Skip to content

Configuring Password Reset with Challenge Questions

WSO2 Identity Server enables resetting user passwords by correctly responding to predefined challenge questions (also known as security questions).


Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Alex who is a new recruit at Pickup has forgotten the password.

Let's learn how Alex can recover the password by answering to a challenge question!

Set up

Follow the steps below to configure WSO2 Identity Server to enable password reset by answering to a challenge question.

Before you begin

  1. Run WSO2 Identity Server.

  2. Sign in to the WSO2 Identity Server Management Console at https://<SERVER_HOST>:9443/carbon as an administrator.

  1. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

    Resident menu-item

  2. Under the Account Management Policies section, click Account Recovery.

    Account Recovery Option

  3. Enter the required values as given below:

    • Enable Notification Based Password Recovery: Selected

    • Number of Questions Required for Password Recovery: 2

    Security-Question-Based Password Recovery Option

  4. Click Update.

Try out

  1. To create the user account for Alex:

    1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.

      Add Users and Roles menu-item

    2. Click Add New User.

      Add New User option

    3. Enter the required data as follows.

      Add New User screen

      • Domain: Primary
      • Username: Alex
    4. Click Finish.

  2. To assign login permissions to the user:

    1. Click the View Roles option of Alex.

      View Roles option

    2. Click Permissions.

      Role Permissions option

    3. Select Login and click Update.

      Login permission

  3. To configure the challenge questions:

    1. Access WSO2 Identity Server My Account Portal at https://localhost:9443/myaccount/.

    2. Log in with the credentials of the user account that you created.

      Sign In form

    3. Under Account Recovery, click + to add or update security questions.

      Change Passwrod option

    4. Configure the challenge questions as given below:

      • Challenge Question 1: Name of your first pet?
      • Your Answer: Tom
      • Challenge Question 2: Favourite food?
      • Your Answer: Pizza

      Challenge Question form

    5. Click Update.

    6. Sign out.

  4. To mimic a forgotten password:

    1. On the Sign In screen of the WSO2 Identity Server My Account Portal at https://localhost:9443/myaccount/, click Password.

      Sign In form

    2. Enter the user name as Alex and select the Recover with Security Questions option.

      Consent form

    3. Click Submit.

    4. Enter the first challenge question answer as Tom and click Submit.

      First Security Question

    5. Enter the second challenge question answer as Pizza and click Submit.

      First Security Question

    6. Enter the new password and click Submit.

      Password Reset form

    7. Enter the user name and new password and click Sign In. The User Portal home screen appears.