4.13.1 ReCAPTCHA registration flow

reCAPTCHAs are used to distinguish humans from automated bots, protecting websites from malicious activities like spam, fake registrations, data scraping, and brute-force attacks by presenting challenges that are difficult for computers but easy for humans to solve. They enhance online security, prevent abuse of services, ensure fair use of resources, and safeguard sensitive processes like online purchases and voting.

To setup reCAPTCHA during registration, follow these steps:

1. Click on Authentication in the sidebar.

   

   Fig. 4.12.1.a: Navingating to Authentication section

2. Click on the kebab menu (three dots) on the right side of the registration flow. Click on Duplicate. A popup will appear.

   

   Fig 4.12.1.b: Duplicating the existing registration flow

3. In the popup, enter a Name for the flow, "ReCAPTCHA".

   

   Fig 4.12.1.c: Giving a name to the new registration flow

4. Click on Duplicate. You will be redirected to the flow configuation.

   

   Fig 4.12.1.d: Duplicated registration flow configuration page

5. Click on the settings menu (gear icon) on the right side of the reCAPTCHA. A popup will appear to configure the reCAPTCHA.

   

   Fig 4.12.1.e: Proceeding to configure reCAPTCHA for registration

6. Give it an alias. Enter your reCAPTCHA Site Key and reCAPTCHA Secret. You can turn on the Use recaptcha.net switch to utilize recaptcha.net for the CAPTCHA. If you want to use reCAPTCHA v3, you can turn on reCAPTCHA v3 switch.

   

   Fig 4.12.1.f: Configuring reCAPTCHA for registration

   Field Name	Field Type	Description
   Alias	Text	Enter the Alias for the flow as required
   Recaptcha Site Key	Text	Enter the value for the Recaptcha Site Key as generated from the Google reCAPTCHA portal.
   Recaptcha Secret	Text	Enter the value for the Recaptcha Secret Key as generated from the Google reCAPTCHA portal.
   Use recaptcha.net	Toggle	When activated, it utilizes recaptcha.net; when deactivated, it defaults to google.com.

7. Click Save.

8. Change the Requirement for reCAPTCHA from Disabled to Required.

   

   Fig 4.12.1.g: Changing the 'Requirement' of reCAPTCHA for registration

9. Click on the Actions, on the top right of the page, and then Bind flow. A popup will appear.

   

   Fig 4.12.1.h: Proceeding to bind the registration reCAPTCHA flow

10. Select the Registration flow.

    

    Fig 4.12.1.i: Selecting a flow to bind reCAPTCHA registration to

11. Click Save.

12. Click on Realm Settings.

    

    Fig 4.12.1.j: Navigating to Realm Settings
13. Click on the Security Defenses tab and change the X-Frame-Options and Content-Security-Policy as required.

    

    Fig 4.12.1.k: Configuring Security Defenses for reCAPTCHA registration
14. Click Save.