0 votes

Hi Team,

We would like to use security based questions and answers for password resets.

I have found that we can force a user to answer certain questions when enrolling, but if we only say answer 3 of 5 then that question won't always come up.

Is there a way to ensure that a question must be answered each time?

Thanks,

by (440 points)

1 Answer

0 votes
by (294k points)

Hello Anton,

Yes, it is possible. To make a security question required for enrollment and further self-password resets:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Password Self-Service and select Policies. image.png
  4. In the Result Pane on the right, right-click the policy you need.
  5. In the context menu, click Edit.
  6. Activate the Authentication tab.
  7. Click Edit Questions. image.png
  8. In the Required column, change the value for mandatory questions to Yes. image.png
  9. Click OK twice.
0

Thanks for you answer.

I have this setup however it does not always ask that question when going through the forgot your password steps. It seems to be random which questions you get.

I am unsure whether this is more of a bug as the feature looks like it has been implemented.

Edit: For testing I am reducing the number of answers required down to 2 of 5. If you could test this and let me know that would be great.

Thanks!

0

Hello Anton,

As per our check, the functionality works as intended. It looks like the behaviour occurs because the steps you took were as follows:

  1. A Password Self-Service policy without mandatory questions was created.
  2. The test user was enrolled for Password Self-Service with the policy.
  3. The policy was changed by making specific questions mandatory.
  4. The test user was not reenrolled for Password Self-Service and thus during the process can still select the questions configured in the policy on step 1.

This behavior is by design. To make sure that the account you are using for tests will be enrolled for Password Self-Service with the new policy settings:

  1. Sign in to Adaxes Web interface that has the Password Self-Service component enabled (by default it is the Self Service Web Interface) with the credentials of the test account.
  2. In the top right corner, expand My Menu.
  3. Expand the Password Self-Service drop-down and click Reenroll. image.png
  4. Complete the wizard (mandatory questions will be displayed first and there will be no possibility to select other questions before providing answers to all the mandatory ones).

Also, it is not possible to make a specific question mandatory during Self-Password reset. When a user enrolls they will provide answers to questions and only the questions will be displayed during reset. If you want to make sure a specific question is always answered during self-password reset, you need to make the question mandatory in the policy settings as we described in the previous post and make the number of questions equal the number of questions to be answered. image.png

Related questions

0 votes
1 answer

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1, 2020 by RickWaukCo (320 points)
0 votes
1 answer

Hi everyone! Is there a way to force a particular language (in this case English) for the Password Reset web page(s)? Background: Up to recently we have used the Self- ... number of non-German users, we would like to switch the pages to English. Thanks Erik

asked Jun 1, 2016 by eventit (160 points)
0 votes
1 answer

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked Nov 19 by msheppard (610 points)
0 votes
0 answers

All, This may be somewhat of a generic question, but I've looked through a majority of the Self Service Password reset documentation and can't really find a definitive answer. ... the "PssEnroll.aspx" page and all I can do is answer my questions once again.

asked Sep 7, 2017 by Ben.Burrell (490 points)
0 votes
1 answer

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
3,588 questions
3,277 answers
8,303 comments
548,090 users