You can configure the challenge-response policy for a profile that a specific group of users must use for populating the response answers. You can define challenge questions on the Challenge Profiles page for different profiles. For more information about additional profiles, see Configuring Profiles.
A Self Service Password Reset administrator can configure the random and required questions for the users to use for resetting their passwords. You can also configure random and required questions that any help desk person can use for authenticating the users to reset their password. You can configure each random question. The random questions and the required questions for challenge-response can be set in the required locale. You can restrict users to use specific answers to the challenge questions. Such as the following:
Provide the number of characters from the questions that can be used in the answer.
Configure the number of random or required challenge questions presented to the users and the number of challenge questions they must answer.
Enable the word list dictionary so that the users do not use an answer that is present in the word list.
Enable the word list to include the answers provided for the random questions. You must enable this option per locale you use.
Use the following information to configure one or more profiles for the challenge-response information.
To configure a profile for challenge-response:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Policies > Challenge Policies > default.
Configure the settings for the challenge-response information using the help:
In the toolbar, click Save changes.