LogonBox supports multiple authentication methods which can be used to log users on to the system as well as resetting their password etc.
This article explains how to configure your LogonBox to use the Security Questions authentication method.
Configuring the Authentication Scheme
It is important to note that you can apply different authentication flows for the different types of logon, and create Authentication Flows themselves that can be selected.
Each of these can have their own default authentication flow configured, but for this article we shall look at Password Reset.
Navigate to Administration->Authentication Flows->Schemes. Note that by default this is already configured with the configuration that was set during the setup process. In this case it is using User Selective 2FA which allows the user to choose which authentication modules to choose based on those they have configured.
If you have configured authentication to use Security Questions during the installatio setup before then nothing needs to be done here.
However you have a different setup and now wish to change to Security Questions, continue following this section.
Select the Actions menu, denoted by the three horizontal dots, and then select Edit.
The Update Flow page is now loaded and on the right side of the page you'll now see a list of all the authentication modules that are available to be used.
Note the different colours of the modules. Security Questions is a green module, this means that the module can be combined with any of the other modules in combination with either an orange, or blue module. A green module can be placed anywhere in the authentication flow after an orange or blue, but not before.
Click the plus icon next to Security Questions to add it into the authentication flow. Also select the delete option for the User Selective 2FA module to remove this from the flow.
If you have more than one green module, you can optionally drag the module to re-order the authentication flow but for this example, we will have just Username and Security Questions. Click Save to save the scheme.
Security Questions configuration
You may optionally configure a couple of items with Security Questions. Click on the edit icon inside the Security Questions module to see these settings.
These are the available settings:
- Questions to Ask: How many questions out of the available question pool do you want to ask the user during authentication? The module will choose randomly up to the number you define.
- Answers Required: How many of these answers are required? You could for example ask 3 questions but only require 2 to be correct.
Click Apply to save any changes.
3. Altering / adding Questions
To alter any of the existing Security Questions that are asked or to create new ones, navigate to Authentication Flows->Questions.
Creating a new question is very similar to editing one, so let's edit a question to see an example. Select the Actions menu and then select Edit.
On the first tab Options, you type in the actual question that is asked and you also have options to alter the minimum and maximum lengths that the answer can be.
On the Roles tab is where you define which users can be prompted for this question. Type in a Role and press enter to add the role. By default, if you add the Everyone role, then everyone on the system can see this. You can use Roles to set different questions for different sets of users if you wish.
4. Testing
As we have configured this scheme for Password Reset, to test this click on the Reset Password link on the main LogonBox portal.
The user is first prompted for their Username.
The user is then prompted to answer some questions and click Next.
After this module completes, the user is then prompted to reset their password.