Enabling Multiple Security Questions

If you select Security Question(s) as an authentication mechanism for users, you must enable the feature for users and the end-users must provide answers to the questions.

To enable the feature:

  1. Log in to Admin Portal.

  2. Click Access > Policies and select the policy you want to edit or click Add Policy Set to create a new one.

  3. Click User Security Policies > User Account Settings.

  4. Select Yes in the Enable users to configure security questions drop-down list.

    Leaving the default selection (--) is equivalent to requiring users to specify one user-defined question and answer.

    Selecting No means users will not see the option to answer admin-defined questions or specify/answer user-defined questions.

  5. Enter values for the related options.

    If the total number of user-defined and admin-defined questions you specify here is greater than the number of questions users must answer, then Privileged Access Service randomly selects questions from the pool of questions containing answers. We will not select questions for which users have not provided answers.

    • Require users to configure Security Questions on login: Users can configure security questions.

    • Allow duplicate security question answers: Users can enter duplicate answers to different questions if you enable this policy.

    • Required number of user-defined questions: Users can enter the questions and answers.

    • Minimum number of characters required in answers.

    • Authentication profile required to set security questions: (Optional) Specify additional authentication challenges (by selecting an authentication profile) users must provide before they can enter/answer user-defined security questions or select/answer admin-defined questions.

  6. Click Save.

Writing admin-defined security questions

You can write the admin-defined questions from which users can select, provide answers for, and use for authenticating to Privileged Access Service.

To write the admin-defined security questions:

  1. Log in to Admin Portal.

  2. Click Settings > Authentication > Security Questions > Add button.

  3. Enter the question you want made available to users.

    You can only enter one question at time.

  4. Click OK.