Is there any API that can be leveraged to set ISC users’ secret questions and asnwers?
Well, there is the API that the UI uses (/gov-multi-auth/mfa-v3/configuration/kba/answers), but it looks like it requires the bearer token of the user whose answers are being modified.
Wouldn’t being able to manually set another user’s security questions/answers defeat the security of the knowledge based recovery option? (Not that it’s an inherently secure option to begin with)
KBA… swapping one static knowledge string for another hoping that it hasn’t also been forgotten. Hasn’t your client / the industry as a whole already gone through the pain of this in early 2000s…and learnt from it?
i.e. It’s a fallback password (or combo strings) that you use even less.
I don’t think this is a public API. Requirement is to provide the option for users to set their Q/As as part of another request process that would run through a Launchpad. But, if it’s not possible, then I don’t think it’s going to be a big issue.
couldn’t agree more. With SSO, MFA, who really needs security QAs