You can now configure Multi-Factor Authentication (MFA), CAPTCHA protection, and email verification in your Revelator Pro white-label instance. These settings add an extra layer of security to your login and form submission workflows, helping reduce unauthorized access and suspicious activity.
This guide covers how to activate each option, where to configure it, and what the key terms mean.
1. Multi-Factor Authentication (MFA)
Multi-Factor Authentication allows you to require an extra step for users logging in, such as entering a code from an authenticator app or email.
How to Enable MFA
Go to your White Label Admin Panel → Security tab.
Under Multi-Factor, select one of the following policies:
- Disabled: No additional challenge is required.
- Enabled: A challenge is required if an eligible method is configured.
- Required: Users must configure an MFA method to log in.
Turn on your preferred authentication methods:
- Authenticator App
- Email Verification
Note: At least one MFA method must be enabled to apply a challenge.
2. CAPTCHA Settings
CAPTCHA helps determine whether the user is human, protecting your platform from automated spam or abuse.
How to Enable CAPTCHA
- Under the Captcha Settings section in Security:
- Toggle Activation to “Enabled”.
- Choose a CAPTCHA method:
- Google reCAPTCHA v2 or
- hCaptcha (if supported by your instance).
- Enter the Site Key and Secret Keyfor the selected CAPTCHA provider.
- These keys are generated directly in the provider’s admin console:
You must create and register your domain with the selected provider to receive valid keys.
What is “Threat Score Threshold”?
If using Google reCAPTCHA v3 or hCaptcha with risk scoring, you can set a Threat Score Threshold.
This is a numerical score (typically from 0.0 to 1.0) used to evaluate how likely an interaction is human or automated. A lower score means higher suspicion.
Example:
If your threshold is set to 0.2, any interaction scoring below 0.2 will be treated as suspicious and could be blocked or require additional verification.
Best practice:
Set the threshold based on your tolerance for false positives. A stricter threshold (e.g. 0.5) catches more bots but may flag legitimate users.
References:
3. Email Verification Settings
You can choose whether users must verify their email address before accessing the platform.
How to Enable Email Verification
- In the Email Verification Settingssection:
- Toggle Verify Email to “Enabled”.
- Users will receive an email to confirm their address before gaining access.
4. Save Your Settings
After configuring the above options:
- Click Save Changes at the bottom of the Security page.
- Test login behavior to ensure everything works as expected.
FAQ
Where do I get my CAPTCHA Site Key and Secret Key?
You must register your platform’s domain with a CAPTCHA provider (Google or hCaptcha). After registering, you will receive a Site Key and Secret Key to paste into the settings.
- Google reCAPTCHA: recaptcha.google.com
- hCaptcha: dashboard.hcaptcha.com
What does “Threat Score Threshold” mean?
This sets the minimum acceptable score for user interactions. If the CAPTCHA provider returns a score below your threshold, the system may block access or challenge the user.
The score is a measure of risk, with:
- 0.0 = very likely a bot
- 1.0 = very likely a human
If you’re unsure, a threshold of 0.3 to 0.5 is commonly used.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article