If a VIP administrator is a member of a VIP Administrator group where Allow Direct Sign-in is set to Yes (enabled), that administrator is prevented from singing in the VIP Manager directly (vip.symantec.com) and must use the organization's sign-in flow to access. This is most often through single sign-on, VIP Enterprise Gateway IdP, Active Directory, or other deployed authentication solutions.
The administrator must access VIP Manager through the organization's access point (single sign-on, VIP Enterprise Gateway IdP, Active Directory, or other deployed authentication solutions).