Question & Answer policies define questions and answers that can be used as an alternative method of user authentication that does not require a physical product, and is available for selection as an authenticator for logon steps (this type of authentication is of the type “Challenge & Response”.


The Question & Answer policy settings can now be viewed or edited by left clicking on the context menu of the Question & Answer policy;

The policy can be found by navigating to "Administration | Policies", selecting the category "Questions and Answers", then clicking ;

Left click on the context menu of the policy then select "Edit", and a new window titled "Policy - Edit" will open; 





The category for this policy is "Questions & Answers" (this property cannot be edited).

The holder of this policy is "System" (this property cannot be edited).

The name assigned to identify the Question & Answer system policy by the System Administrator.


The System Administrator may use this field to annotate this policy.


This option allows the System Administrator to enable or disable this policy.

This setting specifies the minimum number of Question and Answer pairs that need to be provided by the user.

This setting specifies the maximum number of Question and Answer pairs that can be provided by the user (where 0 means unlimited answers are allowed).

This parameter determines how many questions must be answered by the user.

This parameter determines how many incorrect answers can be provided before the logon attempt is failed.


This setting determines the main delivery channel for sending the Emergency Code to the user;

  • Exact
    The answer provided by the user needs to exactly match the expected answer.

  • Approximate
    The answer provided by the user is accepted if it closely approximates the expected answer.

If approximate answer matching is chosen then this value determines the level of approximation allowed for the answer (with 0 being no match, and 1 being an exact match).

This checkbox indicates if offline logons are allowed.


  • No labels