AM 7.5.0

KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled. For more information, refer to Security questions.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)

This functionality requires that you configure AM as part of a sample ForgeRock Identity Platform deployment.


ForgeRock Identity Platform (self-managed)



None. This node doesn’t require any attributes from the shared node state.


This node depends on IDM for the KBA configuration.


Property Usage

Purpose Message

A localized message describing the purpose of the data requested from the user.

Default: none

Allow User-Defined Questions

When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.

Default: Enabled


Create or modify custom localized questions that the user can choose from when defining security questions.

To add a localized security question:

  1. Click + to open the Add a Security Question form.

  2. Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.

  3. Repeat to add further questions, and click Save when complete.

To edit an existing security question, click the edit icon , make your changes, and click Save.

Default: What’s your favorite color? (locale: en)


The node writes the KBA questions and answers in the transient shared node state.


Single outcome path; on success, the transient state holds the questions and answers.


This node logs a Failed to retrieve kba configuration warning message when it can’t read the configuration.


The following registration journey prompts for questions and answers when creating an account:

Collecting questions and answers during registration
Copyright © 2010-2024 ForgeRock, all rights reserved.