Introduction
Captcha functionality is now available to enhance the security of external entry points into Connexys, for example, Application Forms.
Google offers reCAPTCHA (v3 and v2) to help you protect your sites from fraudulent activities, spam, and abuse.
For Connexys, we have implemented support for Captcha V2 where users must tick a check box on external entry points. Captcha can currently be enabled in the following places
- cxsApplyFormExample
- cxsSearchApply
- cxsJobAlertRegister
This guide should be used as a reference for the steps required to add Captcha functionality to your Connexys Application:
- Google Account Configuration
- Connexys Configuration
Prerequisites
- A Google/Gmail account. This can be created specifically for this purpose, and need not be your normal email address used with your Connexys account.
- You will need to provide your Connexys domain for the setup process. If you are unsure of this, your System Administrator or Bullhorn Technical support can verify it for you.
1. Google Account Configuration
The Google reCAPTCHA V2 toolset requires a Google account to function. If you do not already have a Google account, you can create one specifically for this task.
Google's reCAPTCHA V2 account is provided by Google at no charge for up to one million monthly requests. Please consider this when deciding whether to add this functionality.
General information on this tool, including details on advanced pricing can be found at: https://www.google.com/recaptcha/about/.
To proceed, navigate to https://www.google.com/recaptcha/admin/create. You will need to fill out the form as follows:
- Label – Informal naming of your Site. The recommendation is to use the format: “Your Company Name” Captcha.
- reCAPTCHA type – Choose reCAPTCHA V2 and select the option ‘I’m not a robot’ Checkbox. Other Captcha versions are not supported at this time.
- Domains – Enter the URL of the page to add Captcha to here, and press ENTER or click the + symbol as seen below to confirm it.
Please note:
- Your domain may look something like this (held in Site URL from Setup ->Sites) testsfcs1-resourcemanagertest-555f60.cs160.force.com
- Do not include https:// or the trailing / as it will not let you save it with those components.
- Multiple domains/pages can be entered if you ever need to add this functionality to other sites.
4. Owners – Your email will default to this field, but you can add any others that may need to have access.
5. Accept the reCAPTCHA Terms of Service – Google’s Privacy Policy, Terms of Use, and Terms of Service are linked for you to review and accept.
6. Send Alerts to owners – This will send alerts for problems such as misconfiguration or increases in suspicious activities to the owners listed above.
7. Submit – Press to continue, or Cancel to not save the above choices. Once you have submitted the form with no error, you will be taken to the confirmation screen acknowledging your site has been registered.
8. You will see a message with the label name of your company stating it has been registered.
9. The SITE KEY and SECRET KEY are listed in two separate fields.
10. Copy both Keys for later use or to provide to Bullhorn Technical Support.
11. The GO TO SETTINGS button will take you back to edit any of the above fields/choices.
12. The GO TO ANALYTICS button will take you to the home page for your Captcha account. It will report on requests made using your new Captcha functionality.
Note: You can remove your site/page from this feature by editing it in the Settings, but we would recommend disabling it in the Settings first to prevent poor experiences and login failures for anyone trying to log in while the Site and/or Secret Keys are no longer linked to your site.
2. Connexys Configuration
1. Once you have completed the Google account configuration, you will get a Captcha Site key and a Captcha Secret key. These must be copied to Custom Settings > Global settings > reCAPTCHA Secret Key and reCAPTCHA Site Key. These settings are unavailable for our clients; contact Support to request any changes.
2. To enable Captcha for JS form, additional parameters should be added to cxsForm creation:
useCaptcha:'{!captcha.useCaptcha}', captchaSiteKey:'{!JSENCODE(captcha.siteKey)}', captchaRemoteHost:'{!JSENCODE(remoteHost)}'
So cxsForm initializations should look like this:
cxsForm.init({ prefix:"{!JSENCODE(packagePrefix)}", target:"#cxsFormHolder", server:myServer, jobId:"{!JSENCODE(positionId)}", eventId:"{!JSENCODE(eventId)}", candidateId:"{!JSENCODE(candidateId)}", jobAppId:"{!JSENCODE(applicationId)}", accessKey:"{!JSENCODE(accessKey)}", lang:'{!JSENCODE(lang)}', googleMapsApiKey:'{!JSENCODE(googleMapsApiKey)}', useCaptcha:'{!captcha.useCaptcha}', captchaSiteKey:'{!JSENCODE(captcha.siteKey)}', captchaRemoteHost:'{!JSENCODE(remoteHost)}' });
NOTE: If Captcha keys are not added to Global Settings Captcha, the checkbox will not be shown on sites/ pages
3. Lastly, add the end point - https://www.google.com/recaptcha/api/siteverify in SetUp > Security > Remote site settings. Without this endpoint, users may see the error message: