When you configure the Q&A policy, you should remember that the settings you specify may affect the authentication process. The following authentication activities use the Q&A policy settings:
-
Authenticate with Q&A profile (random questions): This activity is used in self-service workflows. It relies on the number of secret questions you specify in the activity. If a user’s profile contains fewer questions, you can select whether to authenticate the user or not. For more information, see Authenticate with Q&A Profile (Random Questions).
-
Authenticate with Q&A profile (specific questions): This activity is used in self-service workflows. It relies on the specific secret questions you specify in the activity. If the specified questions cannot be found in a user’s profile, the user will not be authenticated. For more information, see Authenticate with Q&A Profile (Specific Questions).
-
Authenticate with Q&A profile (user-selected questions): This activity is used in self-service workflows. It relies on the number and type of secret questions you specify in the activity. Users will be able to choose questions to authenticate with from their profile's answered questions. If the user's profile contains fewer questions than the set minimum, you can select whether to authenticate the user or not. For more information, see Authenticate with Q&A Profile (User-selected questions)
-
Authenticate with Q&A profile: This activity is used in helpdesk workflows. It relies on the specific secret questions you specify in the activity and on the Store answers using reversible encryption option that you specify in the Q&A profile settings. If the specified questions cannot be found in a user’s profile, the user will not be authenticated.
This activity uses mandatory and helpdesk questions. Helpdesk questions are always stored using reversible encryption. Mandatory questions are hashed, unless you select the Store answers using reversible encryption option in the Q&A profile settings. Note, that if mandatory questions are hashed, you will not be able to use the activity option that specifies that helpdesk operators verify user identity by comparing the answers provided by users with the displayed answers (the Answers to the specified questions (user’s answer is shown) option). For more information, see Authenticate with Q&A Profile.