KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled. For more information, refer to Security questions.

Compatibility

Product	Compatible?
Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

None. This node doesn’t require any attributes from the shared node state.

This node depends on the underlying identity service for the KBA configuration.

Property Usage

Property	Usage
Purpose Message	A localized message describing the purpose of the data requested from the user. Default: none
Allow User-Defined Questions	When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only. Default: Enabled
Questions	Create or modify custom localized questions that the user can choose from when defining security questions. To add a localized security question: Click + to open the Add a Security Question form. Select from the list of existing locales or add a new locale, type a question into the text field, and click Done. Repeat to add further questions, and click Save when complete. To edit an existing security question, click the edit icon , make your changes, and click Save. Default: `What’s your favorite color?` (locale: `en`)

Purpose Message

A localized message describing the purpose of the data requested from the user.

Default: none

Allow User-Defined Questions

When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.

Default: Enabled

Questions

Create or modify custom localized questions that the user can choose from when defining security questions.

To add a localized security question:

Click + to open the Add a Security Question form.
Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.
Repeat to add further questions, and click Save when complete.

To edit an existing security question, click the edit icon , make your changes, and click Save.

Default: What’s your favorite color? (locale: en)

The node writes the KBA questions and answers in the transient shared node state.

Single outcome path; on success, the transient state holds the questions and answers.

This node logs a Failed to retrieve kba configuration warning message when it can’t read the configuration.

The following registration journey prompts for questions and answers when creating an account:

The Page node collects registration information:
- The Platform Username node prompts for and collects a username for the new account.
- The Attribute Collector node prompts for a given name, a surname, an email address, and profile preferences.
- The Platform Password node prompts for and collects a password.
- The KBA Definition node collects questions and answers.
- The Accept Terms and Conditions node prompts the user to accept the active terms and conditions.
The Create Object node stores the collected information in the new account object.
The Increment Login Count node updates the number of successful authentications.