EntraID EAM setup with Symantec VIP is currently incompatible with SSPR
search cancel

EntraID EAM setup with Symantec VIP is currently incompatible with SSPR

book

Article ID: 387344

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Microsoft (MS) Entra ID - External Authentication Methods (EAM) setup with Symantec VIP is currently incompatible with Self-Service Password Reset (SSPR)

Cause

Microsoft Entra ID: 

Order of method prompting (System Preferred MFA) and auth methods configuration: with the initial preview release, Microsoft Entra ID did not support EAMs in System Preferred MFA. This means that if the customer has multiple methods available, then they’re first prompted for the other method and have to selected a prompt to be able to use the EAM. With System Preferred, the EAM will be prompted first depending on which other methods the user has registered. If the EAM is the only method the customer wants to use, then they will need to ensure that their users are not registered for other authentication methods.

SSPR: Support for EAMs as part of credential recovery is in the roadmap for 2025, but there’s no timeframe to share right now. SSPR does not support reset gated via custom controls

Resolution

Since this is an EAM at MSFT issue, and not an issue with Symantec VIP, your company will need to work with Microsoft Support regarding any further EAM questions and timeline for EAM availability.

Additional Information