Identity Cloud

KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled. For more information, refer to Security questions.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

None. This node doesn’t require any attributes from the shared node state.

Dependencies

This node depends on the underlying identity service for the KBA configuration.

Configuration

Property Usage

Purpose Message

A localized message describing the purpose of the data requested from the user.

Default: none

Allow User-Defined Questions

When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.

Default: Enabled

Questions

Create or modify custom localized questions that the user can choose from when defining security questions.

To add a localized security question:

  1. Click + to open the Add a Security Question form.

  2. Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.

  3. Repeat to add further questions, and click Save when complete.

To edit an existing security question, click the edit icon , make your changes, and click Save.

Default: What’s your favorite color? (locale: en)

Outputs

The node writes the KBA questions and answers in the transient shared node state.

Outcomes

Single outcome path; on success, the transient state holds the questions and answers.

Errors

This node logs a Failed to retrieve kba configuration warning message when it can’t read the configuration.

Example

The following registration journey prompts for questions and answers when creating an account:

Collecting questions and answers during registration
Copyright © 2010-2024 ForgeRock, all rights reserved.