Question and Answers profile settings allow you to define settings and requirements for user’s questions and answers. For example, you can prevent users from using the same answer for multiple questions. Questions and answers that do not comply with the policy will not be accepted.
For an overview of Q&A policy and profile settings, see Questions and Answers policy overview.
To configure Questions and Answers policy
-
Connect to the Administration Site by typing the Administration Site URL in the address bar of your web browser. By default, the URL is http://<ComputerName>/PM/Admin/.
NOTE: When prompted to log in, provide your domain user name in a domainname\username format.
-
On the Administration Site home page, click the Q&A Policy link under the Management Policy you want to configure.
-
On the Configure Questions and Answers Policy page, click the Q&A profile settings link.
-
In the Q&A Profile Settings dialog, specify the following options:
-
Question Settings
-
Users must answer this number of optional questions to register: Set the required number of optional questions that a user must answer to create a Questions and Answers profile.
-
Users must answer this number of user-defined questions to register: Set the required number of user-defined questions that a user must specify to create a Questions and Answers profile.
-
Minimum length of user-defined questions: Set the least number of characters that user-defined questions can contain.
-
Answer Settings
-
Minimum length of answers: Set the least number of characters that users' answers can contain.
-
Reject the same answers for different questions: Select to prevent users from specifying same answers for different questions.
-
Reject answers that contain corresponding questions: Select to prevent users from specifying answers that contain corresponding questions.
-
Store answers using reversible encryption: Select to store users' answers using reversible encryption. If you do not select this check box, answers to secret questions (mandatory, optional, and user-defined) will be hashed using the hashing algorithm you specified when initializing the instance. If you want to change the hashing algorithm, you need to re-initialize the instance. For more information, see Instance reinitialization. Note that answers to helpdesk questions are always stored using reversible encryption.
-
Security Settings
-
Allow users to hide their answers: Select this check box to allow users to hide their answers on the screen, so that answer entry fields will look like a series of asterisks.
-
Hide users’ answers by default: Select this check box to have Password Manager display users' answers as asterisks while they are typing in their answers.
-
Do not require users to confirm answers if answers are hidden: Select this check box to allow users to enter their answers only once, if answers are hidden.
-
Click Save.
To customize the behavior of Password Manager, configure workflows in the Password Manager Administration Site. Workflows have 2 types:
-
Self-service workflows customize the behavior of the Password Manager Self-Service Site. All configured and enabled self-service workflows are available as tasks on the Self-Service Site for Password Manager users.
-
Helpdesk workflows customize the behavior of the Password Manager Helpdesk Site. All configured and enabled Helpdesk workflows are available on the Helpdesk Site as helpdesk operator actions.
To modify the behavior of an existing workflow task, in the Home page of the Password Manager Administration Site, click the management policy workflow you want to configure, and click Workflow settings.
A workflow consists of activities. You can configure each activity independently.
Workflow activities have 3 types:
-
Authentication provides authentication options, such as password-based authentication, Questions and Answers profiles, or phone-based authentication.
-
Actions are core components in workflows, including activities like unlocking accounts, editing Q&A profiles, or resetting passwords.
-
Notifications let you configure email notifications for users and administrators, and specify the conditions under which Password Manager will send these notifications.
You can also create custom activities. For more information, see Custom activities.
Password Manager lists the available activities in the left pane of the Workflow Designer. To add an activity to a workflow, drag-and-drop it into the right pane of the Workflow Designer. To remove an activity, click Close on the activity box.
Password Manager displays the workflow structure in the right pane of the Workflow Designer, indicating the type and order of activities to perform in the workflow. To change the order of the activities, simply move them up or down.
Figure 1: Home > <management-policy> > <workflow> > Workflow Settings
Workflow states determine how Password Manager ran a workflow and which activities of the workflow it initiated. Workflows have 3 states:
-
Success is the state of the workflow if no errors occur when running a workflow. In this state, Password Manager performs all workflow activities, except the following:
-
Email user if workflow fails
-
Email administrator if workflow fails
-
Lock Q&A profile
-
Restart workflow if error occurs
-
Failure is the state of the workflow if an error occurs when running a workflow activity. If any errors occur during the workflow, Password Manager performs only the following activities:
-
Email user if workflow fails
-
Email administrator if workflow fails
-
Lock Q&A profile
-
Restart workflow if error occurs
NOTE: The Restart workflow if error occurs activity resets the workflow state to Success and runs the workflow from the beginning.
-
Critical Error is the state of the workflow if a critical error occurs, for example locking a user account or a Q&A profile. If any critical errors occur when running the workflow, Password Manager performs only the following activities: