Security questions Skip to main content
https://support.okta.com/help/answers?id=906f0000000qtgmiak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Lazaros KyrillidisLazaros Kyrillidis 

Security questions

We have an application that after login shows three security questions to be filled by the employee. I tried using an SWA with three fields, but is not working (template app demands by default a value for the extra parameter).

Is there a workaround for this case?
James GarvinJames Garvin (Okta)
Okta doesn't have a template app for multipage flow logins.  
Rachel HeatonRachel Heaton
Is there a suggestion for how to manage this? How can we give people access to accounts which require security questions? 
Rico JardineroRico Jardinero

Hi Lazaros, Rachel, 

You may look into OPP (Okta On-Premises Provisioning) and it can interact with either LDAP/OKTA API calls/REST (check https://support.okta.com/help/articles/Knowledge_Article/46749316-On-Premises-Provisioning-Deployment-Guide (https://support.okta.com/help/articles/Knowledge_Article/46749316-On-Premises-Provisioning-Deployment-Guide" target="_blank)) and though you may not be focusing on the "provisioning" part, it maybe a way to connect a non-SAML app to OKTA, or use something like DuoSecurity to enable MFA.  The problem you are trying to solve is indeed MFA just your own homebaked form instead; so as long as your policy allows for "any" MFA, there are lots of options actually.  The real problem youre highlighting is that OKTA does not have a native ability to plug into the "GINA" or now called the Windows Credential Provider (historically called the MSGINA.dll, it controls the native Windows Logon function) and I beleive since WIn 7 can support 3rd party "Custom Credential Providers").  But OKTA does not have this capability, yet.

How is this application enforced and prompted/displayed, currently? Via a "logon script" and prompts you from an IIS website?

Lazaros KyrillidisLazaros Kyrillidis
Richard thank you for the reply. However what I mean by "Security Questions" is not the one that Okta uses (MFA), but the fields that a user needs to fill in AFTER they provide the username and password to an application. I think Okta needs to provide a custom application that can deal with types of applications and that should allow as many fields as possible.