2978723 - CAPTCHA, Email Verification and Tokens in Email Templates - 2H 2020 Update and Recommendations for Customers - Recruiting

This article provides you with information about the CAPTCHA feature that will be turned on for most customers during the deployment of 2H 2020 release.  Additionally, there are immediate recommended actions for CAPTCHA, Email Verification and tokens used in Email Templates.

• SAP SuccessFactors Recruiting Management (RCM)
• SAP SuccessFactors Recruiting Marketing (RMK)

Recommendation: Turn on CAPTCHA

CAPTCHA is used to differentiate between real users and automated users, such as BOTs.  Enable CAPTCHA now and benefit from the additional protection it provides from BOT attacks.  Complete the below steps to activate CAPTCHA:

• Turn it on now by going to Admin Center > Manage Recruiting Settings > Career Site > ‘Disable CAPTCHA on the External Career Site for Account Creation’ and unchecking the checkbox
  • If desired and for a more secure set up, you can also enable CAPTCHA for candidates who are logging in subsequently, by checking ‘Enable CAPTCHA on the External Career Site for Account Login'   

IMPORTANT NOTE: SAP will turn on CAPTCHA for all customers during the 2H 2020 release, with exception to customers who have career sites in the Chinese locale. 

Recommendation: Removing Tokens from Emails

Remove the following tokens from the password reset email template. This will prevent bots from using these fields to send messages out using the reset password function.

• Candidate First Name
• Candidate Last Name
• Candidate Full Name
• Career site Username

I don't want to enable CAPTCHA. How should I proceed?

• You should disable CAPTCHA by going to Admin Center > Manage Recruiting Settings > Career Site > ‘Disable CAPTCHA on the External Career Site for Account Creation’ and check the checkbox
• Turn on Email verification

Recommendation: Activate Email Verification

If you don’t turn on CAPTCHA, then we recommend that you turn on email verification. Doing this will keep newly created accounts in an inactive status and prevent the welcome message from going out without a valid email address. It will not prevent BOTs from creating these accounts and using the reset password function to send messages out.

Complete the below steps to activate email verification:

• Turn it on by going to Admin Center > Recruiting Email Triggers > Career Site E-Mail Notification.  Click on ‘Enable’ checkbox to turn on. 
• Create an email template with appropriate translations for the Email Verification message by going to Admin Center > Manage Recruiting Email Templates.
• Create a new template, give it a name, enable it, give it a subject and body of the email. 
• Save your changes.  See the example email template in Sample Email Verification Template section.
  • Make sure the template for email verification doesn’t include the following tokens
    • Candidate First Name
    • Candidate Last Name
    • Candidate Full Name
    • Career site Username 

IMPORTANT NOTE: If you don’t have CAPTCHA or email verification turned on, remove the same tokens from the Welcome message.  This prevents BOTS from using those fields to send messages out by registering new accounts.

Remove the tokens following the below steps:

• Go to Admin Center > Manage Recruiting Email Templates.
• Edit the email templates, and in the body of the email, remove the above-mentioned tokens if used.
• Save your changes.

Sample Email Verification Template

2684185 - CAPTCHA and Email Verification - Recruiting

2860175 - Email Verification for Career Site - Recruiting Management

Bot Attack, CAPTCHA, Email Verification, Tokens, Candidate Profile , KBA , LOD-SF-RCM-CAN , General Candidate Issues (not Offers, not Profiles) , Problem