Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, you can specify how many questions from user's Q&A profile must be answered to be authenticated. Users will have to choose the required amount of questions from their Q&A profile and answer them.
This activity has the following settings:
-
Number of questions that a user must answer during authentication: Specify the number of questions users will have to answer to be authenticated.
-
Do the following, if the number of questions in user's Q&A profile is less than specified: Using this option you can either allow or prohibit authentication for users if their Q&A profiles do not have enough secret questions. If you allow authentication, then all questions from the Q&A profile will be used to authenticate a user. If you decide to prohibit authentication, the workflow in which this activity is used will not be performed. The user will have to update their Q&A profile first, after that they will be able to perform the task that contains this authentication activity.
-
Specify question categories which users will be able to choose from: Specify which question categories users can choose from when attempting to authenticate with this activity.
-
Use all questions from user's profile: This option will let users select any questions to authenticate with from their answered questions.
-
Specify questions categories: This option will let the administrators choose which question categories users can choose from when attempting to authenticate with this activity.
-
Allow users to see what questions were answered incorrectly: Select this check box to allow users to see which questions they have provided incorrect answers to during authentication.
You can use this activity to configure Password Manager to use Defender to authenticate users.
Defender is a two-factor authentication solution that authenticates users without forcing them to remember another new password. Defender uses one-time passwords (OTP) generated by special hardware or software tokens. Even if an attacker captures the password, there will be no security violation, since the password is valid only for one-time-use and can never be re-used.
You can use the Defender authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.
Before configuring the settings in this activity, install and configure Defender as described in the Defender documentation.
IMPORTANT: To make Password Manager use the Defender authentication, you must install the Defender Client SDK on the server on which Password Manager Service is installed.
This activity has the following settings:
-
Defender Server: Specify the IP address of the computer running the Defender Server.
-
Port number: Type the port number that the Defender Access Node uses to establish a connection with the Defender Server.
-
Server timeout: Specify Defender Server timeout (in minutes).
-
Defender shared secret: Provide the secret that the Defender Access Node will share when it attempts to establish a connection with the Defender Server.
Use this activity to authenticate users with an external provider, configured with Secure Token Server.
This activity has the following settings:
-
Choose from the configured providers to use in this activity for authentication: A provider set up in General Settings > Secure Token Server, to be used when this activity is the current in a workflow.
-
Choose the behaviour of the authentication: You can choose if the login interface is shown in an iframe or in a popup.
NOTE: Use popup behaviour when your login provider sends the content with X-Frame-Options : Deny header.
Use this activity to configure Password Manager to use a RADIUS server for two-factor authentication.
It uses one-time passwords (OTP) generated by hardware or software tokens for authentication.
You can use RADIUS Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.
Before using RADIUS Two-Factor Authentication for authentication, users have to configure it in General Settings tab on the home page of the Administration Site. For more information, see RADIUS Two-Factor Authentication.