Configuring Password Reset with Challenge Questions

WSO2 Identity Server enables resetting user passwords by correctly responding to predefined challenge questions (also known as security questions).


Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Alex who is a new recruit at Pickup has forgotten the password.

Let's learn how Alex can recover the password by answering a challenge question!

Set up

Follow the steps below to configure WSO2 Identity Server to enable password reset by answering to a challenge question.

Before you begin

  1. Run WSO2 Identity Server.

  2. Sign in to the WSO2 Identity Server Management Console at https://<SERVER_HOST>:9443/carbon as an administrator.

  1. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

    Resident menu-item

  2. Under the Account Management Policies section, click Account Recovery.

    Account Recovery Option

  3. Enter the required values as given below:

    • Enable Notification Based Password Recovery: Selected

    • Number of Questions Required for Password Recovery: 2

    Security-Question-Based Password Recovery Option

  4. Click Update.

Try out

  1. To create the user account for Alex:

    1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.

      Add Users and Roles menu-item

    2. Click Add New User.

      Add New User option

    3. Enter the required data as follows.

      Add New User screen

      • Domain: Primary
      • Username: Alex
    4. Click Finish.

  2. To assign login permissions to the user:

    1. Click the View Roles option of Alex.

      View Roles option

    2. Click Permissions.

      Role Permissions option

    3. Select Login and click Update.

      Login permission

  3. To configure the challenge questions:

    1. Access WSO2 Identity Server Dashboard at https://localhost:9443/dashboard/.

    2. Log in with the credentials of the user account that you created.

      Sign In form

    3. Consent to share the shown attributes with the given service provider.

      Consent form

    4. Under Account Recovery, click View details.

      Change Passwrod option

    5. Configure the challenge questions as given below:

      • Challenge Question 1: City where you were born?
      • Your Answer: Seattle
      • Challenge Question 2: Favourite sport?
      • Your Answer: Baseball

      Challenge Question form

    6. Click Update.

    7. Sign out.

  4. To mimic a forgotten password:

    1. On the Sign In screen of the WSO2 Identity Server Dashboard at https://localhost:9443/dashboard/, click Password.

      Sign In form

    2. Enter the user name as Alex and select the Recover with Security Questions option.

      Consent form

    3. Click Submit.

    4. Enter the first challenge question answer as Seattle and click Submit.

      First Security Question

    5. Enter the second challenge question answer as Baseball and click Submit.

      First Security Question

    6. Enter the new password and click Submit.

      Password Reset form

    7. Enter the user name and new password and click Sign In. The User Portal home screen appears.