The Broadcom authentication systems used by Symantec cloud product administrators will transition to a new technology in 2025.  There are two types of authentication experience: federated and non-federated. 

• You are a “federated user” if you use your corporate credentials to log into Symantec cloud product portals/consoles. 
• You are a “non-federated” user if you enter credentials directly into the Broadcom Login service or a product portal when accessing a cloud-based management interface. 

Symantec Cloud Services, integrated with Broadcom Login, will start switching to new infrastructure in January 2025.  

The new authentication platform will be hosted at access.broadcom.com.  For federated users, there will be a three (3) month transition period where both old and new configurations will function for federated customers.   Federated configurations should be updated by the end of May 2025.

In January, non-Federated users will be asked to configure a new password in the access.broadcom.com system.  Broadcom will email individual user migration schedules in batches.  The full transition of non-Federated users must also be complete by the end of May 2025.  

Q:  What is changing?

A:  As part of Broadcom’s ongoing system updates, the underlying technology of the common login service will be replaced.  The current technology hosted at login.broadcom.com is used for administrator authentication by most of the Symantec Cloud Services.  The new system hosted at access.broadcom.com will be activated for Symantec customers in January 2025.

Q:  What are the key dates?

A:  In January 2025, Symantec’s shared platform will deploy an update enabling Federated customers to begin using the access.broadcom.com service.  Symantec asks those customers to complete the reconfigurations to use access.broadcom.com during the transition window of January 21st, 2025 to May 30th, 2025.  Non-Federated customers should expect notifications with instructions from Broadcom on converting their accounts in January 2025.  Throughout the transition periods, both old and new systems will continue functioning.  

Q:  How will administrator authentication change during the transition window?

A:  Following the Symantec platform update, customer administrators will automatically be redirected to the new authentication system.  For non-federated customers, starting January 21st, 2025, at their next login to cloud products, they will be directed to access.broadcom.com and prompted to set up a new password (and reconfigure MFA if enabled).  For federated customers, the authentication flow will pass through access.broadcom.com and revert to the current login.broadcom.com until a federation update is completed.  

Q:  What MFA options will be available?

A:  The new access.broadcom.com service includes three fully supported MFA options:  email-based one-time password, biometrics from the PC/laptop, and app-based one-time password.  The Symantec VIP app is fully supported.  SMS-based MFA is no longer available.  NOTE:  You can continue to use 3rd-party software tokens (such as Google Authenticator, Okta Verify, and others) as an app-based MFA option; however, any support queries must be directed to the 3rd-party provider.

Q.  For non-federated customers, how will the login experience change between January 21st and before May 30th, 2025?

A.  After January 20th, their next login to Symantec cloud products (or support.broadcom.com) they will be prompted for a new password on their Broadcom profile via the access.broadcom.com page.  The steps and screenshots are documented in Broadcom Profile Authentication Technology Transition Notice.  Following this configuration step their access to Symantec and Broadcom technologies remains unchanged.

Q:  For federated customers, what are the steps to be taken after January 21st and before May 30th, 2025?

A:  Administrators with appropriate permissions to modify IdP federations will receive an email on or after January 21st.  This email will include a link to an update tool for making the required changes.  One email will be sent for each email domain a customer has federated.  Each email domain must be updated.  The instructions are available in Updating Your IdP Settings for the Broadcom Transition to AuthHub.

Q:  How will administrator authentication be affected after the old Login.Broadcom.com technology is deprecated? 

A:  After May 30th, 2025, the previous login.broadcom.com technology will be retired.  At that time logins still dependent on the old technology will fail.  For Symantec cloud products the impact will be loss of access to the management portals/consoles.  The products themselves will continue to function based on the current configurations.  API-based management will not be affected. 

Q:  What is the recovery process if a customer/user misses this transition window?

A:  In general, completion of the transition steps will be sufficient to re-establish authentications.  Federated customers can re-establish federation by updating their Identity Provider (IdP) configuration to trust the access.broadcom.com service.  Non-federated customers will still be able to reset their passwords as described in the transition notifications.  As always, Symantec Support remains available to assist as needed.

Q:  If my customer is not currently federated, should this be configured before the transition?

A:  Only if necessary.  Federations configured before the transition period will require re-establishment of trust during the transition window.  For this reason, it is recommended new federations be deferred until the new Broadcom authentication system is available after January 2025.    Customers may implement the federation of most Symantec cloud products via the shared platform configuration UI (https://techdocs.broadcom.com/us/en/symantec-security-software/cloud-console/accounts/cloud-portal/identity-provider-page.html).  

Q:  What are the configuration details related to switching federation trust?

A:  Specific meta-data and configuration steps for common IdP vendors will be made available ahead of the transition window.  

Q:  What changes are needed in my network? 

A:  For most networks no changes are needed.  However for organizations with highly restricted internet access, please update permissions to allow access.broadcom.com.

Q:  When will access.broadcom.com be resolvable?

A:  access.broadcom.com is DNS resolvable now.  The system is already in production use for certain Broadcom products.  

Q: On which dates does a customer need to re-configure the IdP Federation with Broadcom to keep access?

A:  UPDATE:   The transition window for IdP federation configuration changes has been shifted to January 21st, 2025 through May 2025 (four months). 

Q:  Will this change authentication to the support.broadcom.com portal?

A:  Yes.  Authentication to support.broadcom.com also uses the Broadcom Login system and will transitioning on the same schedule.  However, IdP federation of support.broadcom.com is independently configured from product federations.  If a customer was previously non-federated for the Support portal they will remain so after the transition.