When you configure the Questions and Answers policy, you should remember that the settings you specify may affect the authentication process. The following authentication activities use the Q&A policy settings:
This activity uses mandatory and Helpdesk questions. Answers to Helpdesk questions are always stored using reversible encryption. Answers to mandatory questions are hashed, unless you select the Store answers using reversible encryption option in the Q&A profile settings. Note that if answers to mandatory questions are hashed, you will not be able to use the activity option that specifies that Helpdesk operators verify user identity by comparing the answers provided by users with the displayed answers (the Answers to the specified questions (user’s answer is shown) option). For more information, see Authenticate with Q&A Profile.
The Q&A profile settings affects the Invite users to create/update Q&A profiles enforcement rule. This rule has conditions that state when users should be notified to create or update their profiles. These conditions correspond to the Questions and Answers profile settings. For example, the User’s answers are shorter than required condition corresponds to the Minimum length of answers setting. So, when you change any of the Q&A profile settings, you can then select the corresponding condition in the rule and enforce users to create or update their profiles in accordance with the new settings. For more information, see Invite Users to Create/Update Profiles.
Password Manager uses standard Active Directory methods to reset and change password, applying password policies specified in the Active Directory. Thus, resetting or changing password in Password Manager is essentially the same as resetting or changing password using Active Directory Users and Computers (ADUC).
If you have configured Password Manager to use One Identity Quick Connect Sync Engine to reset and change passwords in multiple systems, Password Manager will at first reset or change the password in the managed domain. If this operation is performed successfully, then the password will be reset in all connected systems, otherwise Password Manager will attempt to reset the password in the systems in which the password can be reset independently from Active Directory, and all other systems will be skipped.