Design Verification Screens

After a user successfully completes the identification screen, the system redirects the user to a verification screen where the user must provide information to verify the identity. The user may be required to answer one or more questions, or provide an attribute, such as a social security number.
cim1265
After a user successfully completes the identification screen, the system redirects the user to a verification screen where the user must provide information to verify the identity. The user may be required to answer one or more questions, or provide an attribute, such as a social security number.
If users must answer multiple verification questions,
Identity Manager
can display those questions on the same screen, or on separate screens.
This page contains the folloing topics:

Display Multiple Verification Questions At One Time

If users answer multiple questions to verify their identity, you can display those questions on a single screen.
If a single screen displays multiple questions, the number of questions that a user has to answer is determined by the number of question and answer pairs that you add to the profile screen for primary verification, not the number of questions that you configure in the search screen for the task.
To display multiple verification questions on a single screen
  1. Configure the Forgotten Password Logical Attribute Handler for multiple question and answer pairs.
    You can configure the ForgottenPasswordHandler in the User Console or the Management Console. For instructions, see the online help in the console that you want to use.
    Add |VerifyQuestion1| , |VerifyAnswer1| pairs depending upon the number of questions you want to set.
  2. Navigate to the Configure Forgotten Password Search screen or Configure Forgotten User ID Search screen, if necessary.
  3. Enter the text that appears above the area where users supply verification information in the Prompt for Primary Verification Screen field.
  4. In the Profile Screen for Primary Verification field, select a screen definition, such as the Forgotten Password Verify screen.
  5. Modify the screen definition to include the Logical Attributes for each of the verification question and answer pairs that should appear on the screen. For example, add fields as follows:
    |VerifyQuestion1| - Read only.
    |VerifyAnswer1| - Write Required.
  6. Delete the |VerifyQuestion| and |VerifyAnswer| logical attributes from Management Console (Home, Environments, <Env_Name>, Advanced Settings, Logical Attribute Handlers, ForgottenPasswordHandler).
  7. Make sure that the Prompt for Secondary Verification Screen and Profile Screen for Secondary Verification fields are blank in the Configure Forgotten Password Search or Configure Forgotten User ID Search screen.
  8. Enter the number of questions that user must answer correctly in the Number of Questions field.
  9. Click OK.

Display One Verification Question at a Time

For increased security, you can display only one verification question at a time. Subsequent questions are displayed only after the preceding question is answered successfully.
To display each verification question on a separate page, define a Primary Verification Screen and a Secondary Verification Screen.
The Primary Verification Screen is displayed after users provide valid identification, such as a user ID. When the user successfully answers one question on the primary verification screen,
Identity Manager
displays the secondary verification screen for each remaining question.
To configure the primary and secondary configuration screens:
  1. Make sure that the |VerifyQuestion| and |VerifyAnswer| logical attributes are configured in the ForgottenPasswordHandler logical attribute handler. See the
    Programming Guide for Java
    .
  2. Navigate to one of the following screens, if necessary:
    • Configure Forgotten Password Search Screen
    • Configure Forgotten User ID Search Screen
  3. Enter the text that appears above the area where users supply verification information in the Prompt for Primary Verification Screen field.
  4. In the Profile Screen for Primary Verification field, select a screen definition, such as the Forgotten Password Verify screen.
    Modify the screen definition to include the Logical Attributes for each of the question and answer pairs that should appear on the screen.
  5. Enter the text that appears above the area where users supply verification information in the Prompt for Secondary Verification Screen field.
  6. Select the Forgotten Password Secondary Verify screen in the Profile Screen for Secondary Verification field.
    Modify the screen to include |VerifyQuestion| and |VerifyAnswer| logical attributes.
    To use a secondary verification screen, you must configure a primary verification screen.
  7. Enter the number of questions that user must answer correctly in the Number of Questions field.
  8. Click OK.

Verify a User Attribute

Identity Manager
can verify a user identity by requiring the user to supply one or more profile attributes. You can require these attributes in addition to verification questions, or instead of them.
To use user attributes in the verification process
  1. Configure the verification screen as described in one of the following sections:
  2. Add one or more fields to collect the user attribute in the Forgotten Password Verify screen, or in a custom primary verification screen, if you designed one.
    For example, to collect a user’s employee number in addition to a user ID, modify the Forgotten Password Identify profile screen. Add one row containing a single field before or after the user ID field. Click the right arrow for the new field to define its properties.