Configure Forgotten Password Settings

Use this page to enable forgotten password authentication, configure the challenge questions, and set the number of questions that must be answered.

Note: This task is effective only if a WebSphere account repository is specified. This field is located on the ITIM Service Manage Services > Change a Service > Service Information page. This repository can be ITIM Service or a service managed by the Identity Manager server. If no registry is specified, the forgotten password option is not available on the Login page.
Enable forgotten password authentication
Select this check box to enable the use of forgotten password authentication. If you enable the authentication, the login page provides a Forgot your password? prompt for users who forget their passwords. A user who provides the correct responses to the questions receives a new, automatically generated password. If the check box is cleared, no prompt occurs on the login page. Users must contact the help desk assistants or system administrators for help in resetting their passwords.

Login Behavior

When the user successfully answers the questions
Select the login behavior:
Change password and log in to system
Prompts the user to change the password and then logs the user in to the system.
Reset and email password
Resets the password, and sends the new password to the email address of the user.
Message suspending account for failed answers
Type the message the user receives after failing to enter the correct answers.
Send message to email address
Type the email address to receive messages.

Challenge Behavior

Select whether the user or the administrator defines challenge questions.

Users define their own questions
Select to enable users to provide their questions.
Number of questions user sets up
Type the number of questions that the user must provide.
Number of correct answers user must enter
Type the number of correct answers that the user must provide to gain access to the system.
Administrator provides predefined questions
Select to define the set of questions that the users must answer and the language in which the question is displayed. When this radio button is selected, the Specify Forgotten Password Question section is displayed.
Specify Forgotten Password Question
Click to expand this section, to specify the question that you want users to answer.
New challenge question
Type the question that you want users to answer and click Add.
Locale
Select the language in which the question is displayed and click Add.
Challenge questions table
The Challenge questions table contains the list of questions that you have added and that you can choose to have users answer. To sort the table by a specific column, click the arrow in the column heading. The table contains these columns:
Select
Select this check box to select an existing question.
Locale
Displays the language used in the question.
Question
Displays the text of a question.

Click Remove to remove a selected question.

If the table contains multiple pages, you can:
  • Click the arrow to go to the next page.
  • Type the number of the page that you want to view and click Go.
User has a choice of predefined questions?
No, answer all questions
Displays all predefined questions, which the user must answer correctly.
Yes, user selects which questions to answer
Displays the number of questions that the user selects and must answer correctly after forgetting a password. Type the number of questions that the user selects.
No, answer a subset of questions that the system provides
Displays a random subset of predefined questions, which the user must answer correctly after forgetting a password.
Number of questions user sets up
Type the number of questions that the user configures.
Number of correct answers user must enter
Type the number of questions that the user must correctly answer. This field is available, if the user must answer a subset of questions that the system provides.
Challenge answer rules
Maximum length
The maximum allowed length of an answer to the challenge question.
Maximum repeated characters
A maximum number of times a character can be repeated in the answer to the challenge question.
Disallow user ID
Select the check box to disallow the user ID as answer to the challenge question.
Require unique answers
Select the check box to allow only unique answers to all the challenge questions.
Answer cannot match question
Select the check box to restrict the answer that is same as the challenge question.

For the new values to take effect, you must log out and log in again.

Note: By default, users can bypass the challenge questions. You can force the user to respond to the challenge questions by modifying the property ui.challengeResponse.bypassChallengeResponse in the ui.properties file. To force user response, set the value to false. For more information, see the ui.properties topic in the Supplemental property files section of the Identity Manager Reference Guide.