Introduction

A CAPTCHA is a challenge-response mechanism that tries to determinate whether or not a user is human. It helps to prevent attackers from creating unnecessary load or from trying to automatically extract data out of your system. There CoreOne Authentication Server supports two suppliers of CAPTCHA technology. One is the widely used reCaptcha by Google and the other is the more privacy oriented hCaptcha.

You can enable the use of a captcha in the SSO Settings.

Back Channel Communication

If you enable a CAPTCHA, you must be aware that for the verification the Authentication Service needs to be able to communicate via back channel to the appropriate supplier. You can achieve this by enabling internet traffic on those machines, or by whitelisting the following addresses.

Google reCaptcha

hCaptcha