Configure reCAPTCHA for Reset My Password page

ExCM has the ability to display a Google v2 reCAPTCHA control on the Reset My Password page to protect from exploitation by form bots.

 

Important Note:  Google v2 reCAPTCHA is a free service provided by Google.  It requires that your SharePoint web front-end servers have outbound firewall access to the google.com domain name (preferred method) OR to all of Google's public IP addresses.

 

Here is Google's documentation on how to configure your firewall:

 

https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki

 

Here is a third-party's ideas about a best practice for configuring your firewalls, with the idea of ease of maintainability:

 

https://davecallan.com/google-recaptcha-firewall-exception-options/

 

 

When enabled, the reCAPTCHA control will appear as shown on the Reset My Password page:

 

 

 

By default, this feature is disabled, but you can follow the procedures below to enable it.

 

The first step is to create a Google reCAPTCHA account for your organization.  These accounts are offered for free by Google.

 

To start, you will need to navigate to www.google.com/recaptcha/about

 

Once there, click on the v3 Admin Console link at the top.

 

 

 

On the registration page, there is some information to provide about the site that is to be serviced by the reCAPTCHA (your extranet site, in this case).

 

 

 

The Domain you enter above should be the domain in the url that your external users use to access your extranet web application (e.g. extranet.mycompany.com)

 

 

On the first submission, a page with both the site and secret key for this reCAPTCHA is shown.

 

 

 

It is a good idea to make note of this information. The keys will be needed to finish the setup in SharePoint, as well as other potential admin work.

 

You also can always access th keys again by going to this page:

 

 

In order to complete the reCAPTCHA setup in SharePoint, navigate to General Application Settings in Central Administration. Then find Google ReCaptcha Settings under Extranet Collaboration Manager:

 

 

 

The Recaptcha Settings page will be displayed and you will need to first select the extranet Web Application from the drop down.

 

Then, check the "Enable Recaptcha" check box and then paste in your Site Key and Secret Key from your Google reCAPTCHA registration procedure that you did above.

 

 

 

When finished, save the settings, and there should be a message shown that will say that a timer job needs to run in order for your settings to be applied. 

 

Please allow five to ten minutes for the timer job to push out the necessary edits to the web.config files throughout your server farm.
 

 

 

After the timer job has made the changes to your web.config files, the feature will be enabled and if a user clicks the “Forgot your password?” link on the site’s log-in page, they will be taken to the typical reset password page for your chosen settings, and a reCAPTCHA will be there for them to complete before they will be allowed to go through the password reset process.

 

 

 

 

Create your own Knowledge Base