KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled. For more information, refer to Security questions.

Compatibility

Product

Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

This functionality requires that you configure AM as part of a sample ForgeRock Identity Platform deployment.

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

None. This node doesn’t require any attributes from the shared node state.

Dependencies

This node depends on IDM for the KBA configuration.

Configuration

Property Usage

Property	Usage
Purpose Message	A localized message describing the purpose of the data requested from the user. Default: none
Allow User-Defined Questions	When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only. Default: Enabled
Questions	Create or modify custom localized questions that the user can choose from when defining security questions. To add a localized security question: Click + to open the Add a Security Question form. Select from the list of existing locales or add a new locale, type a question into the text field, and click Done. Repeat to add further questions, and click Save when complete. To edit an existing security question, click the edit icon , make your changes, and click Save. Default: `What’s your favorite color?` (locale: `en`)

Purpose Message

A localized message describing the purpose of the data requested from the user.

Default: none

Allow User-Defined Questions

When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.

Default: Enabled

Questions

Create or modify custom localized questions that the user can choose from when defining security questions.

To add a localized security question:

Click + to open the Add a Security Question form.
Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.
Repeat to add further questions, and click Save when complete.

To edit an existing security question, click the edit icon , make your changes, and click Save.

Default: What’s your favorite color? (locale: en)

Outputs

The node writes the KBA questions and answers in the transient shared node state.

Outcomes

Single outcome path; on success, the transient state holds the questions and answers.

Errors

This node logs a Failed to retrieve kba configuration warning message when it can’t read the configuration.

Example

The following registration journey prompts for questions and answers when creating an account:

Collecting questions and answers during registration

The Page node collects registration information:
- The Platform Username node prompts for and collects a username for the new account.
- The Attribute Collector node prompts for a given name, a surname, an email address, and profile preferences.
- The Platform Password node prompts for and collects a password.
- The KBA Definition node collects questions and answers.
- The Accept Terms and Conditions node prompts the user to accept the active terms and conditions.
The Create Object node stores the collected information in the new account object.
The Increment Login Count node updates the number of successful authentications.

AM 7.5.0