Currently using SSPR but only for Forgotten Password feature.

Using eDir with NMAS/UP as back-end.

Users have their challenge/response questions for Forgotten Password module only.

Now the HelpDesk module questions:

1) Is there a separate set of questions/answers that users can be required to fill in so that when they call the helpdesk, the helpdesk can use the Module to verify that the user is who they say they are and then reset the users password?

2) If so, I'm guessing this is NOT stored in eDir and can work in conjunction with the NMAS settings (meaning it doesn't force you to use all 100% SSPR challenge/response stuff)?

3) If so, can this also be required before Helpdesk module performs an unlock of an intruder locked-out account?

4) With iManager, RBS can be used to give helpdesk the ability to only say, reset a password and/or unlock accounts and assign the roles to various users, along with scoping to various eDir ou's. Looks like the only way to "scope" in SSPR is to actually add say, 23 different eDir ou's (in our case)? On the plus side, looks like you could actually use an eDir Group for the "role" assignment (unlike iManager where it's individual users, so adding 200 people is a PITA).

Not sure if I missed anything else.

Oh, SSPR 4.1, BTW (yes, I know 4.2 is out now, but didn't see anything changing in the above regards).