---
title: KBA Definition node
description: The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.
component: auth-node-ref
version: latest
page_id: auth-node-ref::kba-definition
canonical_url: https://docs.pingidentity.com/auth-node-ref/latest/kba-definition.html
keywords: ["Nodes &amp; Trees", "Journeys", "Authentication"]
page_aliases: ["auth-node-kba-definition.adoc"]
superseded_by: https://docs.pingidentity.com/auth-node-ref/latest/kba-definition.html
section_ids:
  example: Example
  availability: Availability
  inputs: Inputs
  dependencies: Dependencies
  configuration: Configuration
  outputs: Outputs
  outcomes: Outcomes
  errors: Errors
---

# KBA Definition node

The KBA Definition node collects knowledge-based authentication (KBA) questions and answers.

Use this node when creating or updating a user with KBA enabled.

You can find more information in [Security questions](https://docs.pingidentity.com/pingoneaic/self-service/self-registration.html#security-questions).

## Example

The following registration journey prompts for questions and answers when creating an account:

![Collecting questions and answers during registration](_images/registration-journey.png)

* The [Page node](page.html) collects registration information:

  * The [Platform Username node](platform-username.html) prompts for and collects a username for the new account.

  * The [Attribute Collector node](attribute-collector.html) prompts for a given name, a surname, an email address, and profile preferences.

  * The [Platform Password node](platform-password.html) prompts for and collects a password.

  * The KBA Definition node collects questions and answers.

  * The [Accept Terms and Conditions node](accept-terms-and-conditions.html) prompts the user to accept the active terms and conditions.

* The [Create Object node](create-object.html) stores the collected information in the new account object.

* The [Increment Login Count node](increment-login-count.html) updates the number of successful authentications.

## Availability

| Product                               | Available? |
| ------------------------------------- | ---------- |
| PingOne Advanced Identity Cloud       | Yes        |
| PingAM (self-managed)                 | Yes 1      |
| Ping Identity Platform (self-managed) | Yes        |

1 This functionality requires that you configure AM as part of a [Ping Identity Platform deployment](https://docs.pingidentity.com/platform/8.1/sample-setup/).

## Inputs

None. This node doesn't read shared state data.

## Dependencies

This node depends on the underlying identity service (PingIDM) for the KBA configuration.

## Configuration

| Property                     | Usage                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Purpose Message              | A localized message describing the purpose of the data requested from the user.Default: none                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| Allow User-Defined Questions | When enabled, users can create their own KBA questions. Disable this setting to restrict users to select from predefined questions only.Default: Enabled                                                                                                                                                                                                                                                                                                                                                                                                                     |
| Questions                    | Create or modify custom localized questions that the user can choose from when defining security questions.To add a localized security question:1) Click + to open the Add a Security Question form.

2) Select from the list of existing locales or add a new locale, type a question into the text field, and click Done.

3) Repeat to add further questions, and click Save when complete.To edit an existing security question, click the edit icon [icon: pencil-alt, set=fa], make your changes, and click Save.Default: `What's your favorite color?` (locale: `en`) |

## Outputs

The node writes the KBA questions and answers in the transient shared node state.

## Outcomes

Single outcome path; on success, the transient state holds the questions and answers.

## Errors

This node logs a `Failed to retrieve kba configuration` warning message when it can't read the configuration.