I have a challenge set with a mix of required and random questions. Today we decided to increase the number of random questions presented to our users. No changes were made to the questions themselves. My initial thought was that users would immediately start to have to answer a few more questions. However, that was not what happened. After testing a couple of accounts, I noticed that at a minimum users will have to log into User App once to start being presented with the additional random questions. This is all on eDirectory 8.8.8 with IDM 4.0.2 and latest patches on everything. User Apps is the password management application.
Is there something I can do as an admin to require users to immediately be prompted with the updated number of questions? Having to wait for every single user to log into User App to reset whatever setting or attribute that retains that information is not what we had in mind.
To me this sounds like a User Application bug, particularly since you need to log into the User Application once to have the changed policy somehow apply. As a result, you may want to consider posting in the UserApp forum, but since this piece has been replaced by SSPR as of IDM 4.5 I would not expect a lot of changes going forward other than if you can duplicate it with SSPR as well (which may be possible, and probably much easier than with the UserApp).
Have you tried just doing an NMAS-based login as the user via a Novell Client, LDAP (assuming you have LDAP to try NMAS first), etc. to see if a mere login of any kind of all that is required to apply the policy? If that worked, perhaps things will sort themselves out after all as users login to LDAP for various services, or their workstations with the Novell Client.
-- Good luck.
If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...