2.18 Identity Release Guide - ReCaptcha Identity
- Leigh Bush
- Sarah Holst
This guide will review how to set up reCAPTCHA v3 in Aspenware Identity. For general release notes, please see Identity: Configuration Guide. For a general overview of reCAPTCHA see Google ReCaptcha v3 documentation.
UPDATED RESOURCES (3/20/23): For the latest information on this feature, please see the Identity Configuration documentation.
Overview
The new reCAPTCHA v3 API helps you detect abusive traffic without user interaction. Instead of showing a CAPTCHA challenge (as with older versions), reCAPTCHA v3 returns a score. Resorts can then choose the most appropriate action for their websites according to this score. Because scores are determined by monitoring user interaction on your site, Aspenware recommends implementing reCAPTCHA as soon as possible (and across all available interactions) to begin site monitoring. In addition to disabling such monitoring at any time, reCAPTCHA v3 thresholds can also be adjusted in the reCAPTCHA admin dashboard to be more or less tolerant of risky activities and related actions. See below for instructions on how to enable reCAPTCHA v3 on Aspenware Identity.
Configuration Guide
Prerequisite Steps
In order to use reCAPTCHA v3 you will need to register your site and get your reCAPTCHA public and private keys.
Go to https://www.google.com/recaptcha/admin/create and follow the steps to register your site
Detailed Setup Guide
Go to your Aspenware Identity configuration screen (https://identity-yourresort.com/api/system/info)
NOTE: You must be an assigned administrator in order to access your Identity configuration.
Insert your public (site) and private (secret) keys.
Enable each of the desired locations on which you would like reCAPTCHA v3 to monitor (e.g. “Create Account” or “Password Reset.”
NOTE: Aspenware recommends resorts enable reCAPTCHA v3 to all locations for the maximum benefit.
Set ReCaptcha v3 Score Threshold number to begin monitoring your site.
Common Troubleshooting
Q: Can my threshold vary depending on the user interaction?
A: Unfortunately, Aspenware currently only offers one threshold across all user interactions. Although a threshold of .5 should meet most needs, please let your Aspenware Service Representative know of any issues.
Q: May I use the same Application Key/Secret for my Aspenware Commerce site and my Identity site?
A: Yes, you may use the same key for both sites.
Q: If I use the same Application Key/Secret for my Aspenware Commerce and Identity sites can I set different thresholds at each site?
A: Yes, the threshold is set at the application level, so you may use different thresholds by setting them in the corresponding admin panel.