This guide walks you through the steps of setting up your reCAPTCHA app and Gigya settings, if your site policy includes displaying a CAPTCHA challenge when users register. Gigya supports Google's Invisible reCAPTCHA, which is displayed unobtrusively at the bottom of the browser page when a registration screen is loaded, and is triggered only if the profile of the registration attempt is deemed suspicious by Google's risk analysis algorithms.
Note that for the time being, Invisible reCAPTCHA can only be used in registration screens.
Setting Up reCAPTCHA
- Sign in to your Google account and go to https://www.google.com/recaptcha/admin#list.
- Give your reCAPTCHA configuration a label and select Invisible reCAPTCHA. This should open a "Domains" box:
- Enter your domain or domains.
- In the list of domains, also enter a line with console.gigya.com, so that when previewing your registration screen in the UI Builder, Invisible reCAPTCHA will function correctly.
- Accept the terms of service and click Register.
- Leave the browser tab open, or copy both the reCAPTCHA site key and the reCAPTCHA secret key to be used in the next step.
- Open the Site Settings menu in Gigya's Console.
- Under Invisible reCAPTCHA, enter your reCAPTCHA site key and secret.
- Save your settings.
- Open the Policies page in Gigya's Console.
- Under Additional Security Measures, check the Require CAPTCHA during registration option. This means the invisible reCAPTCHA needs to be included in every registration screen. It will be triggered only if the registration attempt is deemed suspicious by Google's risk analysis algorithms. If this is the case, users will need to "prove they are human". If the registration seems legitimate, the reCAPTCHA challenge will not be triggered.
If you have not yet configured the reCAPTCHA site key and secret, a warning will appear: "Warning: Missing Invisible reCAPTCHA credentials". To fix this, enter your reCAPTCHA credentials as described in the Site Settings section of this page.
You need to add the reCAPTCHA widget to every registration screen. Assuming you are using the UI Builder for customizing your screens:
- In Gigya's Console, open the Screen-Sets page.
- Click the name of the relevant RegistrationLogin screen-set collection to open it in the UI Builder.
- Under Screens, select the Registration screen.
- Find the CAPTCHA widget in the Widgets menu on the left-hand side, and drag it into the canvas.
- With the CAPTCHA widget still selected, on the right hand side of the UI Builder, you can configure the widget settings:
- Badge: Select the position of the reCAPTCHA badge in the screen.
- Type: The type of challenge that will be presented to the user, whether image or audio. In any case, the user can choose to switch to the other type.
You can preview the result by clicking Preview in the top right corner. The reCAPTCHA badge should in the preview canvas in the selected position. Provided you have added gigya.console.com when configuring reCAPTCHA , you can simulate a login process in preview mode. The reCAPTCHA challenge will be triggered in preview mode according to the usual risk analysis calculation.
ReCAPTCHA badge in the bottom right corner in the UI Builder's preview mode
If you did not add console.gigya.com to the list of sites in the reCAPTCHA Google settings, the badge will display the following error in preview mode: