Users can choose to answer security questions to reset their password.
You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.
You can configure the applications in the tenant to allow users to answer security questions to reset their password instead of receiving an e-mail with a reset password link.
For this setup, you as a tenant administrator, configure the security questions option in the Tenant Settings section in the administration console, and the users configure their answers in the profile page. Once the security questions and answers are configured, the user can use this option to reset the password. The user must have configured their answers in the profile page to be able to reset password via security questions.
If the security questions option is configured in the admin console, end users that haven't set up their security questions are triggered to do it as a post logon step. Optionally, they can choose to set up the security questions later. If end users choose the Don't ask me again check box, the prompt won't be shown anymore. End users still can set up the security questions in their profile page.
You can choose whether the Setup later" and Don't ask me again options are visible for the end users.
Tenant administrator can offer up to 10 predefined questions, and can choose which target users to be able to reset their password via security questions. There are three options:
- None - the security questions option isn’t offered to the users and all security questions configurations in the administration console are disabled
- Users without e-mail - only users that don't have e-mails can reset password via security questions.
- All users - everyone can choose this option to reset the password
- Specific groups - only users that belong to the selected groups can reset password via security questions.
If Home URL is configured, users are redirected to the URL defined in the Home URL after resetting their passwords via Sequrity Questions. If Home URL is not configured users are redirected to the profile page.
The account of the user locks after five wrong answers to the security questions. To unlock the account, set an initial password for the user. For more information, see Set Initial Password.
It takes 2 minutes for the configuration changes to take place.
To configure security questions in the administration console, follow the procedure:
-
Access the tenant's administration console for Identity Authentication by using the console's URL.
The URL has the following pattern:
https://<tenant ID>.accounts.ondemand.com/adminTenant ID is an automatically generated ID by the system. The first administrator created for the tenant receives an activation e-mail with a URL in it. This URL contains the tenant ID. For more information about your tenants, see Viewing Assigned Tenants and Administrators.
If you have a configured custom domain, the URL has the following pattern:
<your custom domain>/admin. -
Under Applications and Resources, choose the Tenant Settings tile.
At the top of the page you can view the administrative and license relevant information of the tenant.
-
Choose the Password Recovery list item.
-
Select the Security Questions tab.
-
Under Target Users, choose users that can reset passwords with security questions:
-
None - default choice
If selected, the security questions configurations in the administration console are disabled
-
Users without e-mail
-
All users
-
Specific groups
When you select this option, you must specify the specific group or groups for which you enable password recovery via security questions.
-
-
Under Settings, choose how many questions the user must answer.
Under Security Questions you can see the 10 predefined questions the user can choose from.
-
Select the Show "Setup later" check box.
When selected, the end users see the option to setup the security questions later.
-
Select the Show "Don't ask again" check box.
When selected, the end users see the option to hide the prompt to setup their security questions later.
-
Save your configuration.
Related Information
Tenant OpenID Connect Configurations
Change Tenant Texts Via Administration Console
Configure Master Data Texts Via Administration Console
Configure Links Section on Sign-In Screen
Add Instructions Section on Sign-In Screen
Configure X.509 Client Certificates for User Authentication
Configure Allowed Logon Identifiers
Configure User Identifier Attributes
Configure Trust this browser Option
Enable Back-Up Channels to Send Passcode for Deactivation of TOTP Two-Factor Authentication Devices
Enable Users to Recover Password with PIN Code
Configure Initial Password and E-Mail Link Validity
Use Custom Domain in Identity Authentication
Change a Tenant's Display Name
Configure Default Risk-Based Authentication for All Applications in the Tenant
Configure Sinch Service in Administration Console
Configure RADIUS Server Settings (Beta)
Configure Mail Server for Application Processes
Send System Notifications via E-Mails
Configure Default Language for End User Screens
Reuse Identity Authentication Tenants for Different Customer IDs