Skip to Content
author's profile photo Former Member
Former Member

IDM Password Reset Authentication Questions


We are implementing Password Self Service using IDM 7.1, everything is set up and we have tested and were able to reset password for users to connected target systems. we are now doing some cosmetic changes before going live, like

setting up new authentication questions and changing existing questions from IDM.

In total we have 10 questions and the way we set it is

Minimum number of validation questions = 5

No. of questions to show = 3

No. of answers required = 3

After setting all 10 questions, i took a new test id who was never set with a profile and set its profile with 5 random questions answers out of 10 and saved it, went back to /idm/pwdrest and entered the unique id which is the user id and the 3 challenge questions it showed up were not the ones i set my answers to.

Why is it prompting the questions for which i have not set answers to ?

Can anyone tell me if i am missing any config creating these attributes ?? or its the way IDM works ??


Add comment
10|10000 characters needed characters exceeded

2 Answers

  • Best Answer
    Posted on Sep 21, 2011 at 06:55 PM


    It has been my experience that the system will show any of the available questions when a user has not had any answers set. Sometimes, there is a disconnect with the Unique ID entered and the user ID stored in the identity store and it just cannot find the stored answers. As long as the additional question attributes you created follow the existing convention, they should be fine.

    I would start by looking at what question attributes you have commited for the user and which ones show in the pwdreset task screen for the user. You can also run the guided task several times with the same ID to see what rotation of questions you see to see if it is going through all 10 or only a certain subset.

    Do you have a self-service task configured to set the question answers?



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks Jared.

      I just tried my test id for the password reset and now it is prompting the questions which is set for.

      Sometimes it takes a while for IDM to store the answers i guess, as i created another id and set the answers for it and immediately used the password rest and it worked as intended.



  • author's profile photo Former Member
    Former Member
    Posted on Sep 21, 2011 at 10:02 PM

    Its now again throwing random questions for the user id

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member


      I would suggest you to verify the attribute MX_FAILEDRECOVER on the user, because it sounds like this attribute on your user has a higher value than the setting "Maximum no of attempts" on the password reset task.

      This attribute will be set immediatly when the user tries to do a pwdreset.

      If so, it will ask any question to the user, and in any case the password reset will fail because the user has exceeded the number of


      Try to delete this attribute from the user and then see if the correct questions is asked again.

      Best regards

      Roy Tronstad