Getting Started with VIP Access
1. Quick Start Installation Guide
How to install 2FA on a mobile device, laptop or desktop, or register a hard token card.
1.1. Registration instructions for smartphone or mobile devices
1. On your mobile device, launch the appropriate app store to install the VIP Access app (Google Play, Apple Store, etc.).
2. Search for ‘ VIP Access ' in your app store and select ‘ Install '.
3. From your computer, launch your internet browser and go to https://2fa.kbr.com.
4. Log in with your XNET or KBR Network User ID and Password .
5. Complete the one-time sign-in to confirm your identity.
6. Enter the 6 digit code that was sent via the means selected in step 5 and select ‘Sign In.'
7. Click ‘ Register' to begin.
8. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your device.
b. Enter the Credential ID from the app on your mobile device, into the Credential ID field in your internet browser on your computer.
c. Enter the 6-digit Security Code from the app on your mobile device, into the ‘Security Code' field in your internet browser on your computer.
9. Select ‘Submit.'
10. Your credential has been successfully registered.
You are now able to successfully log in to KBR specific applications.
1.2. Registration instructions for desktop version (laptop or desktop computers)
1. On your laptop or desktop computer, launch your internet browser and go to: https://idprotect.vip.symantec.com/desktop/home.v
2. Select ‘Run' to run the VIP Access setup install.
NOTE: If selecting ‘Run' does not kick off the installation, you may need to select ‘Save' and run the installation with administrative rights.
3. Launch the ‘VIP Access' desktop tool from your desktop or Programs menu.
4. From your computer, launch your internet browser and go to: https://2fa.kbr.com/.
5. Log in with your XNET or KBR Network User ID and Password.
6. Complete the one-time sign-in to confirm your identity.
7. Enter the 6 digit code that was sent via the means selected in step 6 and select ‘Sign In.'
8. Click ‘ Register' to begin.
9. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your device.
b. Enter the Credential ID from the desktop tool, into the Credential ID field in your internet browser on your computer.
c. Enter the 6-digit Security Code from the desktop tool, into the ‘Security Code' field in your internet browser on your computer.
10. Select ‘Submit.'
11. Your credential has been successfully registered.
You are now able to successfully log in to KBR specific applications.
1.3. Registration instructions for hardware token card
1. With your Hardware Token Card in hand, on your computer, launch your internet browser and go to: https://2fa.kbr.com/.
2. Log in with your XNET or KBR Network User ID and Password .
3. You will be required to complete a one-time sign-in to confirm your identity. Select one of the options in the ‘Confirm your Identity' window.
NOTE: Some users may have more options than others, based off of the information that is listed in Outlook Properties/Active Directory. For external non-KBR employees, an email address may be the only option available.
4. Enter the 6 digit code that was sent via step 3, and select ‘Sign In.'
5. On the right, click ‘ Register' to begin.
6. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your
device, such as ‘My Token' or ‘My Hardware Card,' etc.
b. Enter your Credential ID from your Hardware Token Card into
the ‘Credential ID' field in your web browser.
c. On your Hardware Token Card, click the ‘Press Here' button to
display your 6- digit unique security code in the upper right hand
corner of the card. Enter this code into the ‘Security Code' field
in your web browser.
7. Select ‘Submit.’
8. You will receive a confirmation that your Hardware Token Card has been successfully registered.
You are now able to successfully log in to KBR specific applications which prompt you for two-factor authentication. (SharePoint, Citrix, VPN, OWA, etc,)
2. User Registration Instructions
To strengthen KBR information security and safeguard company data, Information Technology has implemented two-factor authentication for remote access. Two-factor authentication (2FA) provides identification of users by pairing two different components for enhanced security, to protect access to networks and websites. These components may be something the user has (a security code), and something the user knows (a password).
Prerequisites (READ ME FIRST):
Two-Factor Authentication is as easy as 1, 2, 3! Specific details are outlined in this document. Summary steps:
1. Install the Symantec VIP application on your smartphone/mobile device, or on your computer. We recommend the smartphone/mobile device as the preferred method, as this device can travel with you and can conveniently provide your VIP security code at any time for any application requiring the two factor authentication 6 digit security code.
2. Once you have installed the Symantec VIP application, launch your Internet Browser on your computer and register the credential that appears on your mobile device on the Symantec VIP Self Service Portal.
3. Now that you have installed and registered the Symantec VIP application, you may now use the randomly generated 6-digit Security Code to log into selected KBR applications such as Citrix, Outlook Web Access, VPN and SharePoint.
