The Google reCAPTCHA Options policy helps to prevent the Advanced Authentication web portals login page from bots and to confirm that the user is a human and not a robot. This policy adds an additional layer of security before users go through multi-factor authentication. A series of images are displayed and the users must select the images for the specified condition to login.
To configure the Google reCAPTCHA for Advanced Authentication, you must perform the following configuration tasks:
Before you configure Google reCAPTCHA in Advanced Authentication, you must have a Google reCAPTCHA account.
To register for the Google reCAPTCHA account, perform the following steps:
Log in to the Google reCAPTCHA website with your Google account.
Click Get reCAPTCHA.
Specify a Label, select reCAPTCHA V2 from Choose the type of reCAPTCHA.
Specify the IP address or the domain name of the Advanced Authentication server in Domain.
Accept the terms of Google reCAPTCHA.
Click Register.
Copy the Site key and Secret key to configure reCAPTCHA in Advanced Authentication. For more information, see Configuring Google reCAPTCHA for Advanced Authentication.
NOTE:If you forget the generated secret key, you can retrieve it from your Google account.
WARNING:If you have enabled the Google reCAPTCHA policy for the Admin UI event, you must consider the following guidelines. Otherwise, a deadlock scenario can happen and you will not be able to access the Administration portal without the cluster re-installation:
If the site key or secret key gets deleted at the Google server, you will not be able to get the same site key or secret key. The site key and secret key used on the Administration portal are no more valid and there is no way to bypass the reCaptcha on the Administration portal.
If you have registered the reCAPTCHA for one domain name and you change the domain name or migrate the Advanced Authentication server to another domain name, the site key or secret key used on the Administration portal are no more valid.
To configure Google reCAPTCHA for Advanced Authentication, perform the following steps:
Log in to the Administration portal.
Click Policies > Google reCAPTCHA Options.
Specify the Site Key and Secret Key that you received when you registered for a Google reCAPTCHA account.
For more information about how to register the Google reCAPTCHA account, see Registering the Google reCAPTCHA Account
.
Click Test to test the policy after the configuration.
Click Save.
After you configure the Google reCAPTCHA policy, you must enable the policy for the respective events.
To enable the policy for events, perform the following steps:
Click Events.
NOTE:You can enable the Google reCAPTCHA policy only for the Admin UI event, Authenticators Management event, Helpdesk event, Helpdesk User event, Report logon event, Search Card event, Tokens Management event, and Web authentication events such as OAuth and SAML 2.0 events.
Set Enable Google reCAPTCHA to ON.
Click Save.