Multi factor authentication (MFA) is a layered approach to authentication that requires users to provide two or more forms of identification to log into an application. For example, in addition to entering a password, a user may have to enter a one-time code from an authenticator app on their phone to successfully log in.
Mabl supports automating tests for applications that use the following types of MFA:
- Time-based one-time password (TOTP) authentication
- Email one-time password (OTP) authentication
Time-based one-time password authentication
In an application that uses time-based one-time password (TOTP) authentication, the user provides two forms of authentication:
- A regular password
- An additional temporary code generated from a TOTP authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy
The temporary code in the authenticator app is only valid for a set period of time, such as 30 seconds. When the code expires, the authenticator app generates a new temporary code.
To learn how to automate a login that uses TOTP authentication, see the article on MFA authenticator login.
Email one-time password authentication
In an application that uses email one-time password (OTP), the user enters their username and password and requests a verification code. The application sends a verification code to the user's registered email address, and the user enters that verification code on the application to finish logging in.
To learn how to automate a login that uses TOTP authentication, see the article on logging in with an email verification code.
Mabl does not support automating login for apps that use the following:
- Okta Verify QR Codes
- FIDO, such as USB Yubikeys