4.12.1 ReCAPTCHA registration flow

reCAPTCHAs are used to distinguish humans from automated bots, protecting websites from malicious activities like spam, fake registrations, data scraping, and brute-force attacks by presenting challenges that are difficult for computers but easy for humans to solve. They enhance online security, prevent abuse of services, ensure fair use of resources, and safeguard sensitive processes like online purchases and voting.

To setup reCAPTCHA during registration, follow these steps:

  1. Click on Authentication in the sidebar.

    Fig. 4.12.1.a: Navingating to Authentication section

  2. Click on the kebab menu (three dots) on the right side of the registration flow. Click on Duplicate. A popup will appear.

    Fig 4.12.1.b: Duplicating the existing registration flow

  3. In the popup, enter a Name for the flow, "ReCAPTCHA".

    Fig 4.12.1.c: Giving a name to the new registration flow

  4. Click on Duplicate. You will be redirected to the flow configuation.

    Fig 4.12.1.d: Duplicated registration flow configuration page

  5. Click on the settings menu (gear icon) on the right side of the reCAPTCHA. A popup will appear to configure the reCAPTCHA.

    Fig 4.12.1.e: Proceeding to configure reCAPTCHA for registration

  6. Give it an alias. Enter your reCAPTCHA Site Key and reCAPTCHA Secret. You can turn on the Use recaptcha.net switch to utilize recaptcha.net for the CAPTCHA. If you want to use reCAPTCHA v3, you can turn on reCAPTCHA v3 switch.

    Fig 4.12.1.f: Configuring reCAPTCHA for registration

    Field Name
    Field Type
    Description

    Alias

    Text

    Enter the Alias for the flow as required

    Recaptcha Site Key

    Text

    Enter the value for the Recaptcha Site Key as generated from the Google reCAPTCHA portal.

    Recaptcha Secret

    Text

    Enter the value for the Recaptcha Secret Key as generated from the Google reCAPTCHA portal.

    Use recaptcha.net

    Toggle

    When activated, it utilizes recaptcha.net; when deactivated, it defaults to google.com.

  7. Click Save.

  8. Change the Requirement for reCAPTCHA from Disabled to Required.

    Fig 4.12.1.g: Changing the 'Requirement' of reCAPTCHA for registration

  9. Click on the Actions, on the top right of the page, and then Bind flow. A popup will appear.

    Fig 4.12.1.h: Proceeding to bind the registration reCAPTCHA flow

  10. Select the Registration flow.

    Fig 4.12.1.i: Selecting a flow to bind reCAPTCHA registration to

  11. Click Save.

  12. Click on Realm Settings.

    Fig 4.12.1.j: Navigating to Realm Settings

  13. Click on the Security Defenses tab and change the X-Frame-Options and Content-Security-Policy as required.

    Fig 4.12.1.k: Configuring Security Defenses for reCAPTCHA registration

  14. Click Save.

Previous4.12 Set up Multi-Factor AuthenticationNext4.12.2 ReCAPTCHA login flow

Last updated