You can configure the challenge response policy for a profile that a specific group of users must use for populating the response answers. You can define challenge questions on the Challenge Profiles page for different profiles.
An SSPR administrator can configure the random and required questions for the users to use for resetting their password. You can also configure random and required questions that any helpdesk person can use for authenticating the users to reset their password. You can configure each random question. The random questions and the required questions for challenge/ response can be set in the required locale. You can restrict users to use specific answers to the challenge questions. Such as, the following:
Provide the number of characters from the questions that can be used in the answer.
Enable wordlist dictionary so that the users do not use an answer that is present in the wordlist.
To configure challenge response, perform the following:
Click Policies > Challenge Policies > default.
(Conditional) If you want to create different profiles for different set of users, click Edit List then on the right pane add the profile names to the list by using Add Profile.
SSPR does not allow changing the name of the profile.
In the Add Value field enter the profile name.
The profile name must have the following format:
Start with a letter (a-Z)
Contain only letters, numbers, and hyphens
Length between 2 and 15 characters
You can include multiple profiles. During authentication, SSPR searches for the default profile first, and then the other profiles in the order mentioned.
On the left pane of the Configuration Editor, Select the required profile.
Configure the following settings:
|
Field |
Description |
|---|---|
|
Challenge Profile Match |
Specify the query that matches users for the specified profile. |
|
Random Questions |
Set up random questions for challenge-response in this field. In this setting, the default questions are displayed in different languages and you can specify different password requirements for different questions. Users need to answer all or some of these questions while setting up their responses. Use %<text>% to indicate a user supplied question. Format of the user supplied question: question::minimumLength::maximumLength For example:
You can specify the number of characters that can be taken from a question for the answer, and also apply wordlist for each question. |
|
Required Questions |
Set up the required questions for challenge-response. The user must answer all these questions while setting up their responses. Users must provide answers to these questions during resetting process of forgotten password. Use %<text>% to indicate a user supplied question. Format of the question: question::minimumLength::maximumLength For example:
|
|
Minimum Random Required |
Specify the minimum number of random questions that are required at the time of forgotten password recovery. NOTE:If you modify this setting after the users have answered the challenge response then, users are prompted to answer the same number of challenge questions during Forgotten Password process instead of answering the modified number of challenge responses. But if the users clear the responses and answer the challenge response again then user is prompted to answer the modified number of challenge responses. |
|
Minimum Random Challenges Required During Setup |
Specify the minimum number of random questions the user is required to answer during the response setup. If the specified number is higher than the available random questions, or lower than the Minimum Random Required value, this setting is adjusted accordingly. The random challenge questions are shown to users in two different scenarios: during initial setup and during forgotten password recovery. Specify zero to force all available random questions to be configured at the time of setup. |
|
Helpdesk Random Questions |
Set up helpdesk random questions for challenge-response in this field. Users must answer all or some of these questions when setting up their responses. This setting is controlled by the Minimum Helpdesk Random Challenges Required During Setup setting. The helpdesk users can access the questions and its responses. These questions are not used for forgotten password recovery. Use %user% to indicate a user supplied question. Format of the question: question::minimumLength::maximumLength Where, question is the text of the challenge question, minimumLength is minimum field length and maximum length is maximum field length. For example,
|
|
Helpdesk Required Questions |
Set up helpdesk required questions for challenge-response. Users must supply answers for all of these questions when setting up their responses. Use %user% to indicate a user-supplied question The helpdesk users can access the questions and its responses. These questions are not used for forgotten password recovery. Format of the question: question::minimumLength::maximumLength Where, question is the text of the challenge question, minimumLength is minimum field length and maximum length is maximum field length. For example,
|
|
Minimum Helpdesk Random Challenges Required During Setup |
Specify the minimum number of helpdesk random questions the user is required to answer while setting up the response. If this number is higher than the available helpdesk random questions, or lower than the required questions, the setting is adjusted accordingly. Specify zero to force all available helpdesk random questions to be configured at time of setup |