Many testing scenarios require logging into an application before validating its functionality. In mabl, you can automate logins by recording steps in the Trainer. When these tests run in the cloud, they always start with a fresh instance. This means that every test that validates a logged-in interaction has to authenticate independently because session data, such as cookies or cache, don’t persist to subsequent runs in the same plan.
In mabl, you can use flows to simplify this process: train the login for your app once and reuse it across other tests that require the same type of login. Login flows help you add test coverage faster and reduce the need to maintain login steps separately for every test.
This article outlines best practices for creating and managing login flows in your mabl tests:
Example of a login flow in the mabl Trainer
Assert on login
As a best practice, add an assertion step after logging in to confirm that the login was successful.
Use test credentials
mabl stores your data securely, encrypting credentials with a workspace-specific encryption key. To further ensure that your applications are secure, we recommend the following:
- Create test credentials in your application to use for your mabl tests
- Avoid using credentials that reveal personally identifiable information in your mabl tests
Identify an approach for credentials
The primary way to log into your application is with mabl credentials. mabl credentials are a special class of variables that are configured at the workspace level and passed in at run time.
We recommend creating login flows with mabl credentials for the following reasons:
- Workspace owners can assign user roles to manage access to mabl credentials, including the ability to restrict access to specific users with resource groups.
- mabl credentials are not readily visible in your flows and tests.
- mabl credentials have an extra layer of encryption within mabl.
- You can save mabl credentials as cloud credentials for extra security.
Support for MFA logins
If your application uses multi factor authentication, see our options for MFA logins.
Alternative approaches to credentials
mabl credentials have two limitations:
- You cannot configure mabl credentials per environment.
- Plans can only use one set of mabl credentials.
In the event that a plan requires different credentials per environment or multiple sets of credentials, you may consider one of the alternative approaches outlined in the following table:
| Approach | Details | Limitations |
|---|---|---|
| Environment variables | Add credentials as environment variables and use in tests that run in multiple environments. | Any member of the workspace can see the values in the test output. |
| Designated login flows | Create login flows with hard-coded credentials for specific roles and use in tests as needed. | Any member of the workspace can see the values in the test output. Also, you cannot update these credential values outside of the mabl Trainer. |
| DataTables | Run a test multiple times with a different set of credentials each time. | If you need to access additional DataTable variables in a test run besides credentials, you need to add those variables to the same DataTable that contains the credentials. |
Establish naming conventions for login flows
Establishing a naming convention for login flows makes it easier for other members of your team to reuse flows and helps you avoid doubling your efforts.
Helpful pieces of information may include user role and the application. For example:
- User login - main app
- Admin login
- Employee login - HR portal
Limitations to automating login
mabl does not support automating login for apps that use the following anti-automation countermeasures:
- reCAPTCHA or CAPTCHA
- NTLM
Anti-automation countermeasures are commonly used by social identity providers, such as Google, Apple, Facebook, LinkedIn, and GitHub. When testing applications that use social identity providers, consider using an alternative means to expose login to the application, such as one of the following:
- Using username/password login instead
- Exposing special login tooling in your testing environments for automation users
- Using provider supplied tooling for testing automation, such as Service Accounts + Google IAP
The mabl Trainer does not support automating logins to Google.