Support for MFA logins

Multi factor authentication (MFA) is a layered approach to authentication that requires users to provide two or more forms of identification to log into an application. For example, in addition to entering a password, a user may have to enter a one-time code from an authenticator app on their phone to successfully log in.

Mabl supports automating tests for applications that use the following types of MFA:

• Time-based one-time password (TOTP) authentication
• Email one-time password (OTP) authentication

Read on to learn more about each type of MFA and how you can automate it in your mabl tests.

Time-based one-time password authentication

In an application that uses time-based one-time password (TOTP) authentication the user provides two forms of authentication:

• A regular password
• An additional temporary code generated from a TOTP authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy

The temporary code in the authenticator app is only valid for a set period of time, such as 30 seconds. When the code expires, the authenticator app generates a new temporary code.

📘

Early access program

Support for TOTP authentication is currently available as an early access program. To enable this feature for your workspace, toggle on "MFA Authenticator" on the Labs page: Settings > Labs.

Prior to general availability, functionality is subject to change. We highly encourage early access participants to share feedback with their customer success manager or in the mabl Product Portal.

You can test applications that use TOTP authentication by creating mabl credentials and adding an MFA Authenticator code step to your browser test to insert the temporary code. Here's how it works:

Create new credentials

📘

Permissions

Only workspace owners and editors can create mabl credentials.

Before creating mabl credentials for MFA, enable MFA in your app and get a screenshot of the QR code from the application under test. Alternatively, you may use the secret key.

Then, when you're ready, take the following steps:

1. Open the Credentials page: Configuration > Credentials.
2. Click on + New credentials.
3. Give the credential set a name. Optionally, you can also add a description.

👍

Adding a description

Adding a description gives your team more context about the credentials and makes collaboration easier.

4. Enter the username and password.
5. Set up an MFA code by doing one of the following:
   • Enter the secret text code in the MFA Authenticator secret code field.
   • Click on the Authenticator QR Code button and upload a screenshot or image of the QR code.

6. Click Save to create the credentials.

The type of the new credentials is "basic with MFA." Moving forward in this guide, we'll refer to these credentials as "MFA credentials."

You can view your MFA credentials in Configuration > Credentials. The MFA (TOTP) authenticator code refreshes every 30 seconds.

Launch the mabl Trainer

After creating MFA credentials, you're ready to train an MFA login in the Trainer! Make sure the browser test is associated with the MFA credentials you just created:

New browser test: In the browser test creation form, toggle on Show advanced options and select the MFA credentials you intend to use. Alternatively, associate the test with a plan that is associated with those credentials.

Existing browser test: Click the Edit test button and select "Launch Trainer." In the Edit Test Configuration modal, select the MFA credentials you intend to use.

Train the MFA login

With the application login page open in the mabl Trainer and the Record button on, take the following steps:

1. Input the variable app.defaults.username in the username field. This variable is the username from the MFA credentials.
2. Input the variable app.defaults.password in the password field. This variable is the password from the MFA credentials.
3. When the application prompts you for an MFA code, click on the plus sign to add a step.

4. Select MFA Authenticator code. The Trainer prompts you to select an input on the browser window.
5. Click on the input field where you want to insert the authenticator code. The Trainer inserts the authenticator code into the input field.

6. Submit your login. To ensure that the login is successful, record steps to complete the login immediately after the MFA authentication step. After 30 seconds, the temporary authentication code is invalid.

📘

Unified Runner support

MFA authenticator steps are only supported on tests that run on the Unified Runner.

Email one-time password authentication

In an application that uses email one-time password (OTP), the user enters their username and password and requests a verification code. The application sends a verification code to the user's registered email address, and the user enters that verification on the application to finish logging in.

You can test applications that use email OTP login with a mabl mailbox email address.

📘

Note

Since mabl mailbox email addresses do not persist between tests, you need to register for an account and log into the app within the same test.

To automate an email OTP login in the mabl Trainer, take the following steps:

1. Create a new variable: {x} > Create a new variable.
2. Set the variable source to "mabl mailbox address."

3. Give the variable a name and save.
4. Register as a new user on the application using the mabl mailbox email address you just created.
   • Insert the mabl mailbox variable in the email field: {x} > Use an existing variable
   • Create a password.
   • Register.
5. Log into the application again with your mabl mailbox email address
6. Open the mabl Mailbox: + (Add step) > Mailbox.
7. Open the email from the application with the verification code.

8. Create a new variable: {x} > Create a variable.
9. Set the variable source to "Element property"
   10 Click on the element that contains the verification code in the email.

11. Give the variable a name, such as verification_code, and save.
12. Enter the verification_code variable in the application.
13. Complete the login.

📘

MFA limitations

Mabl does not support automating login for apps that use Webauthn or FIDO, such as USB Yubikeys.

SMS 2FA is not supported, but if you are comfortable creating and maintaining JavaScript snippets, you may try this workaround from the mabl snippet repo to implement SMS 2FA: getLatestTwilioSms.js.