7.1 Configuring Challenge Policy

You can configure the challenge-response policy for a profile that a specific group of users must use for populating the response answers. You can define challenge questions on the Challenge Profiles page for different profiles. For more information about additional profiles, see Configuring Profiles.

A Self Service Password Reset administrator can configure the random and required questions for the users to use for resetting their passwords. You can also configure random and required questions that any help desk person can use for authenticating the users to reset their password. You can configure each random question. The random questions and the required questions for challenge-response can be set in the required locale. You can restrict users to use specific answers to the challenge questions. Such as the following:

Provide the number of characters from the questions that can be used in the answer.
Configure the number of random or required challenge questions presented to the users and the number of challenge questions they must answer.
Enable the word list dictionary so that the users do not use an answer that is present in the word list.
Enable the word list to include the answers provided for the random questions. You must enable this option per locale you use.

Use the following information to configure one or more profiles for the challenge-response information.

To configure a profile for challenge-response:

Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Policies > Challenge Policies > default.
Configure the following settings:

Click Policies > Challenge Policies > default.

Challenge Profile Match
Specify an LDAP filter to search for users that have the permissions to set up Challenge/Responses. Click Add Filter. Select the filter for profiles in LDAP Profile. Specify the valid LDAP filter in LDAP Search Filter. Specify the LDAP base DN in LDAP Base DN (Optional). Click View Matches. You can add a new group of users to the Challenge Profile Match. Click Add Group. Select the filter for filtering the profiles in LDAP Profile. Specify the LDAP base DN in LDAP Group DN. Click View Matches.

Challenge Profile Match

Specify an LDAP filter to search for users that have the permissions to set up Challenge/Responses.

Click Add Filter.
Select the filter for profiles in LDAP Profile.
Specify the valid LDAP filter in LDAP Search Filter.
Specify the LDAP base DN in LDAP Base DN (Optional).
Click View Matches.

You can add a new group of users to the Challenge Profile Match.

Click Add Group.
Select the filter for filtering the profiles in LDAP Profile.
Specify the LDAP base DN in LDAP Group DN.
Click View Matches.

Random Questions
Random Questions for Challenge/Response. SSPR presents some of these questions to the user during forgotten password - the number set in the Minimum Password Required setting. You might require the users to supply answers to all or some of these questions when setting up their responses, you control this by the Minimum Random Challenges Required During Setup setting. Click on challenge questions to edit questions and policy settings.

Random Questions

Random Questions for Challenge/Response. SSPR presents some of these questions to the user during forgotten password - the number set in the Minimum Password Required setting. You might require the users to supply answers to all or some of these questions when setting up their responses, you control this by the Minimum Random Challenges Required During Setup setting.

Click on challenge questions to edit questions and policy settings.

Required Questions
Required Questions for Challenge/Response. The users must provide answers for all of these questions when setting up their responses. Additionally, the users must provide the answers to these questions during forgotten passwords. To add a new question, perform the following steps. Click Add Question. Click on challenge questions to edit questions and policy settings. Specify the new question in Question. Select the option from following: Admin Defined User Defined Specify the minimum length of the question in Min Length. Specify the maximum length of the question in Max Length. Specify the maximum question characters in Max Question Characters. Click OK.

Required Questions

Required Questions for Challenge/Response. The users must provide answers for all of these questions when setting up their responses. Additionally, the users must provide the answers to these questions during forgotten passwords.

To add a new question, perform the following steps.

Click Add Question.
Click on challenge questions to edit questions and policy settings.
Specify the new question in Question.
Select the option from following:
- Admin Defined
- User Defined
Specify the minimum length of the question in Min Length.
Specify the maximum length of the question in Max Length.
Specify the maximum question characters in Max Question Characters.
Click OK.

Minimum Random Required
Specify the minimum number of random questions required at the time of forgotten password recovery.

Minimum Random Challenges Required During Setup
Specify the minimum number of random questions for the users to complete during the Response Setup. If this number is higher than the available randoms or lower than the minimum required, SSPR adjusts it accordingly. Set the value to zero to force the users to configure all available random questions at the time of setup.

Help Desk Random Questions
Specify additional random questions to present to the help desk users. SSPR might require the users to supply answers to all or some of these questions when setting up their responses, as controlled by the Minimum Help Desk Random Challenges Required During Setup setting. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery. To add a new question, perform the following steps. Click Add Question. Click on challenge questions to edit questions and policy settings. Specify the new question in Question. Select the option from following: Admin Defined User Defined Specify the minimum length of the question in Min Length. Specify the maximum length of the question in Max Length. Specify the maximum question characters in Max Question Characters. Click OK.

Help Desk Random Questions

Specify additional random questions to present to the help desk users. SSPR might require the users to supply answers to all or some of these questions when setting up their responses, as controlled by the Minimum Help Desk Random Challenges Required During Setup setting. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery.

To add a new question, perform the following steps.

Click Add Question.
Click on challenge questions to edit questions and policy settings.
Specify the new question in Question.
Select the option from following:
- Admin Defined
- User Defined
Specify the minimum length of the question in Min Length.
Specify the maximum length of the question in Max Length.
Specify the maximum question characters in Max Question Characters.
Click OK.

Help Desk Required Questions
Add the questions which the users must provide answers for when setting up their responses. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery. To add a new question, perform the following steps. Click Add Question. Click on challenge questions to edit questions and policy settings. Specify the new question in Question. Select the option from following: Admin Defined User Defined Specify the minimum length of the question in Min Length. Specify the maximum length of the question in Max Length. Specify the maximum question characters in Max Question Characters. Click OK.

Help Desk Required Questions

Add the questions which the users must provide answers for when setting up their responses. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery.

To add a new question, perform the following steps.

Click Add Question.
Click on challenge questions to edit questions and policy settings.
Specify the new question in Question.
Select the option from following:
- Admin Defined
- User Defined
Specify the minimum length of the question in Min Length.
Specify the maximum length of the question in Max Length.
Specify the maximum question characters in Max Question Characters.
Click OK.

Minimum Help Desk Random Challenges Required During Setup
Specify the minimum number of Help Desk random questions for the users to complete during the Response Setup. If this number is higher than the available randoms or lower than the minimum required, the system adjusts it accordingly. Set this option to zero to force the users to configure all available randoms Challenge/Response questions at the time of setup.

In the toolbar, click Save changes.