Managing challenge questions
Administrators can choose which questions to propose to identities who enroll in the self-service password reset process.
-
Go to Setup > Advanced configuration > Questions in challenge.
-
Click New to add questions or click on the default ones to edit them, going through the fields indicated in the following table:
| Field | Description |
|---|---|
| Challenge question | The challenge question is posed, for example: In what city were you born? |
| Challenge answer validation | Add regular expression for validation of challenge responses in the enrollment process. |
| Challenge answer maximum length | The challenge answer’s maximum number of characters, for example, 4. |
| Challenge answer minimum length | The challenge answer’s minimum number of characters, for example, 2. |
| Challenge answer trim mask | The characters or text in this field are removed from the challenge responses in order to get a higher yield in the reset password process, however, with lower security. |
| Challenge question status | Drop-down menu where you can select either Active or Disabled. |
| Challenge answer validation failed message | The message that a user receives when the validation (the answer) fails. |
Once your changes are saved, the answers provided by identities who enroll into the password reset process will be validated against the values in those fields.
By default, the first 4 questions will be displayed when users enroll to the reset password process (with the ability to choose others from dropdowns). You can edit that number of questions with the customer setting PWRNoEnrollQuest.