This guide walks you through the steps of setting up your reCAPTCHA app and Gigya settings, if your site policy includes displaying a CAPTCHA challenge when users register. Gigya supports Google's Invisible reCAPTCHA for Login and reCAPTCHA v2 for Registration, which is displayed unobtrusively at the bottom of the browser page when a registration screen is loaded, and is triggered only if the profile of the registration attempt is deemed suspicious by Google's risk analysis algorithms.
reCAPTCHA is not currently available for use with mobile SDKs.
Setting Up reCAPTCHA
You need to configure separate credentials for each of the reCAPTCHA types, reCAPTCHA v2 or Invisible reCAPTCHA. Per Google, you should not use the same credentials for both configurations.
- Sign in to your Google account and go to https://www.google.com/recaptcha/admin#list.
- Give your reCAPTCHA configuration a label and select the version of reCAPTCHA you need. For registration flow CAPTCHA you will need Invisible reCAPTCHA and for login flow CAPTCHA you will need reCAPTCHA v2. Selecting one of the options should open a "Domains" box:
- Enter your domain or domains that you will deploy your Screen-Sets to.
- In the list of domains, also enter a line with console.gigya.com, so that when previewing your registration screen in the UI Builder, Invisible reCAPTCHA will function correctly.
- Accept the terms of service and click Register.
- Leave the browser tab open, or copy both the reCAPTCHA site key and the reCAPTCHA secret key to be used in the next step.
- Open the Site Settings menu in Gigya's Console.
- Under the corresponding reCAPTCHA configuration, enter your reCAPTCHA credentials.
- Save your settings from the bottom right-hand corner of the console page.
Using CAPTCHA in the Registration Flow
- Open the Policies page in Gigya's Console.
- Under Additional Security Measures, check the Require CAPTCHA during registration option.
You now have to include a CAPTCHA widget in every registration screen of your site (see the UI Builder section, below, for additional information). And a CAPTCHA will be triggered only if the registration attempt is deemed suspicious by Google's risk analysis algorithms. If this is the case, users will need to "prove they are human".
If the registration seems legitimate, the reCAPTCHA challenge will not be triggered.
If you have not yet configured the reCAPTCHA site key and secret, a warning will appear: "Warning: Missing Invisible reCAPTCHA credentials". To fix this, enter your reCAPTCHA credentials as described in the Site Settings section of this page.
Using CAPTCHA in the Login Flow
Enabling reCAPTCHA for a login flow is achieved via Gigya's RBA (Risk Based Authentication).
To create a rule to trigger RBA during login flows, navigate to the RBA tab of the Gigya Console.
You can use one of the available Default rules or create a custom rule.
Under Global Rules, click Add Rule. This will open up the Add Global Rule dialog.
Select the rule you want to enforce.
After selecting a rule, click Next.
This will open the Rule configuration editor where you can either choose to accept the default values, or customize the settings. For more information on customizing RBA rules, see Risk Based Authentication. It is recommended to edit the default name of the rule to make it easier to recognize if you have multiple different rules configured.
When the rule is configured, click Apply.
Finally, ensure that you press Save Setting in the bottom right-hand corner of the Gigya Console to save your RBA configuration.
When using reCAPTCHA during the Registration flow, you need to add the reCAPTCHA widget to every registration screen of your site. Assuming you are using the UI Builder for customizing your screens, that can be accomplished with the following steps:
- In Gigya's Console, open the Screen-Sets page.
- Click the name of the relevant RegistrationLogin screen-set collection to open it in the UI Builder.
- Under Screens, select the Registration screen.
- Find the CAPTCHA widget in the Widgets menu on the left-hand side, and drag it into the canvas.
- With the CAPTCHA widget still selected, on the right hand side of the UI Builder, you can configure the widget settings:
- Badge: Select the position of the reCAPTCHA badge in the screen.
- Type: The type of challenge that will be presented to the user, whether image or audio. In any case, the user can choose to switch to the other type.
You can preview the result by clicking Preview in the top right corner. The reCAPTCHA badge should in the preview canvas in the selected position. Provided you have added gigya.console.com when configuring reCAPTCHA , you can simulate a login process in preview mode. The reCAPTCHA challenge will be triggered in preview mode according to the usual risk analysis calculation.
ReCAPTCHA badge in the bottom right corner in the UI Builder's preview mode
If you did not add console.gigya.com to the list of sites in the reCAPTCHA Google settings, the badge will display the following error in preview mode: