PingAM 7.5.1

KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled. For more information, refer to Security questions.

Compatibility

Product Compatible?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

This functionality requires that you configure AM as part of a sample Ping Identity Platform deployment.

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

None. This node doesn’t require any attributes from the shared node state.

Dependencies

This node depends on IDM for the KBA configuration.

Configuration

Property Usage

Purpose Message

A localized message describing the purpose of the data requested from the user.

Default: none

Allow User-Defined Questions

When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.

Default: Enabled

Questions

Create or modify custom localized questions that the user can choose from when defining security questions.

To add a localized security question:

  1. Click + to open the Add a Security Question form.

  2. Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.

  3. Repeat to add further questions, and click Save when complete.

To edit an existing security question, click the edit icon , make your changes, and click Save.

Default: What’s your favorite color? (locale: en)

Outputs

The node writes the KBA questions and answers in the transient shared node state.

Outcomes

Single outcome path; on success, the transient state holds the questions and answers.

Errors

This node logs a Failed to retrieve kba configuration warning message when it can’t read the configuration.

Example

The following registration journey prompts for questions and answers when creating an account:

Collecting questions and answers during registration