Force a question to be answered in password self service

Question

Hi Team,

We would like to use security based questions and answers for password resets.

I have found that we can force a user to answer certain questions when enrolling, but if we only say answer 3 of 5 then that question won't always come up.

Is there a way to ensure that a question must be answered each time?

Thanks,

Answer 1

Hello Anton,

Yes, it is possible. To make a security question required for enrollment and further self-password resets:

1. Launch Adaxes Administration Console.
2. In the Console Tree, expand your service node.
3. Navigate to Configuration\Password Self-Service and select Policies.
4. In the Result Pane on the right, right-click the policy you need.
5. In the context menu, click Edit.
6. Activate the Authentication tab.
7. Click Edit Questions.
8. In the Required column, change the value for mandatory questions to Yes.
9. Click OK twice.

Comments

Thanks for you answer.

I have this setup however it does not always ask that question when going through the forgot your password steps. It seems to be random which questions you get.

I am unsure whether this is more of a bug as the feature looks like it has been implemented.

Edit: For testing I am reducing the number of answers required down to 2 of 5. If you could test this and let me know that would be great.

Thanks!

---

Hello Anton,

As per our check, the functionality works as intended. It looks like the behaviour occurs because the steps you took were as follows:

1. A Password Self-Service policy without mandatory questions was created.
2. The test user was enrolled for Password Self-Service with the policy.
3. The policy was changed by making specific questions mandatory.
4. The test user was not reenrolled for Password Self-Service and thus during the process can still select the questions configured in the policy on step 1.

This behavior is by design. To make sure that the account you are using for tests will be enrolled for Password Self-Service with the new policy settings:

1. Sign in to Adaxes Web interface that has the Password Self-Service component enabled (by default it is the Self Service Web Interface) with the credentials of the test account.
2. In the top right corner, expand My Menu.
3. Expand the Password Self-Service drop-down and click Reenroll.
4. Complete the wizard (mandatory questions will be displayed first and there will be no possibility to select other questions before providing answers to all the mandatory ones).

Also, it is not possible to make a specific question mandatory during Self-Password reset. When a user enrolls they will provide answers to questions and only the questions will be displayed during reset. If you want to make sure a specific question is always answered during self-password reset, you need to make the question mandatory in the policy settings as we described in the previous post and make the number of questions equal the number of questions to be answered.