Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager Self Service Password Request Administration Guide

Configuring_the_question

Configuring the questions proposed to the user

Subject

This section describes how to complete the Questions area, located in the Self Service Password Request tab of a user security profile. It complements the procedures described in Allowing users to reset their password or PIN, and Enabling the questions and answers emergency access.

The following illustration is an overview of this task: you set the number of questions you want to configure and the properties associated with each questions that will be asked to the user.

NOTE: You can customize the way the questions appear in the authentication screen. For more details, see One Identity EAM Customization Guide. This feature is not supported on Windows XP.

 

Creating_a_list_of_quest

Creating a list of questions

 

  1. In the Questions area, set the number of questions you want to configure.
  2. Click the Select button.

The question selection window appears.

Each line corresponds to one question that can be asked to the user. In this example, question number 1 contains only one question to which the user must answer.

  1. Click Manage questions.

The question management window appears.

The Existing Questions area displays the list of questions that have been already configured, and that can be added to the questions asked to users.

IMPORTANT: The question texts defined in this area are valid for all user profiles. It is not only associated with the selected user profile.

  1. To add a question, do the following:
    1. Click the New button.
    • The Question Properties area is activated.
    1. Set the Question Type: select either Predefined Question to specify a question that cannot be modified by the end user or User-supplied question to allow the end user to define his/her own question.
    2. For predefined questions only, type the question text and if required, translate it into another language:
      • Click Translations.
      • Select the language in the drop down list and translate the question.
      • Click Add.

The translation appears in the Translations area.

  • Click OK.
  1. For user-supplied questions, set constraints on the question length.
  2. Set the Answer constraints:
    • Set the minimal and maximal character length of the answer.
    • To set restrictions on the string corresponding to the answer entered by the end user, fill in the Must match regular expression field. For details on the syntax of regular expressions, see One Identity EAM Console - Guide de l'administrateur.
  1. Click Apply.

The question appears in the Existing Questions area.

  1. Repeat Click Manage questions. as many times as necessary and click Close to finish.

The question selection window is available again.

  1. In the drop-down list, select a Question number and click the Add button.
  2. Select a question text in the Select a Question window and click OK.

The selected question appears in the available question area.

  1. Repeat Creating a list of questions as many times as necessary and click OK.

 

Importing_a_list_of_ques

Importing a list of questions

Before starting

To import a set of questions, a CSV file containing the questions must have been generated with the Export button.

Procedure
  1. In the Questions area, click the Select button, and in the displayed window, click Manage questions.

The Self Service Password Request question management window appears.

  1. Click the Import button.
  2. Browse your directory and select the CSV file containing the set of questions.
  3. Click Open.

The set of questions is added to the Existing Questions area.

IMPORTANT:

  • If there are more questions in the CSV file than in the Existing Questions, then the additional questions are added to the Existing Questions.
  • If there are less questions in the Existing Questions than in the CSV file, the Existing Questions are kept.

  • If both the CSV file and the Existing Questions contain the same questions with a few discrepancies, then the Existing Questions are replaced by the questions of the CSV file.

  • If there are some answer constraints in the CSV file, then these constraints replace the ones in the EAM Console.

 

  1. Click Close to finish.

The Self Service Password Request Question Selection window appears.

  1. Set a question number to an available question to define a list of available questions for each Question field of the Self Service Password Request wizard (available through Authentication Manager):
    1. In the list of questions drop down list, select the Question number, click the Add button.
    • The question selection window appears.
    1. Select a question in the Select a Question window and click OK.
    • The selected question appears in the available question area.
    1. Click OK.

 

Setting_the_Self_Service

Setting the Self Service Password Request policy

Subject

This section describes how to complete the Security area, located in the Self Service Password Request tab of a user security profile. It complements the procedures described in Allowing users to reset their password or PIN, and Enabling the questions and answers emergency access.

Procedure
  1. In the Security area, set the following fields:
  • Number of questions to ask: the number of questions to which the end-users must answer to reset their password or PIN. This number cannot be greater than the number of questions configured in Configuring the questions proposed to the user.
  • Minimum number of correct answers: the minimum number of correct answers that the end-user must enter to be able to reset his/her password or PIN.
  1. Click the Advanced button to define other security parameters, as detailed in the following Setting the Self Service Password Request policy section.
  2. Click OK.
"Self Service Password Request Policy" Window Description

 

Option

Description

Forces the user to set his/her questions and answers before he/she can use Enterprise SSO on his/her workstation.

Forces the user to change his/her answers to question at a defined frequency.

Prevents the user from giving the same answer to different questions.

Prevents the user from using the words used in the questions in his/her answers.

Sets a maximum number of attempts to answer questions.

Option only available if you have selected the Always available mode and the Limit Self Service Password attempts option.
This check box sets a timeout before allowing the user to attempt to answer SSPR questions again on his/her workstation.

Note: in enterprises with no SSPR server, the timeout is set only on the concerned workstation: the user can log on another workstation before the end of the timeout to answer the questions.

Sets the answers to questions as case-insensitive and ignore white spaces (other characters as accents, hyphens or apostrophes are taken into account).

Allows the user to authenticate using the password authentication method for a given period when he/she resets his/her password.

Option only available if you have selected the User must contact the help desk to gain password access option.

This check box allows the help desk to modify the validity duration of the password authentication method, when he provides an unblocking code to a user.

Option only available if the Always available mode is selected

This check box forces the use of the reset password server (SSPR server) when available before using the disconnected mode.

NOTE:you must set the list of the password reset servers: see One Identity EAM Console - Guide de l'administrateur.

Option only available if the Always available mode is selected

If this check box is selected, the temporary password will never be resynchronized with the directory. This allows you to force the user to use his/her own password and not his/her temporary password when he/she reconnects to the network.

Option only available if the Always available mode is selected. Sets the maximum number of attempts to use the Self Service Password Request feature in disconnected mode.

Related Documents