Difference between revisions of "Google reCAPTCHA"

From AgileApps Support Wiki
 
(10 intermediate revisions by the same user not shown)
Line 2: Line 2:
reCAPTCHA protects the webforms from fraud and abuse without creating friction. It uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on the webforms. For more information, view the [https://www.google.com/recaptcha/about/ Google reCAPTCHA] article.
reCAPTCHA protects the webforms from fraud and abuse without creating friction. It uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on the webforms. For more information, view the [https://www.google.com/recaptcha/about/ Google reCAPTCHA] article.


{{Note| Enabling the captcha on your web forms is an '''important security measure'''. Disabling the captcha is at your discretion and may impact security.
}}


==How to enable reCAPTCHA in webforms?==
==How to enable reCAPTCHA in webforms?==
Note: The following workflow is applicable for OnPrem application.
Note: The following workflow applies to the OnPrem application. If keys are configured in LongJump and the Show Captcha is enabled for the web form, the captcha will be enabled by default. For new web forms, the captcha will be disabled and user can enable it based on their preference during the web form creation process.


To generate the CAPTCHA, you need private and public keys.
===Step 1: Generating Private and Public keys===
 
# Go to the [https://www.google.com/recaptcha/about/ Google reCAPTCHA] page.
===Generating Private and Public keys===
# Go to [https://www.google.com/recaptcha/about/ Google reCAPTCHA] page.
# Click the '''v3 Admin Console''' button at the top.
# Click the '''v3 Admin Console''' button at the top.
# Enter the desired label for easy identification of your site. For example, ''domain.com''
# Enter a label for easy site identification (e.g., ''domain.com'').
# Choose the desired reCAPTCHA type.
# Choose the desired reCAPTCHA type.
# In the Domains field, enter the desired domain and click + (Add domain) icon. For example, ''subdomain.domain.com'' <br>
# In the '''Domains''' field, enter the desired domain (e.g., ''subdomain.domain.com'') and click the '''+''' (Add domain) icon.<br>
# If you wish to add more domains, add the respective domains in the next field.
# If you have additional domains, add them in the next field.
# Ensure that you read the terms and check the respective checkbox.
# Read the terms and check the respective checkbox.
# Click the '''Submit''' button.
# Click the '''Submit''' button.
# The site key and secret key appears now. The site key is the public key and secret key is the private key.  
# The site key and secret key will now appear. The site key is the public key, and the secret key is the private key.  
# Copy both the keys. These keys have to be configured in the LongJump.
# Copy both keys. These keys need to be configured in LongJump.


===Configuring the public and private keys in LongJump===
===Step 2: Configuring the public and private keys in LongJump===
# Login to your LongJump account.
# Log in to your LongJump account.
# Click the '''Configure Service Settings'''.
# Navigate to '''Settings > Service Provider Settings > Service Configuration'''.
# Click the '''Edit''' button at the top.
# Click the '''Edit''' button at the top.
# Under '''Basic Service Configuration''', you can find the Recaptcha Private Key and Recaptcha Public Key fields.
# Under '''Basic Service Configuration''', locate the '''Recaptcha Public Key''' and '''Recaptcha Private Key''' fields.
# Paste the site key copied from the Google reCAPTCHA in the Recaptcha Public Key field.
# Paste the site key copied from Google reCAPTCHA into the Recaptcha Public Key field.
# Paste the secret key copied from the Google reCAPTCHA in the Recaptcha Private Key field.
# Paste the secret key copied from Google reCAPTCHA into the Recaptcha Private Key field.
# Click the '''Save''' button.
# Click the '''Save''' button.
# Under '''Security Headers Configuration''', you can find that the CSP Whitelisted Domains and CORS Whitelisted Domains are populated automatically.
# Under '''Security Headers Configuration''', you can observe that the '''CSP Whitelisted Domains''' and '''CORS Whitelisted Domains''' are populated automatically.


===Enabling Captcha in Web Forms===
===Step 3: Enabling Captcha in Web Forms===
# Navigate to '''Objects > Cases > Web Forms'''.
# Log in to your AgileApps account.
# Create a new web form or update the existing web form.
# Navigate to '''[[File:GearIcon.png]] > Customization > Objects > {object} > Web Forms'''.
# Click '''[New Web Form]''' or open an existing web form.
# Check the '''Show Captcha''' checkbox.
# Check the '''Show Captcha''' checkbox.
# Populate the required fields.
# Populate the required fields.
Line 38: Line 39:
# The web forms will be available with the captcha.
# The web forms will be available with the captcha.


{{Note| When a user has already enabled the captcha in the web form and the keys are removed, the user must update it again manually to enable the captcha visibility in web form.}}
{{Note| If a user has previously enabled the captcha in the web form and the keys are removed, the user must manually update it again to enable captcha visibility in the web form.}}

Latest revision as of 09:17, 16 January 2024

What is reCAPTCHA?

reCAPTCHA protects the webforms from fraud and abuse without creating friction. It uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on the webforms. For more information, view the Google reCAPTCHA article.

Notepad.png

Note: Enabling the captcha on your web forms is an important security measure. Disabling the captcha is at your discretion and may impact security.

How to enable reCAPTCHA in webforms?

Note: The following workflow applies to the OnPrem application. If keys are configured in LongJump and the Show Captcha is enabled for the web form, the captcha will be enabled by default. For new web forms, the captcha will be disabled and user can enable it based on their preference during the web form creation process.

Step 1: Generating Private and Public keys

  1. Go to the Google reCAPTCHA page.
  2. Click the v3 Admin Console button at the top.
  3. Enter a label for easy site identification (e.g., domain.com).
  4. Choose the desired reCAPTCHA type.
  5. In the Domains field, enter the desired domain (e.g., subdomain.domain.com) and click the + (Add domain) icon.
  6. If you have additional domains, add them in the next field.
  7. Read the terms and check the respective checkbox.
  8. Click the Submit button.
  9. The site key and secret key will now appear. The site key is the public key, and the secret key is the private key.
  10. Copy both keys. These keys need to be configured in LongJump.

Step 2: Configuring the public and private keys in LongJump

  1. Log in to your LongJump account.
  2. Navigate to Settings > Service Provider Settings > Service Configuration.
  3. Click the Edit button at the top.
  4. Under Basic Service Configuration, locate the Recaptcha Public Key and Recaptcha Private Key fields.
  5. Paste the site key copied from Google reCAPTCHA into the Recaptcha Public Key field.
  6. Paste the secret key copied from Google reCAPTCHA into the Recaptcha Private Key field.
  7. Click the Save button.
  8. Under Security Headers Configuration, you can observe that the CSP Whitelisted Domains and CORS Whitelisted Domains are populated automatically.

Step 3: Enabling Captcha in Web Forms

  1. Log in to your AgileApps account.
  2. Navigate to GearIcon.png > Customization > Objects > {object} > Web Forms.
  3. Click [New Web Form] or open an existing web form.
  4. Check the Show Captcha checkbox.
  5. Populate the required fields.
  6. Click Save.
  7. The web forms will be available with the captcha.

Notepad.png

Note: If a user has previously enabled the captcha in the web form and the keys are removed, the user must manually update it again to enable captcha visibility in the web form.