VIP (Validation ID Protection)

 

We are trying to enable MFA for OWA (Outlook Web Access) for a specific group in Active directory as below :

 

• Customer has 1000 users.
• The customer has 300 licenses only.
• We want to enable MFA for 300 users to be protected with MFA.
• We want the remaining 700 users to login without MFA using AD credentials.
  
  
  how to achieve that?

What OWA integration are you using? (ADFS, IIS, Oracle...)

Hi 

You can achieve that in the user store , there is a filter to include or exclude some users, groups , OUs . 

I recommend to create a group for all the users that you want to enable MFA and put it in that folder as shown in the below article 

https://support.symantec.com/us/en/article.tech22654.html 

 

Please let me know if it solves your problem , and Please mark it as a solution .

Andreas Horlacher I'm using IIS

Fady azab Hi Fady 

what will happen for the excluded Users ?? will be bypassed the VIP and will be able to login using AD credentials?

Yes exactly , they will just login with the AD credentials 

Fady is correct. Using the filter and including/excluding users in a particular group is how to achieve this. 

Thanks Fady and Andreas 

eyad,

Have you implemented this? Does it work?

My understanding is that when enabling VIP for OWA, MFA is active for all login attempts.
And as long as one is not a member of a defined AD group, access will be denied, irrelevant if one provides VIP credentials or not.

Regards,
Koen
Original Message:
Sent: 01-23-2020 04:49 PM
From: eyad AL-Ghraibah
Subject: Symantec VIP for specific Group_ OWA

Thanks Fady and Andreas