MFA authenticator logins

In an application that uses time-based one-time password (TOTP) authentication, the user provides two forms of authentication:

• A regular password
• An additional temporary code generated from a TOTP authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy

This article explains how to set up and train a login flow in mabl using TOTP authentication.

Create MFA credentials

Before starting, make sure you have a secret key or a screenshot of the QR code from your application's MFA setup screen.

1. Open the credentials page: Configuration > Credentials and click + New credentials.
2. Give the credential set a name. Optionally, you can also add a description.
3. Enter the username and password.
4. Toggle on Add MFA Authenticator to configure MFA: Either paste the secret text code into the MFA Authenticator secret code field or upload your QR code image using the Authenticator QR Code button.
5. Click Save.

You can view your MFA credentials in Configuration > Credentials. The MFA (TOTP) authenticator code refreshes every 30 seconds.

Associate credentials with your test

Before launching the mabl Trainer, associate your MFA credentials with the browser or mobile test:

• New test: In the test creation form, expand Optional configurations and select the MFA credentials you intend to use. Alternatively, associate the test with a plan that is associated with those credentials.
• Existing test: Click the Edit test button and select "Launch Trainer." In the training configuration modal, select the MFA credentials you intend to use.

Train the MFA login

With the application login page open in the mabl Trainer and the Record button on, take the following steps:

1. Enter the username: input the variable app.defaults.username. This variable is the username from the MFA credentials.
2. Enter the password: input the variable app.defaults.password in the password field. This variable is the password from the MFA credentials.
3. Add the MFA step: When the application prompts you for an MFA code, add an MFA authenticator step: + (Add step) > MFA Authenticator code.
4. Input authenticator code: in the browser window or mobile app page view, click on the input field where you want to insert the authenticator code. In mobile tests, you can use the authenticator code in either a browser or native app text field.
5. Login immediately: submit your login immediately after adding the MFA authenticator step. After 30 seconds, the temporary code is invalid.