Restoring Account Access using Security Questions

By default, using Imprivata self-service for password reset requires that the user to reset their password to restore access to a locked Microsoft® Active Directory® (AD) account. The AD account can become locked if the user exceeds the lockout settings configured in the user policy.

You can configure the Self-Service Password Reset (SSPR) workflow to also let a user unlock an account by answering security questions, without resetting his password. Restoring AD account access using security questions:

• Is accessible through the Imprivata login window and the Imprivata Self-Services home page.

• Does not apply to disabled accounts.

Workflow

The following workflow applies to restoring access to a locked account using security questions:

1. The user is notified that the account is locked during login.

2. The user clicks Forgot Password.

3. The user selects Unlock Account and then login and clicks Next.

   NOTE: The Reset password and then log in setting remains available.

4. The user answers security questions and logs in using their existing credentials.

   NOTE:

   The answers to security questions are not case-sensitive.

Configuring the Appliance Settings

This functionality applies to all users in the enterprise that are licensed for SSPR. You cannot limit this type of access by user policy.

To enable the setting:

1. In the Imprivata Admin Console, go to the gear icon menu > Settings page > Self-Service Customization section.

2. Select Allow unlock of AD accounts without requiring a password reset.

3. Click Save.