Custom Security Questions

You can customize the text and language of security questions by creating and importing a customized XML file into the database. When you create a new security questions file, you can make the following modifications:

  • Change the existing English text. Edit the existing XML file to change the wording of the existing questions or add new questions of your own.
  • Change the language. Create a new XML file using the provided template. Specify the language ID, and enter the security questions written in the selected language.

The RSA Authentication Manager Extras ZIP file includes a security questions sample file (SecurityQuestionsSample.xml) that you can use as a template. The file looks similar to the following example:

<?xml version=”1.0” encoding=”UTF-8”?>

<SECURITY_QUESTIONS>

<LANGUAGE id=”en_US”>

<QUESTION>first question</QUESTION>

<QUESTION>second question</QUESTION>

<QUESTION>third question</QUESTION>

</LANGUAGE>

</SECURITY_QUESTIONS>

The Security Questions Sample folder in the Extras ZIP file also includes a security questions file schema (SecurityQuestions.xsd) for validating a modified or new security questions file.

A deployment can have only one active security questions file. If you modify the existing security questions and import the modified file, users must complete security questions enrollment again.

Follow these guidelines when customizing security questions:

  • Create a separate XML file for each LANGUAGE. For example, if you need questions in three languages, you must create three language files.
  • Each XML file must include the XML language attribute that identifies the language used to write the questions. For a list of supported language ID codes, see Language Codes for Security Questions.
  • You must type the text in the actual language. Authentication Manager does not translate languages.
  • A security question can contain up to 255 characters.
  • The security questions file must contain at least as many security questions as you have specified for enrollment. For more information, see Set Requirements for Security Questions.
  • You cannot delete a security questions file.