Q&A profile settings allow you to define settings and requirements for user’s questions and answers. For example, you can prevent users from using the same answer for multiple questions. Questions and answers that do not comply with the policy will not be accepted.
To configure Questions and Answers policy
|
Option |
Description |
|
Question Settings | |
|
Users must answer this number of optional questions to register |
Set the required number of optional questions that a user must answer to create a Questions and Answers profile. |
|
Users must answer this number of user-defined questions to register |
Set the required number of user-defined questions that a user must specify to create a Questions and Answers profile. |
|
Minimum length of user-defined questions |
Set the minimum number of characters that user-defined questions can contain. |
|
Answer Settings |
|
|
Minimum length of answers |
Set the minimum number of characters that users' answers can contain. |
|
Reject the same answers for different questions |
Select to prevent users from specifying same answers for different questions. |
|
Reject answers that contain corresponding questions |
Select to prevent users from specifying answers that contain corresponding questions. |
|
Store answers using reversible encryption |
Select to store users' answers using reversible encryption. If you do not select this option, answers to mandatory, optional and user-defined questions are hashed. Note, that answers to helpdesk questions are always stored using reversible encryption, even if this option is not selected. |
|
Security Settings |
|
|
Allow users to hide their answers |
Select this check box to allow users to hide their answers on the screen, so that answer entry fields will look like a series of asterisks. |
|
Hide users’ answers by default |
Select this check box to have Password Manager display users' answers as asterisks while they are typing in their answers. |
|
Do not require users to confirm answers if answers are hidden |
Select this check box to allow users to enter their answers only once, if answers are hidden. |
Workflows allow an administrator to define the behavior of Password Manager: what tasks and with what configuration are available to users and helpdesk operators. Workflows are divided into two categories: self-service and helpdesk.
Self-service workflows define the behavior of the Self-Service site. All configured and enabled self-service workflows will be available on the Self-Service site as tasks available to Password Manager users. To modify the task behavior, edit the corresponding workflow.
Helpdesk workflows define the behavior of the Helpdesk site. All configured and enabled helpdesk workflows will be available on the Helpdesk site as tasks available to helpdesk operators. To modify the task behavior, edit the corresponding workflow.
A workflow consists of activities; each activity can be configured independently of other activities.
Activities are grouped into three categories: authentication, actions and notifications. You can also create custom activities. For more information, see Custom Activities.
Authentication activities are a group of activities that provide different authentication options, for example authentication with password or Questions and Answers profiles, or phone-based authentication.
The actions category includes activities that are core components of the workflows, for example Unlock Account, Edit Q&A Profile, Reset Password, and other activities.
Notification activities are activities that you can use to configure email notifications for users and administrators, and specify conditions under which the notifications should be sent.
All available activities are displayed in the left pane of a workflow designer. To add an activity to a workflow, simply drag the activity to the right pane of the workflow designer. To remove an activity, click the Remove link on the activity box.
The right pane of the workflow designer displays a workflow structure: which activities should be performed and in what order. The activities are executed in the order they appear in the workflow designer. You can change their order by moving activities up or down in the workflow designer.
A workflow can be in one of the three states: success, failure, critical error. These states determine how a workflow is performed, i.e. what activities are executed.
If no errors occur during a workflow execution, the workflow state is success. In this state, all activities present in the workflow are performed except Email user if workflow fails, Email administrator if workflow fails, Lock Q&A profile, and Restart workflow if error occurs.
If an error occurs when performing an activity, the failure state is set for the workflow. After this, only the following activities are performed (if such activities are present in the workflow): Email user if workflow fails, Email administrator if workflow fails, Lock Q&A profile, and Restart workflow if error occurs. Note that the Restart workflow if error occurs activity resets the workflow state to success and reruns the workflow from the beginning.
If a critical error occurs, for example user’s account or Q&A profile gets locked, the critical error state is set for the workflow. Then only the Email user if workflow fails and Email administrator if workflow fails activities are performed, if they are included in the workflow. After these activities are performed, the workflow is stopped.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
