Configure reCAPTCHA Enterprise on Google Cloud Platform
You can use Google reCAPTCHA Enterprise as a service for bot detection for traffic exceeding 1 million assessments per month. Before you enable reCAPTCHA Enterprise, you must generate the required keys on Google Cloud Platform (GCP), and then enter those values into your tenant configuration in the Auth0 Dashboard. To learn how to configure reCAPTCHA Enterprise on GCP, you can also read the Google documentation.
Follow these steps to obtain the required keys to configure Auth0 bot detection to use reCAPTCHA Enterprise.
Locate your GCP project ID.
Enable reCAPTCHA Enterprise.
Create a site key.
Create an API key.
Locate your GCP project ID
Go to your Google Cloud Dashboard.
Click on the name of your project in the drop-down menu to see the corresponding project ID.
Make a note of the project ID to use in the Auth0 Dashboard.
Enable reCAPTCHA Enterprise
On the Google Cloud Dashboard, enter reCAPTCHA Enterprise API in the search bar and click on it in the results.
Click Enable to enable the API.
Create a site key
On the Google Cloud Dashboard, enter reCAPTCHA Enterprise in the search bar and click on it in the results.
Click Create Key.
Under Domain list, add your Auth0 tenant domain.
Toggle on Disable domain verification.
Toggle on Use checkbox challenge to enable Google's "I am not a robot" verification checkbox.
Under Challenge Security, choose a difficulty level for the challenge.
Click Create Key.
Make a note of the site key ID to use in the Auth0 Dashboard.
Create an API key
On the Google Cloud Dashboard, enter Credentials in the search bar and choose that option.
Select Create Credentials > API Key. Make a note of the API key ID to use in the Auth0 Dashboard.
In pop-up, select Edit Key.
Under Application Restrictions:
If you choose None and don't restrict the key, then any application can call the reCAPTCHA Enterprise API without restrictions; however, this option isn't the most secure.
If you choose IP addresses (web servers, cron jobs, etc.), then enter Auth0 IP Addresses for Allow Lists. This option is the most secure.
Under API Restrictions, select Restrict Key, and then reCAPTCHA Enterprise API from the drop-down list, and click OK.