In an application that uses time-based one-time password (TOTP) authentication, the user provides two forms of authentication:
- A regular password
- An additional temporary code generated from a TOTP authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy
This article explains how to train a login flow for an application that requires a temporary code from an authenticator app, also known as TOTP authentication.
Create new credentials
Only workspace owners and editors can create mabl credentials.
Before creating mabl credentials for MFA, enable MFA in your app and get a screenshot of the QR code from the application under test. Alternatively, you may use the secret key.
Then, when you're ready, take the following steps:
- Open the credentials page: Configuration > Credentials.
- Click on + New credentials.
- Give the credential set a name. Optionally, you can also add a description.
Adding a description gives your team more context about the credentials and makes collaboration easier.
- Enter the username and password.
- Set up an MFA code by doing one of the following:
- Enter the secret text code in the MFA Authenticator secret code field.
- Click on the Authenticator QR Code button and upload a screenshot or image of the QR code.
Adding MFA credentials
- Click Save to create the credentials.
The type of the new credentials is "basic with MFA." Moving forward in this guide, we'll refer to these credentials as "MFA credentials."
You can view your MFA credentials in Configuration > Credentials. The MFA (TOTP) authenticator code refreshes every 30 seconds.
Viewing MFA credentials
Launch the mabl Trainer
After creating MFA credentials, you're ready to train an MFA login in the Trainer! MFA credentials are supported for by browser and mobile tests.
New test: In the test creation form, expand Optional configurations and select the MFA credentials you intend to use. Alternatively, associate the test with a plan that is associated with those credentials.
Adding credentials to a new test
Existing test: Click the Edit test button and select "Launch Trainer." In the Edit Test Configuration modal, select the MFA credentials you intend to use.
Configuring credentials for an existing test
Train the MFA login
With the application login page open in the mabl Trainer and the Record button on, take the following steps:
- Input the variable
app.defaults.username
in the username field. This variable is the username from the MFA credentials. - Input the variable
app.defaults.password
in the password field. This variable is the password from the MFA credentials. - When the application prompts you for an MFA code, click on the plus sign to add a step.
Adding a step
- Select MFA Authenticator code. The Trainer prompts you to select an input on the browser window.
- Click on the input field where you want to insert the authenticator code. In mobile tests, you can use the authenticator code in either a browser or native app text field.
Entering the temporary code
- Submit your login. To ensure that the login is successful, record steps to complete the login immediately after the MFA authentication step. After 30 seconds, the temporary authentication code is invalid.