2.1. For smartphones or mobile devices (RECOMMENDED)
1. Connect to a secure Wi-Fi connection.
2. It is recommended to power off/on your device.
3. You must set up your Google Play or Apple Store ID (or available application store for your device) and password prior to beginning the installation, as you may need to enter them if prompted.
4. The Symantec VIP application is FREE and is usually less than 2MB.
5. Symantec VIP does not require mobile data or Wi-Fi connection to use the application, once installed.
REGISTRATION INSTRUCTIONS:
1. On your mobile device, launch the appropriate app store to install the VIP Access app. (Google Play, Apple Store, etc.)
2. Search for ‘VIP Access' in your app store and follow the on-screen instructions for installing the app.
NOTE: Symantec VIP is available on most devices:
• iPhone and iPad running iOS 7.0 and higher
• Android running v4.0 and higher
• Windows phone running 7.5, 8, and 8.1
• Blackberry 10 and higher
3. Once the application is installed on your mobile device, from your computer launch your internet browser and go to https://2fa.kbr.com/.
4. Log in with your XNET or KBR Network User ID and Password.
5. You will be required to complete a one-time sign-in to confirm your identity. Select one of the options in the ‘Confirm your Identity' window.
NOTE: Some users may have more options than others, based on the information that is listed in Outlook Properties/Active Directory. For external nonKBR employees an email address may be the only option available. For external non-KBR employees whose email address is incorrect, please contact your KBR sponsor for assistance.
6. Enter the 6 digit code that was sent via the means selected in step 5, and select ‘Sign In.'
NOTE: This code will only be used the one time and can be deleted once completed with this sign in.
7. Click ‘Register' to begin.
8. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your device,
such as ‘My iPhone' or ‘My Android,' etc.
b. Launch the VIP Access app you just installed on your smartphone or
mobile device and locate the credential ID, then enter that credential
ID listed into the Credential ID field in your web browser on your
computer.
c. Go back to the VIP Access app on your smartphone or mobile device
and locate the Security Code. Enter the displayed unique 6-digit
security code listed into the ‘Security Code' field in your web browser
on your computer.
9. Select ‘Submit.'
10. You will receive a confirmation that your device has been successfully registered.
NOTE: Your newly registered credential will appear under “Your Registered Credentials” in the VIP Self-Service Portal.
You are now able to successfully log in to KBR specific applications which prompt you for two-factor authentication. (SharePoint, Citrix, VPN, OWA, etc.)
2.2. Desktop Version (laptop or desktop machine)
1. You will need to install the software from the Symantec website on your machine to use the desktop version.
2. KBR computers will allow the desktop version installation, but other company's computers may require administrative privileges to install the software. If you are experiencing difficulties with installing the application from the Symantec website, contact your company's IT support.
REGISTRATION INSTRUCTIONS:
1.On your laptop or desktop computer, launch your internet browser and go to https://idprotect.vip.symantec.com/desktop/home.v
2. At the bottom of the internet browser window, select ‘Run' to run the VIP Access setup install that should pop up.
NOTE: If selecting “Run” does not kick off the installation, you may need to select ‘Save' and run the installation with administrative rights.
NOTE: If you don't receive the pop up window, select ‘Get VIP Access Desktop' in the upper right hand corner of the browser window, then select the appropriate operating system
3. Follow through with the installation instructions as prompted.
NOTE: Installation instructions may look different depending upon the browser and the operating system being used.
4. An icon should appear as ‘VIP Access' on your desktop when completed.
NOTE: Location of the installed application may vary depending upon the operating system.
5. Open the application which will bring up the VIP Access desktop tool on your desktop. This window may hide behind other windows that may be open.
6. On your computer, launch your internet browser and go to https://2fa.kbr.com/.
7. Log in with your XNET or KBR Network User ID and Password.
8. Select the appropriate option which fits your needs, to complete your one-time sign-in, to help confirm your identity.
NOTE: Some users may have more options than others, based off of the information that is listed in Outlook Properties/Active Directory. For external nonKBR employees, an email address may be the only
9. Enter the 6-digit code that was sent via the means selected in step 4, and select ‘Sign In.'
10. Click ‘Register' to begin.
11. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your device,
such as ‘My desktop' or ‘My laptop,' etc.
b. From the newly installed VIP Access desktop application, locate the
Credential ID. Enter it into the Credential ID field in your internet
browser on your computer.
c. Go back to the VIP Access desktop application and find the Security
Code. Enter in your unique 6-digit security code in the ‘Security Code'
field in your internet browser on your computer.
