Adding Secret Questions
Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.
For more information on the Questions and Answers policy, see Configuring Questions and Answers Policy.
To create secret questions in the default language
- Open the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.
- On the Administration site home page, click the Add secret questions link under the Management Policy you want to configure.
- On the Configure Questions and Answers Policy page, click Add questions in the default language.
- In the Edit Questions in the Default Language dialog box, specify mandatory, optional and helpdesk questions. To change the default language for secret questions click the Change language link.
- Change questions’ order by clicking the appropriate links.
- Click Save to save the questions and close the dialog box.
IMPORTANT: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.
Management Policies
Checklist: Configuring Password Manager
Understanding Management Policies
Configuring Access to the Administration Site
Configuring Access to the Self-Service Site
Configuring Access to the Helpdesk Site
Removing Connection to AD LDS Instance
Configuring Questions and Answers Policy
Configuring Q&A Profile Settings
Importing and Exporting Workflows
Importing and Exporting Custom Activities
Overview of Built-in Self-Service Activities
Overview of Built-in Helpdesk Activities
Invite Users to Create/Update Q&A Profiles
Checklist: Configuring Password Manager
Checklist: Configuring Password Manager
When you have installed Password Manager, follow this checklist to configure the solution to implement automated and secure password management in an AD LDS instance.
Understanding Management Policies
Management Policy is a core element of Password Manager. Using the Management Policy you can configure workflows for registering new users, resetting passwords, and others. For each Management Policy you can configure a user scope, and delegate helpdesk tasks by configuring a helpdesk scope. You can configure multiple Management Policies with different user and helpdesk scopes, workflows and secret questions. The default Management Policy with preconfigured workflows is available out of the box.
A Management Policy consists of the following components:
User scope is a group or several groups of users managed by Password Manager. When configuring the user scope for a Management Policy, you can add connections to multiple AD LDS instances. For more information about the user scope, see .
Helpdesk scope is a group of helpdesk operators who are allowed to manage users from the user scope of the same Management Policy. By configuring the helpdesk scope you can delegate administrative tasks to specified helpdesk operators. For more information about the helpdesk scope, see Configuring Access to the Helpdesk Site.
Questions and Answers policy (Q&A policy) is a policy within which secret questions and Q&A profile settings are defined. Secret questions are a set of mandatory, optional and helpdesk questions for users’ Questions and Answers profiles. These questions are used to register users with Password Manager and later to authenticate users when they use the Self-Service site. Q&A profile settings define how many questions a user must answer to create Q&A profile settings and set requirements for user’s questions and answers. For more information about Q&A policy, see Configuring Questions and Answers Policy.
All workflows are divided into two categories: self-service and helpdesk workflows. The self-service workflows define the tasks available to users on the Self-Service site, i.e. every configured workflow is a task on the Self-Service site. The helpdesk workflows define what tasks are available to helpdesk operators on the Helpdesk site. A workflow consists of several activities that you can add to or remove from the workflow to customize it.
The Default Management Policy offers preconfigured workflows. You can also create your own workflows. For more information about workflows, see Workflow Overview.
User enforcement rules allow you to set up the enforcement schedule to invite users to create or update their Q&A profiles and configure the reminder that will notify users to change passwords before password expiration. For more information, see User Enforcement Rules.