Self-service password reset (SSPR) question and answer (QA) gate complexity criteria in FIM 2010 R2

In Forefront Identity Manager (FIM) 2010 it is possible for a user to provide the same answer for each question when registering for SSPR.  There is also no control on the minimum length of an answer, whether it must have a number or not, etc.

FIM 2010 R2 (release candidate) supports QA gate complexity constraints via regular expressions.  In the QA gate activity settings in addition to defining the total number of questions, the number of questions displayed and required during registration, and the number of questions displayed and required during reset (as well as the new security context option that defines whether the gate applies to extranet or all) there are some new settings:

  • Allow duplicate answers.  A Boolean value, implemented as a checkbox that, as the name implies, permits the same answer when checked.  For most of us this will remain unchecked.
  • Answer constraint.  A regular expression that defines the permissible structure and complexity of answers, i.e. you can define the minimum and maximum length, allowed characters, etc.  This answer constraint is a global setting –there is not one constraint per question.
  • Message to user that describes uniqueness and answer text constraints.  As the label implies this is the string that defines (displays) the constraints on the registration page.
  • Terse inline error message to user for answers that violate uniqueness or text constraints.  Again, as the label nicely describes, this is the error string presented on a per-answer input basis if the answer does not match the regex defined as the answer constraint.

This is a long awaited and great improvement to the core functionality of SSPR.  To close this post and summarise the above here’s a screenshot.

clip_image002

About these ads

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in FIM, FIM 2010 R2, News, Self Service Password Reset and tagged , , , , , , , . Bookmark the permalink.

One Response to Self-service password reset (SSPR) question and answer (QA) gate complexity criteria in FIM 2010 R2

  1. Pingback: Web-based Self-Service Password Reset with FIM 2010 R2 | Dominik's Cloud Security Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s