If security questions are enabled in the Self-Service troubleshooting policy, users are prompted to create answers to security questions during Self-Service enrollment or when they log on to the Self-Service Console. If enrolled users cannot log on to the Self-Service Console with their primary method, they are prompted to answer these questions to verify their identity. After providing correct answers, users can use the Self-Service Console troubleshooting screens to resolve authentication problems.
Security questions cannot be used as a primary authentication method to access the Self-Service Console. Primary methods are RSA Password, LDAP Password, On-Demand Authentication, and SecurID.
You determine how many security questions users must answer during enrollment and during troubleshooting. For instructions, see Set Requirements for Security Questions.