We currently use a paper form for security questions which helps us to reset passwords of remote users. However the paper list has become large so we are looking for a way to sort of re-enroll users with new security questions. We want to force users to supply the security questions and have a way to monitor who has enrolled.
However we dont want users to reset their passwords per say. We want to collect the secret questions and have a copy of all of them that we could put into a sql database or encrypt and add them to the HR database.
Seeing as with Adaxes password self service reset we can see who has enrolled I was wondering if we could use this but just disallow the right to actually change the password.
On the surface however I cant see a way to actually find the secret questions that users have submitted.
Is this possible with Adaxes?