Secret questions configuration in the Loginapp UI

Secret questions are configured in the following places:

  • Authentication flow
  • Password reset self-service (or other public self-service)
  • Adminapp (Secret Questions Token Controller in Adminapp >> Users >> Authentication Tokens (Credentials).

All pieces of configuration refer to the general Secret Question Settings.


The main configuration tasks are:

  • Configure the set of questions
  • Review security settings (Required Number Of Provisioned Answers, Allowed Number Of Attempts)
  • Review Normalization policy
  • Add or review translations for all configured questions (See  - note that the translations must be available for both the Loginapp and the Adminapp).

To automatically activate secret questions for all newly inserted users (in Adminapp, REST API or Service or User Registration Self-Service), do the following:

  • In the Config Editor, go to the User Persister plugin that is used to insert new users (this is usually: MAIN SETTINGS >> Data Sources >> User Data Sources).
  • The configured User Persister plugin may provide Event Listener hooks (e.g. Database User Persister).
  • If it supports event listeners, add the plugin New User Defaults Setter and configure it to enable secret questions
  • 33992675.png

Authentication flow configuration

To ask the user to answer secret questions (initially or to complete missing answers), add the Secret Questions Provisioning Step to the end of the authentication flow.

Password reset configuration or other public self-service

Use the Secret Questions Identity Verification Step in the password reset flow (or any other self-service flow).

Please refer to Password reset in the Loginapp REST API / UI for further information.