TOTPs For Multi-Factor Authentication (MFA) in Browser Test

TOTPs For Multi-Factor Authentication (MFA) in Browser Test

Overview

Multi-factor authentication methods such as TFA and MFA help protect your applications against unauthorized access, however, these methods can make testing features more difficult.

Datadog Synthetic MFA global variables allow you to test your application’s TOTP-based MFA modules and critical user journeys without disabling critical security measures or manually entering authentication codes with disparate tools. You do not need to create or maintain dedicated environments to test MFA-enabled user journeys.

Store your secret key or QR code in a global variable

Create a global variable where you enter a secret key or upload a QR code from your authentication provider. In the Global Variables tab of your Settings page, click Create Global Variable.

  1. In Choose variable type, select MFA Token.
  2. In Define variable, enter a Variable Name. Your variable name can only use uppercase letters, numbers, and underscores.
  3. Enter a Description for your variable (optional).
  4. Select Tags to associate with your variable (optional).
  5. Enter the Secret Key to your variable or upload a QR code image.
  6. Click + Generate to create a TOTP. You can copy the generated TOTP with the Copy icon.
  7. In Permissions settings, restrict access to your variable based on roles in your org. For more information about roles, see the RBAC documentation.
RBAC restrict access to global variables is in beta. To request access, contact Datadog support.

TOTP in Synthetic tests

You can use the secret key or QR code stored in a global variable across all your Synthetic tests. When creating a browser or API test, inject the TOTP generated from the secret key or QR code stored in the global variable to verify your application’s authentication workflow.

To use TOTP in your browser tests:

  1. Import your global variable.
  2. When recording your test, click the Hand icon to generate a TOTP.
  3. In your test browser application, click in a field to paste the TOTP. Injecting the computed code into your test creates another test step.
  4. After recording your test steps, click Save & Launch Test.

Further Reading