NOTE: You may click on the icon to the right of the Security Code to copy the code.
12. Select ‘Submit.'
13. You will receive a confirmation that your device has been successfully registered.
NOTE: Credential ID in the confirmation screen should match the Credential ID listed on the registered device.
You are now able to successfully log in to KBR specific applications which prompt you for two-factor authentication. (SharePoint, Citrix, VPN, OWA, etc.)
2.3. For a hardware token card
If you don't have access to a smartphone or mobile device, or cannot install the desktop version on your computer, please contact your assigned KBR Project support or send an email to KBR IT 2FA Support at kbrit2fasupport@kbr.com to obtain a KBR issued VIP Hardware Token Card.
REGISTRATION INSTRUCTIONS:
1. With the hardware token card in hand, on your computer launch your internet browser and go to https://2fa.kbr.com/.
2. Log in with your XNET or KBR Network User ID and Password.
3. You will be required to complete a one-time sign-in to confirm your identity. Select one of the options in the ‘Confirm your Identity' window.
NOTE: Some users may have more options than others, based on the information that is listed in Outlook Properties/Active Directory. For external non KBR employees, an email address may be the only option available. For external non-KBR employees whose email address is incorrect, please contact your KBR sponsor for assistance.
4. Enter the 6 digit code that was sent via the means selected in step 3, and select ‘Sign In.'
5. Click ‘Register' to begin.
6. On the registration screen:
a. In the ‘Credential Name' field, enter a generic name for your device,
such as ‘My Token or ‘My Hardware Card,' etc.
b. Enter the credential ID from your hardware token card into the
‘Credential ID' in your web browser.
c. On your Hardware Token Card, click the ‘Press Here' button to
display your 6-digit unique security bode in the upper righthand corner
of the card. Enter this code into the ‘Security Code' in your web
browser.
7. Select ‘Submit.'
8. You will receive a confirmation that your hardware token card has been successfully registered.
NOTE: Credential ID in the confirmation screen should match the Credential ID listed on the Token Card.
You are now able to successfully log in to KBR specific applications which prompt you for two-factor authentication. (SharePoint, Citrix, VPN, OWA, etc.)
3. Using Your Registered Credential
Now that you have installed the Symantec VIP application or received your Hardware Token Card and registered your credential, you may now use the randomly generated 6-digit Security Code to log into selected KBR applications. You may test with the following site, to ensure your registered credential is working.
XNET and KBR users:
1. Before testing your credential, close all internet browsers that are open.
2. Launch a new internet browser session.
3. Go to https://2fa.kbr.com
4. Enter your XNET or KBR Network User ID and Password. Select ‘Sign In.'
5. To complete your sign in, enter your randomly generated 6-digit security code from your newly registered credential (mobile device, desktop computer or hardware token card), and select ‘Continue.'
6. If all the fields above are entered correctly, you will be granted access.
4. Managing Your VIP Credentials
You must have already registered one of the below devices to manage your 2FA device. If you have not already registered.
• Smartphone or similar device.
• Desktop version (laptop or desktop machine).
• Hardware Token Card.
Once you have registered your two-factor authentication (2FA) credential, you can manage it. For example, you may need to remove a credential if you receive a new phone, computer or hardware token.
INSTRUCTIONS:
1. Go to https://2fa.kbr.com/.
2. Log in with your XNET or KBR Network User ID and Password.
3. Enter in the security code from your registered credential (mobile device, desktop computer or hardware token card), into the ‘Security Code' field on your web browser.
NOTE: If the Credential ID listed in the web browser does not match what is listed as the Credential ID on the device in your possession, the Security Code will not work and the device that is your possession will need to be properly registered.
4. Within the device manager, you will be able to do the following:
a. Rename your registered credential.
• Select the arrow (>) next to ‘Actions' and select‘ Rename.'
• The Credential Name field will become editable. Type in the new
credential name you wish.
• Select ‘Save' to save your changes.
b. Test your registered credential.
• Select the arrow (>) next to ‘Actions' and select‘ Test.'
• Using your registered credential (mobile device, desktop computer or
hardware token card), enter the 6-digit code that appears.
• Select ‘Test' to test the device.
• A message appears that the credential is functioning properly.
c. Remove your registered credential.
• Select the arrow (>) next to ‘Actions' and select ‘Remove'.
• Select the ‘Remove' button to successfully remove the credential.
NOTE: Once the credential has been removed, it can no longer be used unless it is registered again.
