You can configure the challenge response policy for a profile that a specific group of users must use for populating the response answers. You can define challenge questions on the Challenge Profiles page for different profiles. For more information about additional profiles, see Configuring Profiles.
A Self Service Password Reset administrator can configure the random and required questions for the users to use for resetting their password. You can also configure random and required questions that any help desk person can use for authenticating the users to reset their password. You can configure each random question. The random questions and the required questions for challenge-response can be set in the required locale. You can restrict users to use specific answers to the challenge questions. Such as, the following:
Provide the number of characters from the questions that can be used in the answer.
Enable word list dictionary so that the users do not use an answer that is present in the word list.
To configure the default profile for challenge response:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Policies > Challenge Policies > default.
Configure the following settings:
Specify the query that matches users with the specified profile.
Configure random questions for Challenge/Response. Some of these questions are presented to the user during forgotten password. Additional settings control what questions are presented to users.
The number of questions presented to users is set in the Minimum Password Required setting.
The number of answers Self Service Password requires the users to answer is controlled by the Minimum Random Challenges Required During Setup setting.
The Configuration Editor displays the default questions in different languages. When you click on the questions, you can specify different requirements for the different questions. The requirements are:
Select this option if you want to define the question here. Deselect this option to allow users to define their own questions.
Specify the minimum length the of the answer to the challenge question.
Specify the maximum length of the answer to the challenge question.
Specify the maximum number of characters allowed in the response that are the same in the challenge question.
Select this option to ensure that none of the responses to the challenge questions are contained in the word list.
If you do not want to use any of the default questions, you can add your own questions when you click Add Value at the end of the page. You specify your own questions for the users.
Define the required questions for the challenge-response. The users must answer all of these questions while setting up their responses. The users must provide answers to these questions during the resetting process of forgotten password.
When you click Add Value, you can specify different requirements for the different questions. The requirements are:
Select this option if you want to define the question here. Deselect this option to allow users to define their own questions.
Specify the minimum length the of the answer to the challenge question.
Specify the maximum length of the answer to the challenge question.
Specify the maximum number of characters allowed in the response that are the same in the challenge question.
Select this option to ensure that none of the responses to the challenge questions are contained in the word list.
If you do not want to use any of the default questions, you can add your own questions when you click Add Value at the end of the page. You specify your own questions for the users.
You can also configure this setting in a different language. Click Add Locale, then select the required language from the list.
Specify the minimum number of random questions that are required at the time of forgotten password recovery.
NOTE:If you modify this setting after the users have answered the challenge-response then, the users are prompted to answer the same number of challenge questions during the Forgotten Password process instead of answering the modified number of challenge-responses. But if the users clear the responses and answer the challenge-responses again then users are prompted to answer the modified number of challenge-responses.
Specify the minimum number of random questions the user is required to answer during the response setup.
If the specified number is higher than the available random questions, or lower than the Minimum Random Required value, this setting is adjusted accordingly.
The random challenge questions are shown to users during initial setup and during forgotten password recovery.
Specify 0 to force all available random questions to be configured at the time of setup.
Specify the help desk random questions for challenge-response in this field.
Users must answer all or some of these questions when setting up their responses. This setting is controlled by the Minimum Help Desk Random Challenges Required During Setup setting.
The help desk users can access the questions and its responses. These questions are not used for forgotten password recovery. When you click Add Value, you can specify different requirements for the different questions. The requirements are:
Select this option if you want to define the question here. Deselect this option to allow users to define their own questions.
Specify the minimum length the of the answer to the challenge question.
Specify the maximum length of the answer to the challenge question.
Specify the maximum number of characters allowed in the response that are the same in the challenge question.
Select this option to ensure that none of the responses to the challenge questions are contained in the word list.
If you do not want to use any of the default questions, you can add your own questions when you click Add Value at the end of the page. You specify your own questions for the users.
You can also configure this setting in a different language. Click Add Locale, then select the required language from the list.
Set up help desk required questions for challenge-response. Users must supply answers for all of these questions when setting up their responses.
The help desk users can access the questions and its responses. These questions are not used for forgotten password recovery. When you click Add Value, you can specify different requirements for the different questions. The requirements are:
Select this option if you want to define the question here. Deselect this option to allow users to define their own questions.
Specify the minimum length the of the answer to the challenge question.
Specify the maximum length of the answer to the challenge question.
Specify the maximum number of characters allowed in the response that are the same in the challenge question.
Select this option to ensure that none of the responses to the challenge questions are contained in the word list.
If you do not want to use any of the default questions, you can add your own questions when you click Add Value at the end of the page. You specify your own questions for the users.
You can also configure this setting in a different language. Click Add Locale, then select the required language from the list.
Specify the minimum number of help desk random questions the users are required to answer while setting up the response.
If this number is higher than the available help desk random questions, or lower than the required questions, the setting is adjusted accordingly.
Specify 0 to force all available help desk random questions to be configured at the time of setup
In the toolbar, click Save changes.