Configuring Password Reset with Challenge Questions¶
WSO2 Identity Server enables resetting user passwords by correctly responding to predefined challenge questions (also known as security questions).
Scenario¶
Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Alex who is a new recruit at Pickup has forgotten the password.
Let's learn how Alex can recover the password by answering a challenge question!
Set up¶
Follow the steps below to configure WSO2 Identity Server to enable password reset by answering to a challenge question.
Before you begin
-
Sign in to the WSO2 Identity Server Management Console at
https://<SERVER_HOST>:9443/carbon
as an administrator.
-
On the Main menu of the Management Console, click Identity > Identity Providers > Resident.
-
Under the Account Management Policies section, click Account Recovery.
-
Enter the required values as given below:
-
Enable Notification Based Password Recovery: Selected
-
Number of Questions Required for Password Recovery:
2
-
-
Click Update.
Try out¶
-
To create the user account for Alex:
-
On the Main menu of the Management Console, click Identity > Users and Roles > Add.
-
Click Add New User.
-
Enter the required data as follows.
- Domain:
Primary
- Username:
Alex
- Domain:
-
Click Finish.
-
-
To assign login permissions to the user:
-
Click the View Roles option of Alex.
-
Click Permissions.
-
Select Login and click Update.
-
-
To configure the challenge questions:
-
Access WSO2 Identity Server Dashboard at
https://localhost:9443/dashboard/
. -
Log in with the credentials of the user account that you created.
-
Consent to share the shown attributes with the given service provider.
-
Under Account Recovery, click View details.
-
Configure the challenge questions as given below:
- Challenge Question 1:
City where you were born?
- Your Answer:
Seattle
- Challenge Question 2:
Favourite sport?
- Your Answer:
Baseball
- Challenge Question 1:
-
Click Update.
-
Sign out.
-
-
To mimic a forgotten password:
-
On the Sign In screen of the WSO2 Identity Server Dashboard at
https://localhost:9443/dashboard/
, click Password. -
Enter the user name as
Alex
and select the Recover with Security Questions option. -
Click Submit.
-
Enter the first challenge question answer as
Seattle
and click Submit. -
Enter the second challenge question answer as
Baseball
and click Submit. -
Enter the new password and click Submit.
-
Enter the user name and new password and click Sign In. The User Portal home screen appears.
-