This article clarifies whether a VIP Manager administrator can manually add a third-party authenticator app (such as Microsoft Authenticator or Google Authenticator) to a user's profile on their behalf. It details the requirements for registration and explains why this process differs from registering a standard VIP Access credential. Administrators often need to assist users with onboarding or credential recovery. While administrators can manually bind a VIP Access Credential ID to a user in the VIP Manager console, they may find there is no equivalent option to manually add a third-party TOTP (Time-based One-Time Password) authenticator app for a user.

VIP Manager

Unlike the Symantec VIP Access app, which provides a pre-generated, unique Credential ID that can be read over the phone and typed into the VIP Manager console, third-party apps (Microsoft Authenticator, Google Authenticator, etc.) do not use a fixed ID.

The registration process for third-party apps requires a secure handshake that involves User Intervention:

1. Unique Seed Generation: The system must generate a unique secret key (represented as a QR code).

2. Live Scanning: The user must physically scan this QR code with their mobile device to "seed" the account.

3. Verification: The user must immediately enter a generated security code to verify the synchronization.

Because this secret key is sensitive and requires a live scan of a QR code that is unique to the user's device, an administrator cannot complete this process from the VIP Manager console.

Supported Enrollment Method

The registration of third-party authenticator apps is currently supported only through the MyVIP portal.

To add a third-party app, the user must:

1. Log in to the MyVIP portal.

2. Navigate to Add Authentication Method.

3. Select Authenticator App (other than VIP Access).

4. Follow the on-screen prompts to scan the QR code and verify the device.