As previously announced, the Symantec Trusted Device plugin is reaching its end of life. On April 30, 2023, the option to enable Trusted Device was disabled, although Trusted Device continued to function for customers that had already enabled it.

On May 1, 2025, the Trusted Device functionality will be completely disabled for all the VIP customers.

The Trusted Device (TD) plugin functionality will be permanently disabled for all the customers from May1st 2025 .

VIP customers may switch to Remembered Device. Remembered Device includes the Device Fingerprint feature, which provides similar functionality in a browser-based solution, rather than a device-based plugin. Note that Trusted Device only works in the JavaScript authentication flow. Device Fingerprint works in the JavaScript and VIP Login authentication flows. If you enable Remembered Device, your end users will be prompted to remember their devices in these additional flows.

See Configure the Remembered Devices Policy in VIP Manager (in the Symantec VIP Remembered Device Guide) for information on switching to Remembered Device.

If customers do not want to switch to Remember Device, no further action is required. 

End users that have been using the Trusted Device plugin for authentication will be prompted for multi-factor authentication after Trusted Device has been deprecated.

Additional Information:

Determining if Trusted Device is in use and obtaining a list of Trusted Device end users

Complete these steps to determine if Trusted Device is enabled and to export a list of end users with registered Trusted Devices:

1. Log in to VIP Manager (https://manager.vip.symantec.com).
2. Click the Policies tab. If Enable Trusted Device is not visible in the Remembered Devices Policy section, your end users are NOT affected by this change and no further action is required.

 If Enable Trusted Device is set to yes, complete the following steps to export a list of affected end users:

1. Click Reports > End User Reports. 
2. Select Transaction Reports, select a date range (for example, Last 7 Days), select Authenticate User from the Operation drop-down, and then click Generate Report. 
3. After the report is generated, click Export to CSV.
4. Open the file in a spreadsheet editor such as Excel or Google Sheets.
   
   

Any authentication where the credential ID prefix is SYTD, SYTU, or SYSC was a Trusted Device login (for example, SYTD12345678).

Removing Trusted Devices (Optional)

Although the Trusted Device functionality will not work after it is deprecated, traces of the Trusted Device feature may remain in VIP Manager, the Self Service Portal, and on your end users' devices.

After March 1, 2025, you and your end users can take these optional steps to remove these traces completely. These are optional procedures, and there is no impact to you or your end users if you don’t perform these procedures.

• VIP Manager

As a VIP administrator, complete the following steps to remove Trusted Device credentials registered to your end users in VIP Manager. Removing Trusted Device credentials from your end users in VIP Manager also removes them from the Self Service Portal.

1. Log in to VIP Manager (https://manager.vip.symantec.com)
2. Navigate to the Users tab. 
3. Select the Credential Type > Remembered Device filter and click Apply Filter.

Alternatively, if you used the procedures in the previous section to export a list of end users with Trusted Devices, you can search for just those end users that appeared in the report.

For each user returned:

1. Click Edit User.
2. Under Remembered Device, click Remove for any credential with a Type of Trusted Device.

• Self Service Portal

Have your end users complete the following steps to remove Trusted Device from the Self Service Portal. You will need to provide the link to your VIP Enterprise Gateway IdP Self Service Portal instance to your end users (https://<vipegidpserver>:port/vipssp).

Note: If you completed the previous steps to remove Trusted Device credentials from VIP Manager, those references to Trusted Device are automatically removed from the Self Service Portal. Your end users can skip this procedure.

1. Log in to the Self Service Portal.
2. Under Registered Devices, click the Action button next to any device of type Computer.
3. Click Remove to remove the Trusted Device credential.

• End user devices

Have your end users complete the following steps to remove the Trusted Device plugin and extension from their devices. Optionally, you can perform these procedures for your end users using system management or other configuration tools.

1. Download and run the appropriate Symantec Authentication Client uninstaller from the following URL: https://ssp.vip.symantec.com/vipssp/uninstaller.v
2. Remove the Symantec Authentication Client browser extension using the browser settings menu.

If you have questions, please contact Symantec VIP Support at https://support.broadcom.com/.