Custom Google reCAPTCHA keys are required for any custom domain apps or utilizing the forms website script for forms with a reCAPTCHA (not a robot) element.
Important Notes
- If you are embedding a form with a reCAPTCHA element, you will need to set up the reCAPTCHA integration following the instructions below.
- Public forms that do not have a reCAPTCHA element added will have a yellow warning at the top of the form builder. We highly recommend adding the 'Not a robot' element to your public form for enhanced security.
- If your organization has not implemented a custom domain, you will need to use the system's default domains.
- The approvals reCAPTCHA link to the Forms app must be added to the reCAPTCHA domain configuration.
Article Navigation
Create reCAPTCHA Key
- Navigate to the Google admin reCAPTCHA page
- Add a Label
- Select Challenge (v2) (version 2), then select either the "I'm not a robot" Checkbox or the Invisible reCAPTCHA badge options
- I'm not a robot Checkbox: Standard reCAPTCHA, requires the user to tick the box before they're allowed to submit their form, it may require the user to complete additional challenges before submitting if suspicious activity is detected.
- Invisible reCAPTCHA badge: Works behind the scenes of the form, allowing most users to submit forms without any interaction, instead of a checkbox. A small card is displayed in the form to indicate that reCAPTCHA is active. If suspicious activity is detected, users may be asked to complete additional challenges, but typically, no action is needed.
- Add your Domains
Notes:- The domain can be your website address.
- You will need to whitelist any domain that is used to access the form, for example, if the form is embedded on your website, the website domain will need to be whitelisted. If the form is also used within a Process Automation and Digital Services app (for example, in forms that include approval workflows) then those app URLs (Uniform Resource Locators) will also need to be whitelisted.
- Click Submit
Set Up the reCAPTCHA Integration
- Sign in to your site
- Navigate to Advanced Tools and select Integrations
- Select Setup Integration on the reCAPTCHA card
- Enter the fields for your key
- Label: Name your key
-
Integration Type: Select the reCAPTCHA type that you set up in Google
- "I'm Not a Robot" Checkbox: Validate requests with the "I'm not a robot" checkbox
- Invisible reCAPTCHA badge: Validate requests in the background
- Site Key: Enter your site key
- Secret Key: Enter the secret key (you will not be able to view it after saving)
- Click Save
- The reCAPTCHA integration has been set up
Add a New Domain
Follow this section's instructions to add additional domains to your reCAPTCHA integration.
- Sign in to your site
- Navigate to Advanced Tools and select Integrations
- Select Edit Integration on the reCAPTCHA card
- Click Add Domain
- Enter the fields for your key and click Save
- Label: Name your key
-
Integration Type: Select the reCAPTCHA type that you set up in Google
- "I'm Not a Robot" Checkbox: Validate requests with the "I'm not a robot" checkbox
- Invisible reCAPTCHA badge: Validate requests in the background
- Site Key:
- Secret Key: Enter the secret key (you will not be able to view it after saving)
- Navigate to Apps and select Manage on the app that you want to configure the reCAPTCHA for
- Select the Developer Tools tab
- Enable Use custom domain reCAPTCHA and select the reCAPTCHA key you wish to use
- Click Save
- The domain has been added, and you can now choose between multiple domains when configuring the reCAPTCHA key in an app (application) or environment
Environment and App (Application) reCAPTCHA Configuration
Now that the integration has been configured, you will need to link your reCAPTCHA key to either an environment or an app (application). If the form is being embedded into another website, then you will need to configure the reCAPTCHA key on the environment menu. If the form is being used within an app, then you will need to configure the reCAPTCHA key on the App menu.
The determining factor of whether for which reCAPTCHA is used is if the embed script contains a formsAppId. If the formsAppId is not present in the embed script, then the Environment reCAPTCHA key will be used; if the formsAppId is present in the embed script then the App reCAPTCHA key will be used.
Environment Configuration
- Sign in to your site
- Navigate to Advanced Tools and select Environments
- Select the environment you wish to configure reCAPTCHA for
- Navigate to the Developer Tools tab
- Toggle the Use custom domain ReCAPTCHA switch on to enable reCAPTCHA for the environment
If you have more than one reCAPTCHA domain, click the reCAPTCHA Domain dropdown and select the domain you would like to use - Click Save to save your changes
- The environment reCAPTCHA has been configured, and any forms with a reCAPTCHA element will use your Google reCAPTCHA key
App (Application) Configuration
- Sign in to your site
- Navigate to Apps, then click Manage on the app that you want to configure reCAPTCHA for
- Navigate to the Developer Tools tab
- Toggle the Use custom domain ReCAPTCHA switch on to enable reCAPTCHA for the app
If you have more than one reCAPTCHA domain, click the reCAPTCHA Domain dropdown and select the domain you would like to use - Click Save to save your changes
- The app reCAPTCHA has been configured, and any forms with a reCAPTCHA element will use your Google reCAPTCHA key
Comments
Let us know what was helpful or not helpful about the article.0 comments
Please sign in to leave a comment.