As per our check, the functionality works as intended. It looks like the behaviour occurs because the steps you took were as follows:
- A Password Self-Service policy without mandatory questions was created.
- The test user was enrolled for Password Self-Service with the policy.
- The policy was changed by making specific questions mandatory.
- The test user was not reenrolled for Password Self-Service and thus during the process can still select the questions configured in the policy on step 1.
This behavior is by design. To make sure that the account you are using for tests will be enrolled for Password Self-Service with the new policy settings:
- Sign in to Adaxes Web interface that has the Password Self-Service component enabled (by default it is the Self Service Web Interface) with the credentials of the test account.
- In the top right corner, expand My Menu.
- Expand the Password Self-Service drop-down and click Reenroll.
- Complete the wizard (mandatory questions will be displayed first and there will be no possibility to select other questions before providing answers to all the mandatory ones).
Also, it is not possible to make a specific question mandatory during Self-Password reset. When a user enrolls they will provide answers to questions and only the questions will be displayed during reset. If you want to make sure a specific question is always answered during self-password reset, you need to make the question mandatory in the policy settings as we described in the previous post and make the number of questions equal the number of questions to be answered.