You can configure the challenge-response policy for a profile that a specific group of users must use for populating the response answers. You can define challenge questions on the Challenge Profiles page for different profiles. For more information about additional profiles, see Configuring Profiles.
A Self Service Password Reset administrator can configure the random and required questions for the users to use for resetting their passwords. You can also configure random and required questions that any help desk person can use for authenticating the users to reset their password. You can configure each random question. The random questions and the required questions for challenge-response can be set in the required locale. You can restrict users to use specific answers to the challenge questions. Such as the following:
Provide the number of characters from the questions that can be used in the answer.
Configure the number of random or required challenge questions presented to the users and the number of challenge questions they must answer.
Enable the word list dictionary so that the users do not use an answer that is present in the word list.
Enable the word list to include the answers provided for the random questions. You must enable this option per locale you use.
Use the following information to configure one or more profiles for the challenge-response information.
To configure a profile for challenge-response:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Policies > Challenge Policies > default.
Configure the following settings:
Click Policies > Challenge Policies > default.
Challenge Profile Match |
---|
Specify an LDAP filter to search for users that have the permissions to set up Challenge/Responses.
You can add a new group of users to the Challenge Profile Match.
|
Random Questions |
---|
Random Questions for Challenge/Response. SSPR presents some of these questions to the user during forgotten password - the number set in the Minimum Password Required setting. You might require the users to supply answers to all or some of these questions when setting up their responses, you control this by the Minimum Random Challenges Required During Setup setting. Click on challenge questions to edit questions and policy settings. |
Required Questions |
---|
Required Questions for Challenge/Response. The users must provide answers for all of these questions when setting up their responses. Additionally, the users must provide the answers to these questions during forgotten passwords. To add a new question, perform the following steps.
|
Minimum Random Required |
---|
Specify the minimum number of random questions required at the time of forgotten password recovery. |
Minimum Random Challenges Required During Setup |
---|
Specify the minimum number of random questions for the users to complete during the Response Setup. If this number is higher than the available randoms or lower than the minimum required, SSPR adjusts it accordingly. Set the value to zero to force the users to configure all available random questions at the time of setup. |
Help Desk Random Questions |
---|
Specify additional random questions to present to the help desk users. SSPR might require the users to supply answers to all or some of these questions when setting up their responses, as controlled by the Minimum Help Desk Random Challenges Required During Setup setting. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery. To add a new question, perform the following steps.
|
Help Desk Required Questions |
---|
Add the questions which the users must provide answers for when setting up their responses. The questions and answers are visible to Help Desk users but are not used for forgotten password recovery. To add a new question, perform the following steps.
|
Minimum Help Desk Random Challenges Required During Setup |
---|
Specify the minimum number of Help Desk random questions for the users to complete during the Response Setup. If this number is higher than the available randoms or lower than the minimum required, the system adjusts it accordingly. Set this option to zero to force the users to configure all available randoms Challenge/Response questions at the time of setup. |
In the toolbar, click Save changes.