Display reCAPTCHA
Use this activity to verify reCAPTCHA on the Self-Service site and require users to click on the I'm not a robot check box before beginning a workflow. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This feature provides enhanced protection against automated attacks.
reCAPTCHA V2 is a free CAPTCHA service provided by Google.
To start using reCAPTCHA V2, you need to sign up and get reCAPTCHA V2 keys on the following website: http://www.google.com/recaptcha.
When getting the keys, provide the DNS name of the domain where Password Manager Self-Service sites are installed. If the Self-Service sites are installed in different domains, select the Enable this key on all domains check box to create a global key.
To learn more about using and configuring reCAPTCHA V2, go to https://support.google.com/recaptcha/?hl=en#6081880.
This activity has the following settings:
-
Site key: Specify the site key you received when configuring reCAPTCHA V2.
-
Secret key: Specify the secret key you received when configuring reCAPTCHA V2.
-
Theme: Select from Light or Dark theme for the reCAPTCHA V2 widget.
Authentication Methods
Use this activity to select which authentication methods to display in the User site. The three types of authentication methods available to select for the administrator are as follows:
-
Security questions
-
Corporate authentication
-
Personal authentication
IMPORTANT: The administrator can select any of the activities selected in the registration method, to make it default mode for authentication for the users on the User site. Select one of the settings radio buttons from the right side to make it default authentication method.
NOTE:
-
When the administrator select registration method(s), only the respective authentication methods are visible to the administrator in Authentication methods. See Register.
-
If the Administrator has selected Allow user to edit corporate details in corporate authentication of registration mode, a user cannot update the corporate email and corporate mobile number, if they are already populated.
Security Questions
Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, the administrator can specify how many questions from the Questions and Answers profile the user must answer for authentication. There are two methods to authenticate the users using Q&A method:
Corporate Authentication
Use this activity to authenticate a user with a mobile device. There are two methods to authenticate the users using a mobile device:
Personal Authentication
Use this activity to authenticate a user with email or SMS. The email address and phone number used is registered by the user in Register or in Manage My Profile workflow.
Authenticate via Passcode: Use this activity to authenticate the users with a passcode. The administrator can configure passcode length and expiration time limit for the passcode. The administrators can choose if the users can request a passcode themselves or they can get it issued only by helpdesk.
Authenticate with Password
Use this activity to authenticate users by their passwords when running a workflow.
This activity has the following settings:
-
Authenticate users with expired passwords: Select this check box to grant access to the Self-Service site to users who are required to change their passwords at next login. If you clear this check box, users will be denied any access to Password Manager when their passwords expire or must be changed at the next login.
-
Authenticate users with disabled accounts: If you select this check box, Password Manager will allow users whose accounts are disabled to unlock and re-enable their accounts, reset and manage passwords by using their Q&A profiles.
Authenticate with Q&A Profile (Random Questions)
Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, you can specify how many questions from the Questions and Answers profile the user must answer to be authenticated. However, you cannot select specific questions from the user’s Q&A profile. To require users to answer specific questions from their Q&A profiles, use the Authenticate with Q&A profile (specific questions) activity.
You can configure this activity to display all questions on a single page or only one or the specified number of questions at a time, so that users will not be able to see next questions before they answer the current ones. To display all questions on a single page, use this activity one time in a workflow. To display questions consecutively on several pages, use this activity several times in a workflow (place several Authenticate with Q&A profile (random questions) activities in a row).
This activity has the following settings:
-
All questions from user’s Q&A profile: Select this option to have users answer all questions from their Q&A profiles during authentication.
-
This number of randomly selected questions: Select this option to set the number of questions required to authenticate users. You can specify what types of secret questions (mandatory, optional, or user-defined) to use when authenticating the user by selecting the corresponding check boxes.
-
Do the following if the number of questions in user’s Q&A profile is less than specified: Using this option, you can either allow or prohibit authentication for users if their Q&A profiles do not have enough secret questions. If you allow authentication, then all questions from the Q&A profile will be used to authenticate the user. If you decide to prohibit authentication, the workflow in which this activity is used will not be performed. The user will have to update their Q&A profile first, after that they will be able to perform the task that contains this authentication activity.
-
Allow users to see what questions were answered incorrectly: Select this check box to allow users to see which questions they answered incorrectly during authentication.