Novell Doc: Identity Manager User Application: Administration Guide

19.4 IDM Challenge Response portlet

This self-service portlet lets users:

Set up the valid responses to administrator-defined challenge questions, and set up user-defined challenge questions and responses
Change the valid responses to administrator-defined challenge questions, and change user-defined challenge questions and responses

19.4.1 Requirements

The IDM Challenge Response portlet has the following requirements:

Topic	Requirements
Password policy	This portlet requires a password policy with forgotten password enabled and a challenge set.
Universal Password	This portlet does not require Universal Password to be enabled.
eDirectory configuration	This portlet requires that you grant supervisor rights to the User Application Administrator for the container in which the logged-in user resides. Granting these privileges allows the user to write a challenge response to the secret store. For example, suppose the LDAP realm administrator is cn=admin, ou=sample, n=novell and you log in as cn=user1, ou=testou, o=novell. You need to assign cn=admin, ou=sample, n=novell as a trustee of testou, and grant supervisor rights on [All attribute rights].

Topic

Requirements

Password policy

This portlet requires a password policy with forgotten password enabled and a challenge set.

Universal Password

This portlet does not require Universal Password to be enabled.

eDirectory configuration

This portlet requires that you grant supervisor rights to the User Application Administrator for the container in which the logged-in user resides. Granting these privileges allows the user to write a challenge response to the secret store.

For example, suppose the LDAP realm administrator is cn=admin, ou=sample, n=novell and you log in as cn=user1, ou=testou, o=novell. You need to assign cn=admin, ou=sample, n=novell as a trustee of testou, and grant supervisor rights on [All attribute rights].

19.4.2 Usage

To use the IDM Challenge Response portlet, you need to know about the following:

How IDM Challenge Response is used during login

During the login process, the IDM Login Portlet automatically redirects to the IDM Challenge Response portlet whenever the user needs to set up challenge questions and responses (for example, the first time a user attempts to log in to the application after an administrator assigns the user to a password policy in iManager. The password policy must have forgotten password enabled and include a challenge set).

How IDM Challenge Response is used in the user application

By default, the user application provides users with self service for changing challenge questions and responses.