test

Oracle Waveset 8.1.1 Business Administrator's Guide

To Establish Authentication Questions for an Account Policy

  1. Select Security > Policies from the main menu.

  2. Choose DefaultWaveset Account Policy from the list of policies.

    Authentication selections are offered in the Secondary Authentication Policy Options area of the page. The following table describes each option.

    Option 

    Description 

    All 

    Requires the user to answer all policy-defined and personalized questions. 

    Any 

    Waveset displays all policy-defined and personalized questions. You must specify how many questions the user must answer. 

    Next 

    Requires the user to answer all possible policy-defined questions the first time that user logs in.  

    If the user clicks the Forgot Your Password? button during login, Waveset displays the first question. If the user answers incorrectly, Waveset displays the next question, and so on until the user answers an authentication question correctly and logs in, or is locked out based on the specified failure attempts limit. User-generated questions are not supported for this policy. 

    Random 

    Allows the administrator to specify how many questions the user must answer. Waveset randomly selects and displays the specified number of questions from the list of questions defined in the policy as well as those the user has defined. The user must answer all questions displayed. 

    Round robin 

    Waveset selects the next question from the list of configured questions and assigns this question to the user. The first user is assigned the first question in the list of authentication questions, and the second user is assigned the second question. This pattern continues until the number of questions is exceeded. At that point, questions are assigned to users in sequential order. For example, if there are 10 questions, the 11th and 21st users are assigned the first question. 

    Only the selected question is displayed. If you want the user to answer a different question every time, use the Random policy and set the number of questions to 1. 

    Users cannot define their own authentication questions. See Using Personalized Authentication Questions for more information about this feature.

You can verify your authentication choices by logging in to the Waveset End User interface, clicking the Forgot Your Password? button, and answering the presented question or questions.

Note –

After you set up the authentication questions, users must log in to the End User interface and provide initial answers to their authentication questions. If the users do not set answers the first time they log in, they cannot successfully log in without a password.

The following figure shows an example of the User Account Authentication screen.

Figure 3–8 User Account Authentication

Figure showing an example User Account Authentication screen.

Using Personalized Authentication Questions

In the Waveset account policy, you can select an option to allow users to supply their own authentication questions in the End User and Administrator interfaces. You can additionally set the minimum number of questions that the user must provide and answer to be able to log in successfully by using personalized authentication questions.

    To configure Waveset to allow user-supplied questions, perform the following steps:

  1. Select the Security > Policies tabs.

  2. On the Policies page, click Default Identity Manager Account Policy.

  3. When the Policy page displays, scroll down to the Secondary Authentication Policy Options section.

    Complete this section as follows:

    • For Login Interface. Select User Interface from the menu.

    • Maximum Number of Failed Login Attempts. Enter the maximum number of failed attempts you want to allow.

    • Enforce Answer Policy at Login. Deselect this option.

    • Authentication Questions Policy. Select Any from the menu.

    • Minimum Number of Questions User is Required to Answer. Enter the minimum number of questions you want the user to answer.

    • Answer Quality Policy. Select None from the menu.

      Note –

      If you previously configured one or more Authentication Answer Quality Policies, they will be available for selection from the menu. Otherwise, the only option is None.

    • Allow User Supplied Questions. Select this option to allow user-supplied questions.

    • Minimum Number of User Supplied Questions. Enter the minimum number of questions you want the user to provide.

    • Supplied Question Quality Policy. Select None from the menu.

      Note –

      If you previously configured one or more Authentication Question Quality Policies, they will be available for selection from the menu. Otherwise, the only option is None.

    • Organizations. Select one or more organizations to which this object will be available.

  4. Click Save to save your changes.

Users can add and change questions from the Change Answers to Authentication Questions page. An example of this page is shown in Figure 3–9.

Figure 3–9 Change Answers: Personalized Authentication Questions

Figure showing an example Change Answers to Authentication Questions page

Bypassing the Change Password Challenge after Authentication

When users successfully authenticate by answering one or more questions, by default they are challenged by the system to provide a new password. You can configure Waveset to bypass the change password challenge, however, by setting the bypassChangePassword system configuration property for one or more Waveset applications.

For instructions on editing the system configuration object, see Editing Waveset Configuration Objects.

To bypass the change password challenge for all applications following successful authentication, set the bypassChangePassword property as follows in the system configuration object.

Example 3–2 Setting the Attribute to Bypass the Change Password Challenge

<Attribute name="ui" 
 <Object>
   <Attribute name="web">
     <Object> 
       <Attribute name=’questionLogin’>
         <Object>
           <Attribute name=’bypassChangePassword’>
             <Boolean>true</Boolean>
           </Attribute>
         </Object>
       </Attribute>
   ...
 </Object>
...

To disable this password challenge for a specific application, set it as follows.

Example 3–3 Setting the attribute to Disable the Change Password Challenge


<Attribute name="ui">
  <Object>
    <Attribute name="web">
      <Object>
        <Attribute name=’user’>
          <Object>
            <Attribute name=’questionLogin’>
              <Object>
                <Attribute name=’bypassChangePassword’>
                  <Boolean>true</Boolean>
                </Attribute>
              </Object>
            </Attribute>
         </Object>
       </Attribute>
     ... 
  </Object> 
...