Pega Platform provides CAPTCHA validation on login as one of the options on the Security Policies landing page. A CAPTCHA (or Reverse Turing Test) creates a challenge that is easy enough for a human user to meet, but which is likely to defeat standard automated software.
For most implementations the default CAPTCHA provided in Pega Platform will provide satisfactory service. However, if you already use another CAPTCHA service (perhaps one your team has developed) in other applications, and would prefer to deploy it for PRPC, you can do so following the steps below. You can also adjust the display of the default CAPTCHA to better match the need of both system security and valid users who wish to log in.
To use any of the options below, you need to create a ruleset and an access group to serve unauthenticated visitors to the site. You use the same ruleset for CAPTCHA refinements and for updates to the images on the login screen.
- Fine-tuning the display and function of the CAPTCHA default
You can enable or disable the presentation of a CAPTCHA appears to those attempting to log in. You can fine-tune the details of the CAPTCHA, including how many characters drawn from what character set and what sort of background for the image.
- Substituting another service for the default CAPTCHA
Pega Platform uses the SimpleCaptcha service by default. You can choose to use another third-party service, or a solution you have developed in-house.
- Substitute a third-party service
Third-party CAPTCHA services provide extensive user guidance: review the documentation of the service you wish to use.
- Substitute a solution developed in-house
If your team has developed its own CAPTCHA solution, you can use that instead of the default SimpleCaptcha.