VIP

book

Article ID: 257942

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Steps in implementing SMS OTP or Voice OTP in VIP

Environment

AD
VIP Manager
VIP Enterprise Gateway

Resolution

VIP User Services enables you to send security codes directly to a user's mobile device by using SMS (Short Message Service) or voice calls.

Steps as follow:

In AD:

  • Ensure that the user's telephone numbers have been provisioned for the user
    • for SMS OTP, the attribute needed is either mobile, othermobile, or mobiletelephonenumber
    • for Voice OTP, the attribute needed is either telephonenumber, hometelephonenumber, otherhomephone, or othertelephone

 

  For instance as below, after adding mobile and telephone number attribute values:
 

 

In VIP Manager:

  • Go to Policies tab > Account tab, and enable SMS and Voice in ‘Enabled other credential types’

 

  • Go to Policies tab > Components tab, and enable SMS and Voice in ‘Available distribution methods’

 

 

In VIP EG:

  • Go to User Store tab > Search Criteria tab, and enable SMS and/or Voice in ‘Select Attribute’

 

  • Go to Validation tab > select and edit the Validation Server, and enable ‘Enable User Store data for Out-of-Band’ in RADIUS Validation Server

 

  • Go to Home tab, and ensure all changes are synchronized

 

  • Go to User Store tab > LDAP Directory Synchronization, and click on Synchronize Now (if not already synchronized)



Add user's mobile number in VIP Manager

  • In VIP Manager,
    • Go to Users tab and search for the user
    • Edit Details of the user
    • At Credential, click on Add 
      • Type: SMS (or Voice Call)
      • Credential ID: user's mobile number (as recorded in AD)
      • Name: enter a friendly name to identify this credential

 

        • To Add additional credential, click on Add Another

          For instance (below), after adding SMS and Voice Call credentials:

 

 

In Application:

  • If the Validation Server uses "USERID-LDAP Password-Security Code" (ULO) mode:
    • Enter Username
    • Enter Password (LDAP)
    • Check SMS for Security Code
    • Enter Security Code
  • If the Validation Server uses "USERID-Security Code" (UO) mode:
    • Enter Username
    • For Password, type the word 'PUSH'
    • Check SMS for Security Code
    • Enter Security Code



Order of OTP precedence:

  • Please note that SMS OTP takes precedence over Voice OTP
  • For Voice OTP to take precedence, disable SMS OTP in VIP EG (User Store tab > Search Criteria tab, and untick SMS in ‘Select Attribute’)