Configure Forgotten Password Settings
Use this page to enable forgotten password authentication, configure the challenge questions, and set the number of questions that must be answered.
Note: This task is effective only if a WebSphere account
repository is specified. This field is located on the ITIM Service page. This
repository can be ITIM Service or a service managed by the Identity Manager server.
If no registry is specified, the forgotten password option is not
available on the Login page.
- Enable forgotten password authentication
- Select this check box to enable the use of forgotten password authentication. If you enable the authentication, the login page provides a Forgot your password? prompt for users who forget their passwords. A user who provides the correct responses to the questions receives a new, automatically generated password. If the check box is cleared, no prompt occurs on the login page. Users must contact the help desk assistants or system administrators for help in resetting their passwords.
Login Behavior
- When the user successfully answers the questions
- Select the login behavior:
- Change password and log in to system
- Prompts the user to change the password and then logs the user in to the system.
- Reset and email password
- Resets the password, and sends the new password to the email address of the user.
- Message suspending account for failed answers
- Type the message the user receives after failing to enter the correct answers.
- Send message to email address
- Type the email address to receive messages.
Challenge Behavior
Select whether the user or the administrator defines challenge questions.
- Users define their own questions
- Select to enable users to provide their questions.
- Number of questions user sets up
- Type the number of questions that the user must provide.
- Number of correct answers user must enter
- Type the number of correct answers that the user must provide to gain access to the system.
- Administrator provides predefined questions
- Select to define the set of questions that the users must answer
and the language in which the question is displayed. When this radio
button is selected, the Specify Forgotten Password Question section
is displayed.
- Specify Forgotten Password Question
- Click to expand this section, to specify the question that you
want users to answer.
- New challenge question
- Type the question that you want users to answer and click Add.
- Locale
- Select the language in which the question is displayed and click Add.
- Challenge questions table
- The Challenge questions table contains
the list of questions that you have added and that you can choose
to have users answer. To sort the table by a specific column, click the arrow in the column heading. The table contains these columns:
- Select
- Select this check box to select an existing question.
- Locale
- Displays the language used in the question.
- Question
- Displays the text of a question.
Click Remove to remove a selected question.
If the table contains multiple pages, you can:- Click the arrow to go to the next page.
- Type the number of the page that you want to view and click Go.
- User has a choice of predefined questions?
-
- No, answer all questions
- Displays all predefined questions, which the user must answer correctly.
- Yes, user selects which questions to answer
- Displays the number of questions that the user selects and must answer correctly after forgetting a password. Type the number of questions that the user selects.
- No, answer a subset of questions that the system provides
- Displays a random subset of predefined questions, which the user must answer correctly after
forgetting a password.
- Number of questions user sets up
- Type the number of questions that the user configures.
- Number of correct answers user must enter
- Type the number of questions that the user must correctly answer. This field is available, if the user must answer a subset of questions that the system provides.
- Challenge answer rules
-
- Maximum length
- The maximum allowed length of an answer to the challenge question.
- Maximum repeated characters
- A maximum number of times a character can be repeated in the answer to the challenge question.
- Disallow user ID
- Select the check box to disallow the user ID as answer to the challenge question.
- Require unique answers
- Select the check box to allow only unique answers to all the challenge questions.
- Answer cannot match question
- Select the check box to restrict the answer that is same as the challenge question.
For the new values to take effect, you must log out and log in again.
Note: By default, users can bypass the challenge
questions. You can force the user to respond to the challenge questions
by modifying the property ui.challengeResponse.bypassChallengeResponse in
the ui.properties file. To force user response,
set the value to
false
. For more information, see
the ui.properties topic in the Supplemental property files section
of the Identity Manager Reference Guide.