0 votes

Hi Team,

We would like to use security based questions and answers for password resets.

I have found that we can force a user to answer certain questions when enrolling, but if we only say answer 3 of 5 then that question won't always come up.

Is there a way to ensure that a question must be answered each time?


by (1.5k points)

1 Answer

0 votes
by (177k points)

Hello Anton,

Yes, it is possible. To make a security question required for enrollment and further self-password resets:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Password Self-Service and select Policies. image.png
  4. In the Result Pane on the right, right-click the policy you need.
  5. In the context menu, click Edit.
  6. Activate the Authentication tab.
  7. Click Edit Questions. image.png
  8. In the Required column, change the value for mandatory questions to Yes. image.png
  9. Click OK twice.

Thanks for you answer.

I have this setup however it does not always ask that question when going through the forgot your password steps. It seems to be random which questions you get.

I am unsure whether this is more of a bug as the feature looks like it has been implemented.

Edit: For testing I am reducing the number of answers required down to 2 of 5. If you could test this and let me know that would be great.



Hello Anton,

As per our check, the functionality works as intended. It looks like the behaviour occurs because the steps you took were as follows:

  1. A Password Self-Service policy without mandatory questions was created.
  2. The test user was enrolled for Password Self-Service with the policy.
  3. The policy was changed by making specific questions mandatory.
  4. The test user was not reenrolled for Password Self-Service and thus during the process can still select the questions configured in the policy on step 1.

This behavior is by design. To make sure that the account you are using for tests will be enrolled for Password Self-Service with the new policy settings:

  1. Sign in to Adaxes Web interface that has the Password Self-Service component enabled (by default it is the Self Service Web Interface) with the credentials of the test account.
  2. In the top right corner, expand My Menu.
  3. Expand the Password Self-Service drop-down and click Reenroll. image.png
  4. Complete the wizard (mandatory questions will be displayed first and there will be no possibility to select other questions before providing answers to all the mandatory ones).

Also, it is not possible to make a specific question mandatory during Self-Password reset. When a user enrolls they will provide answers to questions and only the questions will be displayed during reset. If you want to make sure a specific question is always answered during self-password reset, you need to make the question mandatory in the policy settings as we described in the previous post and make the number of questions equal the number of questions to be answered. image.png

Related questions

0 votes
1 answer

Hi everyone! Is there a way to force a particular language (in this case English) for the Password Reset web page(s)? Background: Up to recently we have used the Self- ... number of non-German users, we would like to switch the pages to English. Thanks Erik

asked Jun 1, 2016 by eventit (1.1k points)
0 votes
0 answers

All, This may be somewhat of a generic question, but I've looked through a majority of the Self Service Password reset documentation and can't really find a definitive answer. ... the "PssEnroll.aspx" page and all I can do is answer my questions once again.

asked Sep 7, 2017 by Ben.Burrell (2.7k points)
0 votes
1 answer

Is there a way to export the list of users enrolled in Password Self-Service? When I click on "Statistics" and select only "Enrolled", I see the list ... Attributes such as "adm-PasswordSelfServiceEnrollmentInfo" (I am guessing that is the correct attribute)

asked Jun 6, 2016 by Kikaida (4.8k points)
0 votes
1 answer

Hi, is there a way to manually unblock a user from Password Self-Service in case he entered his/her answers incorrectly and can't wait the predefined time until he gets automatically unblocked? Regards Ingemar

asked Dec 5, 2013 by ijacob (6.1k points)
0 votes
1 answer

Hi! In 2019.2 new feature was introduced to use Microsoft Authenticator to validate the password self-service. Is it possible to connect it to existing MFA in ... Authenticator - one company account and another one generated by Adaxes after enrollment. Thanks!

asked Oct 30, 2019 by Dmytro.Rudyi (3.3k points)
2,183 questions
1,948 answers
5,258 users