Customers using the Self-Service Password Reset feature of FIM 2010 have reported some concerns that users do not answer the “security” questions seriously. They might answer “A” for all questions for example, just to get rid of being required to register for SSPR. In R2 this behaviour can be prevented!
Look at the screenshot below from FIM 2010 R2 RC released yesterday.
In the new QA gate you can force the users to not having the same answers to two questions and also define a regular expression that the answers need to satisfy.
In my opinion this will increase the number of users who will answer the questions seriously!
It MAY force serious answers but it won”t force uptake.
In 2005 I created a self service web based password management solution that integrated with MIIS SP2, available as a service (Logica were a contracted reseller), using ADAM / AD LDS as the hosted repository syncing to on-premise ADs. The service was sold by Logica to their customers as a (self-service) service to reduce help desk costs and all the inefficiencies related to human intervention.
The gateway had exactly the same criteria as the R2 setup above and with increased strengthening of the gateway criteria came reduced uptake by the user population.
Companies had to offer incentives (bribes), to get them to sign up, but the big oversight was that most corporate environments have users who know how to do nothing more than login and use Word!
There”s the limitation!
If you integrate FIM with the Windows OS using the FIM Client components it is possible to “prompt” the users to register every login until they do. I think that will make most users register for SSPR.
Any idea if there is a solution to allow the user when registering to pick 3 questions from a pool of questions instead of the fixed mandatory questions that FIM imposes?
I”m afraid not. All you can do is have pool of questions, for example 5, and configure FIM to ask only 3. But then those 3 questions will be randomly selected among the 5.