OIM 11g Challenge Questions (PCQ) for forgot password

.

When user login to OIM for first time, they are asked to set response to challenge questions. These challenge question and response are used, if user forgets his/her password and try to reset them via forgot password link. This post covers overview of challenge question and adding/managing additional questions.

1. To configure challenge questions , use OIM design Console (more on OIM design console here and  here)

a) Navigate to Administration -> Lookup Definition

b) Search for Lookup Code Lookup.WebClient.Questions

c) Click on Add/Delete button to add or delete challenge questions

.

2. OIM challenge question and response are governed by following System Properties that are accessible from OIM Advanced Administration Console using  Advanced -> System Management (tab) -> System Configuration

.

.

a) OIM.DisableChallengeQuestions (default value FALSE) : determines if challenge questions are enabled or disabled. Set this value to TRUE (i.e. disable challenge questions in OIM), if OIM is integrated with OAAM (Adaptive Access Manager) so that challenge questions are set by OIM.

b) PCQ.PROVIDE_DURING_SELFREG (default value TRUE) : determines if user has to provide challenge information during self registration.

c) XL.IsDupResponseAllowed (default value FALSE) : determines if duplicate answer to challenge questions are allowed or not. If set to TRUE, users are allowed to select same answer to different challenge questions.

d) XL.ResponseMinLength (default value 0) : determines minimum length of response required for challenge question.

e) PCQ.NO_OF_CORRECT_ANSWERS (default value 3) : determines number of questions , user must answer correctly to reset user password.

f) OIM.ChallengeQuestionsModificationURL (default value NONE) : determines challenge question URL when OIM.DisableChallengeQuestions is set to TRUE. Typically used in OIM integration with OAAM

g) PCQ.USE_DEF_QUES (default value TRUE) : determines if user must select questions from pre-defined list, or if users are required to provide their own questions.

Note: If you wish to give option to users to set their own questions then you will have to customise OIM user interface and then set PCQ.USE_DEF_QUES to FALSE

h) PCQ.FORCE_SET_QUES (default value TRUE) : determines if user is forced to set challenge question/response at start-up. If value is set to FALSE then Skip challenge questions or Remind Later is displayed.

.

i) PCQ.NO_OF_QUES (default value 3) : determines Number of challenge questions that must be completed by user.

 

3. User challenge question and responses are stored in table PCQ of OIM schema where USR_KEY is column which links to USR_KEY in USR (USER details) table .

 

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

6 comments
IAM Consultant says December 27, 2011

Hi Atul

Have you tried the following OIM 11g:

c) Click on Add/Delete button to add or delete challenge questions

As far as I know, this shouldn’t work as per OIM 11g design.

Reply
Atul Kumar says December 28, 2011

@ IAM Consultant,
Yes I tried adding few questions and I could see new challenge question.

Could you please share documentation which says this should not work ?

Reply
sinraj72 says April 19, 2012

Hi Atul,

I am not sure whether this is righ thread or not, but wanted to know is there any mechnaism available whereby “Forgot Password” option can be used with OAM 11g without using OIM 11g? Is there any feature available in OID to use “Forgot passowrd” option to a certain extent?

A prompt reply will support me a lot

Reply
    Atul Kumar says April 19, 2012

    As mentioned in reply to other comment, I am not aware of configuring Forgot Password without using OIM 11g or any other IDM product (or custom application). You can use ODSM to reset password (only if you have an existing password)

    Reply
NC says April 26, 2012

Hi Atul,

I wanted to know if we can put rules on challenge questions. For e.g question is my favourite color, answer should not be “color”. How can we implemement such rules?

Thanks for your help!

Reply
» OIM 11g Challenge Questions – Everything you must know Online Apps DBA: One Stop Shop for Apps DBA’s says October 16, 2012

[…] in October 16th, 2012 byAtul Kumar in OIM I discussed about challenge questions in OIM here , In this post I am going to cover everything you must know about challenge questions in […]

Reply
Add Your Reply

Not found