This section provides an overview of the reCAPTCHA service, system requirements for using it, and references.
About Password Manager
Getting started
Different sites for different roles
Password Manager components
Licensing
Installing Password Manager: Checklist
Installing Password Manager
Password Manager architecture
Configuring the Password Manager service account and the application pool identity
Enabling HTTPS
Installing Password Manager
Initializing instance
Installing Legacy Self-Service Site, Password Manager Self-Service Site and Helpdesk Site on a standalone server
FailSafe support in Password Manager
Installing multiple instances of Password Manager
Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Websites
Step 1: Obtain and install custom certificates from a trusted Windows-based certification authority
Step 2: Providing certificate issued for server computer to Password Manager Service
Step 3: Providing certificate issued for client computers to Self-Service and Helpdesk Sites
Configuring Management Policy
Configuring user scope
Password Manager components and third-party applications
Management policies
Password Manager Service and Administration Site
Self-Service Site
Helpdesk Site
Password Policy Manager
Secure Password Extension
Offline Password Reset
Migration Wizard
TeleSign
SQL Server Database and SQL Server Reporting Services
One Identity Quick Connect Sync Engine
Defender
Password Manager Secure Token Server
RADIUS Two-Factor Authentication
Quest Enterprise Single Sign-On (QESSO)
Redistributable Secret Management Service
Location sensitive authentication
Password Manager permission checker
Working with Power BI templates
Password Manager Credential Checker
Typical deployment scenarios
Simple deployment
Deployment of the Legacy Self-Service, Password Manager Self-Service and Helpdesk Sites on standalone servers
Realm deployment
Multiple realm deployment
Password Manager in a perimeter network
Installing Password Manager in perimeter network with read-only domain controllers
Installing Password Manager in perimeter network with reverse proxy
Installing Password Manager in perimeter network without AD DS
Management Policy overview
Password policy overview
Using One Identity password policies
Using fine-grained password policies
Applying multiple password policies
Using Password Policy Manager
Secure Password Extension overview
Locating Self-Service Site
reCAPTCHA overview
Obtaining Self-Service Site URL from service connection point
Changing the Self-Service Site URL on the Administration Site
Launching user notification
How reCAPTCHA works
How to use reCAPTCHA V2 on Password Manager sites
System requirements for using reCAPTCHA
References
User enrollment process overview
Questions and Answers policy overview
Password change and reset process overview
Resetting and changing password in connected systems
Enforcing password history when resetting password
Replicating password changes
Data replication
Phone-based authentication service overview
Checklist: Configuring Password Manager
Understanding Management Policies
Configuring access to the Administration Site
Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site
Configuring access to the Helpdesk Site
General Settings
Specifying advanced settings for domain connection
Changing the domain management account
Removing a domain connection
Configuring Questions and Answers policy
Workflow overview
Custom workflows
Custom activities
Custom activity settings
Creating custom activities
Importing and exporting custom activities
Removing custom activities
Legacy Self-Service or Password Manager Self-Service Site workflows
Register
Manage My Profile
Forgot My Password
Manage My Passwords
Unlock My Account
My Notifications
I Have a Passcode task
Legacy Self-Service and the Password Manager Self-Service Site activities overview
Helpdesk workflows
Authentication activities
Display CAPTCHA
Authentication methods
Authenticate with password
Authenticate with Q&A profile (random questions)
Authenticate with Q&A Profile (specific questions)
Authenticate with Q&A Profile (User-selected questions)
Authenticate with Defender
Authenticate with external provider
Authenticate with RADIUS Two-Factor Authentication
Authenticate via phone
Authenticate with passcode
Action activities
Register
Manage My Profile
Edit Q&A Profile
Reset Password in Active Directory
Changing passwords in Active Directory
Reset Password in Active Directory and Connected Systems
Changing password in Active Directory and connected systems
Reset password in connected systems through embedded connectors
Unlock account
Enable Account
Force user to change password at next logon
Subscribe to notifications
Lock Q&A Profile
Display user agreement
Restart workflow if error occurs
Issue BitLocker Recovery Key
Provide product feedback
Notification activities
Assign Passcode
Reset Password
Unlock Account
Unlock Profile
Verify User Identity
Enforce Update of Profile
Helpdesk Activities Overview
Notification activities
Customizing notifications
Email user if workflow succeeds
Email user if workflow fails
Email administrator if workflow succeeds
Email administrator if workflow fails
User enforcement rules
General Settings overview
Search and logon options
Importing and exporting configuration settings
Outgoing mail servers
Diagnostic logging
Scheduled tasks
Upgrading Password Manager
Invitation to Create/Update Profile Task
Reminder to Create/Update Profile Task
Reminder to Change Password Task
Active Directory Sites
Maximum Password Age Policy Task
User Status Statistics Task
Clear Old Records from Reporting Database
Environment Health Checker Task
Update RADIUS server status
Web Interface customization
Instance reinitialization
Realm Instances
Domain Connections
Using domain connections
Specifying access account for domain connections
Changing the access account for domain connections
Specifying advanced settings for domain connection
Removing a domain connection
Extensibility features
RADIUS Two-Factor Authentication
Internal Feedback
Password Manager components and third-party applications
Unregistering users from Password Manager
Bulk Force Password Reset
Fido2 key management
Working with Redistributable Secret Management account
Redistributable Secret Management Service supported platforms
Customizing Redistributable Secret Management log path
Email templates
Upgrade requirements
About Secure Password Extension
Upgrading multiple instances of Password Manager
Upgrading Password Manager
Administrative Templates
In-place upgrade from 5.8.2 or later versions to 5.13.2
Manual upgrade from 5.9.x or later versions
Running the Migration Wizard
Modifying the service account
Converting Q&A Profiles
Upgrading Secure Password Extension
Upgrading Password Policy Manager
Installing Administrative Templates
Configuring Administrative Templates
Updating Administrative Templates
Removing Administrative Templates
Secure Password Extension
Configuring access to the Self-Service Site from the Windows login screen
Deploying and configuring Secure Password Extension
Password Policies
Deploying Secure Password Extension
Configuring Secure Password Extension
Managing Secure Password Extension using Administrative Templates
Uninstalling Secure Password Extension
About Password Policies
Installing Password Policy Manager
Uninstalling Password Policy Manager
Creating and Configuring a Password Policy
Managing Password Policy scope
Deleting a Password Policy
Enable 2FA for administrators and helpdesk users
Reporting
Reporting and User Action History overview
Password Manager integration
Accounts used in Password Manager
Using Reports
User Action History
Managing Connections to SQL Server and Report Server
Setting up Reporting environment
Best practices for configuring Reporting Services
Password Manager Service account
Application pool identity
Domain management account
Password policy account
Account for using One Identity Quick Connect
Open communication ports for Password Manager
Customization options overview
Customization of steps in Legacy Self-Service, Password Manager Self-Service Site, and Helpdesk Tasks
Email notification customization
User agreement customization
Account search options customization
Web Interface customization
Customization of Password Policies list
Customization of Password strength meter
Customization of user name
Feature imparities between the legacy and the new Self-Service Sites
Third-party contributions
Glossary
reCAPTCHA overview
How reCAPTCHA works
reCAPTCHA V2 is a free CAPTCHA service provided by Google. You can use it to protect the Self-Service from bots attempting to access restricted areas.
As reCAPTCHA uses images that optical character recognition software has been unable to read, it provides a secure protection for websites.
-
A user opens the Self-Service Site.
-
The user’s browser sends the site key obtained during registration on the reCAPTCHA V2 site to the Google reCAPTCHA V2 API server and requires the user to select check box indicating the user is not a robot.
-
Use this activity to verify reCAPTCHA on the Self-Service Site. User must select the I'm not a robot check box before beginning a workflow. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This feature provides enhanced protection against automated attacks.
-
The token and the secret key (obtained during registration on the reCAPTCHA V2 site) are then transferred to the Google reCAPTCHA V2 Verify server to be checked. After checking the response, the reCAPTCHA V2 server sends a reply back to the Password Manager server.
-
If the response is correct, the user is granted access to further steps on the Password Manager site.
How to use reCAPTCHA V2 on Password Manager sites
Password Manager architecture > reCAPTCHA overview > How to use reCAPTCHA V2 on Password Manager sites
To display reCAPTCHA V2 on the Self-Service Site, include the Display reCAPTCHA activity in required workflows. To require users to respond to a reCAPTCHA V2 challenge before authentication, place the Display reCAPTCHA activity before any authentication activity in a workflow designer.
For more information on using reCAPTCHA in workflows, see Display reCAPTCHA.
You can also use reCAPTCHA on the Find Your Account page of the Self-Service Site and require users to respond to the reCAPTCHA V2 challenge before searching for their accounts. For more information, see Configuring Security Settings.
System requirements for using reCAPTCHA
To be able to use reCAPTCHA V2 on the Password Manager sites, make sure the following requirements are met:
-
The Self-Service Site has access to the address: http://www.google.com/recaptcha/api/siteverify